https://isc.sans.edu/podcast.html#stormcast en-us (c) SANS Institute 2026 This work is licensed under a Creative Commons License - Attribution-NonCommercial-ShareAlike - https://creativecommons.org/licenses/by-nc-sa/4.0/ Fri, 17 Apr 2026 02:00:02 GMT Fri, 17 Apr 2026 02:00:02 GMT https://isc.sans.edu/images/podcast3000.jpg https://isc.sans.edu/podcast.html#stormcast Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday. Daily update on current cyber security threats Johannes B. Ullrich A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html . A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html . SANS ISC Handlers handlers@isc.sans.edu episodic no Dr. Johannes B. Ullrich full 9896 SANS Stormcast Friday, April 17th, 2026: DVRs Again; Cisco Again; Windows Defender Again; Sonatype Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, April 17th, 2026: DVRs Again; Cisco Again; Windows Defender Again; Sonatype https://traffic.libsyn.com/securitypodcast/9896.mp3 https://isc.sans.edu/podcastdetail/9896 Fri, 17 Apr 2026 02:00:02 GMT Compromised DVRs and Finding Them in the Wild
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Compromised%20DVRs%20and%20Finding%20Them%20in%20the%20Wild/32886
Cisco ISE RCE Vulnerability and WebEx Auth Bypass CVE-2026-20184 CVE-2026-20180 CVE-2026-20186
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL
Windows Defender 0-Day (RedSun)
https://github.com/Nightmare-Eclipse/RedSun
Sonatype Vulnerability CVE-2026-5189
https://support.sonatype.com/hc/en-us/articles/50817138825491-CVE-2026-5189-Nexus-Repository-3-Hardcoded-Credential-in-Internal-Database-Component-2026-04-15
]]> 5:56 sonatype, windows, defender, hardcoded, password, cisco, DVR, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9894 SANS Stormcast Thursday, April 16th, 2026: AI Credential Scans; Microsoft Update Issues; RDP Warnings; GitHub Action Vulns; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, April 16th, 2026: AI Credential Scans; Microsoft Update Issues; RDP Warnings; GitHub Action Vulns; https://traffic.libsyn.com/securitypodcast/9894.mp3 https://isc.sans.edu/podcastdetail/9894 Thu, 16 Apr 2026 02:00:03 GMT Scanning for AI Models
https://isc.sans.edu/diary/Scanning%20for%20AI%20Models/32896
Microsoft Update Problems
https://support.microsoft.com/en-us/topic/april-14-2026-kb5082063-os-build-26100-32690-c57e289d-27c9-47cd-a183-72fabc62c5d7#:~:text=Known%20issues%20in%20this%20update
Microsoft RDP File Warnings
https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/remotepc/understanding-security-warnings
AI GitHub Action Vulnerabilities
https://oddguan.com/blog/comment-and-control-prompt-injection-credential-theft-claude-code-gemini-cli-github-copilot/
https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/
Wireguard Update
https://lists.zx2c4.com/pipermail/wireguard/2026-April/009561.html
]]> 6:53 wireguard, microsoft, github, action, rdp, updates, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9892 SANS Stormcast Wednesday, April 15th, 2026: Microsoft, Adobe, Fortinet and others Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, April 15th, 2026: Microsoft, Adobe, Fortinet and others Patches https://traffic.libsyn.com/securitypodcast/9892.mp3 https://isc.sans.edu/podcastdetail/9892 Wed, 15 Apr 2026 02:00:02 GMT Microsoft Patch Tuesday April 2026
https://isc.sans.edu/forums/diary/Microsoft%20Patch%20Tuesday%20April%202026./32898/
Adobe Patches
https://helpx.adobe.com/security/Home.html
Fortinet Patches
https://fortiguard.fortinet.com/psirt
]]> 8:32 Fortinet, adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9890 SANS Stormcast Tuesday, April 14th, 2026: EncystPHP Webshell; CPUID Compromise; OpenAI Mac Cert Issue; Axios Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, April 14th, 2026: EncystPHP Webshell; CPUID Compromise; OpenAI Mac Cert Issue; Axios Vulnerability https://traffic.libsyn.com/securitypodcast/9890.mp3 https://isc.sans.edu/podcastdetail/9890 Tue, 14 Apr 2026 02:00:02 GMT Scans for EncystPHP Webshell
https://isc.sans.edu/diary/Scans%20for%20EncystPHP%20Webshell/32892
CPUID Compromise
https://securelist.com/tr/cpu-z/119365/
https://x.com/d0cTB/status/2042520961824559150
OpenAI Mac Application Update due to Axios Compromise
https://openai.com/index/axios-developer-tool-compromise/
Axios Vulnerability CVE-2026-40175
https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx
]]> 6:53 axios, openai, mac, cpuid, encystphp, webshell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9888 SANS Stormcast Monday, April 13th, 2026: Obfuscated JavaScript; Numbers in Passwords; Adobe Patches 0-Day; ClickFix Fix Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, April 13th, 2026: Obfuscated JavaScript; Numbers in Passwords; Adobe Patches 0-Day; ClickFix Fix Bypass https://traffic.libsyn.com/securitypodcast/9888.mp3 https://isc.sans.edu/podcastdetail/9888 Mon, 13 Apr 2026 02:00:02 GMT Obfuscated JavaScript or Nothing
https://isc.sans.edu/diary/Obfuscated%20JavaScript%20or%20Nothing/32884
Numbers in Passwords
https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords%3A%20Take%20Two/32866
Adobe 0-Day Patch CVE-2026-34621
https://helpx.adobe.com/security/products/acrobat/apsb26-43.html
ClickFix Bypass via ScriptEditor
https://www.jamf.com/blog/clickfix-macos-script-editor-atomic-stealer/
]]> 6:29 javascript, numbers, obfuscation, passwords, adobe, acrobat, reader, clickfix, macos, scripteditor, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9886 SANS Stormcast Thursday, April 9th, 2026: Honeypot Fingerprinting; Microsoft Locks Developer Accounts; ActiveMQ Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, April 9th, 2026: Honeypot Fingerprinting; Microsoft Locks Developer Accounts; ActiveMQ Vuln; https://traffic.libsyn.com/securitypodcast/9886.mp3 https://isc.sans.edu/podcastdetail/9886 Thu, 09 Apr 2026 02:00:02 GMT Honeypot Fingerprinting
https://isc.sans.edu/diary/More%20Honeypot%20Fingerprinting%20Scans/32878
Microsoft Locks Accounts for Privacy/Encryption Related Developers
https://sourceforge.net/p/veracrypt/discussion/general/thread/9620d7a4b3/ https://news.ycombinator.com/item?id=47687884 https://x.com/windscribecom/status/2041929519628443943
https://windowsforum.com/threads/april-2026-windows-update-ends-cross-signed-kernel-driver-trust.410487/
Remote Code Execution in Apache ActiveMQ (CVE-2026-34197)
https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/
]]> 7:40 apache, activeMQ, microsoft, developers, veracrypt, wireguard, windscribe, fingerprinting, honeypot, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9884 SANS Stormcast Wednesday, April 8th, 2026: Pivoting for Webshells; WatchGuard Firebox Patch; Project Glasswing; Kubernetes Misconfigurations Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, April 8th, 2026: Pivoting for Webshells; WatchGuard Firebox Patch; Project Glasswing; Kubernetes Misconfigurations https://traffic.libsyn.com/securitypodcast/9884.mp3 https://isc.sans.edu/podcastdetail/9884 Wed, 08 Apr 2026 02:00:02 GMT A Little Bit Pivoting: What Web Shells are Attackers Looking for Today?
https://isc.sans.edu/diary/A%20Little%20Bit%20Pivoting%3A%20What%20Web%20Shells%20are%20Attackers%20Looking%20for%3F/32874
WatchGuard Firebox Arbitrary File Write via Path Traversal in Fireware Web UI
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00009
Project Glasswing
https://www.anthropic.com/glasswing
Current Threats Against Kubernetes
https://unit42.paloaltonetworks.com/modern-kubernetes-threats/
]]> 6:13 glasswing, anthropic, watchguard, firebox, pivoting, webshell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9882 SANS Stormcast Tuesday, April 7th, 2026: Redirects in Phishing; Internet Bug Bounty Suspended; Bluehammer; Keycloak MFA Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, April 7th, 2026: Redirects in Phishing; Internet Bug Bounty Suspended; Bluehammer; Keycloak MFA Bypass https://traffic.libsyn.com/securitypodcast/9882.mp3 https://isc.sans.edu/podcastdetail/9882 Tue, 07 Apr 2026 02:00:02 GMT How often are redirects used in phishing in 2026?
https://isc.sans.edu/diary/How%20often%20are%20redirects%20used%20in%20phishing%20in%202026%3F/32870
Hackerone Suspends Internet Bug Bounty
https://hackerone.com/ibb?type=team
https://www.linkedin.com/posts/danielstenberg_hackerone-share-7446667043380076545-RX9b/
Bluehammer Windows 0-day Privilege Escalation
https://github.com/Nightmare-Eclipse/BlueHammer
https://deadeclipse666.blogspot.com/2026/04/public-disclosure.html
https://deepwiki.com/Nightmare-Eclipse/BlueHammer
Keycloak MFA Bypass CVE-2026-3429
https://access.redhat.com/security/cve/cve-2026-3429
]]> 6:55 keycloak, mfa, bluehammer, windows, 0-day, hackerone, phishing, redirects, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9880 SANS Stormcast Monday, April 6th, 2026: TeamPCP Update and Axio Post Mortem; Fortinet 0-Day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, April 6th, 2026: TeamPCP Update and Axio Post Mortem; Fortinet 0-Day https://traffic.libsyn.com/securitypodcast/9880.mp3 https://isc.sans.edu/podcastdetail/9880 Mon, 06 Apr 2026 02:00:02 GMT Team PCP Update and Axios Post Mortem
https://isc.sans.edu/diary/32864
https://github.com/axios/axios/issues/10636
Strapi NPM Packages Compromised
https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent/
Fortinet CVE-2026-35616 exctively exploited
https://fortiguard.fortinet.com/psirt/FG-IR-26-099
]]> 6:09 Fortinet, exploit, 0-day, strapi, npm, teampcp, axios, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9878 SANS Stormcast Friday, April 3rd, 2026: Vite Exploits; OpenSSH 10.3; Claude Code Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, April 3rd, 2026: Vite Exploits; OpenSSH 10.3; Claude Code Vuln https://traffic.libsyn.com/securitypodcast/9878.mp3 https://isc.sans.edu/podcastdetail/9878 Fri, 03 Apr 2026 02:00:02 GMT Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208)
https://isc.sans.edu/diary/Attempts%20to%20Exploit%20Exposed%20%22Vite%22%20Installs%20%28CVE-2025-30208%29/32860
OpenSSH 10.3 Release
https://seclists.org/oss-sec/2026/q2/7
Claude Code Vulnerability
https://adversa.ai/claude-code-security-bypass-deny-rules-disabled/
]]> 5:15 Openssh, vite, claude, code, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9876 SANS Stormcast Thursday, April 2nd, 2026: Script Removing ADS/MotW; Google Chrome 0-Day; iOS/iPadOS 18 Update; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, April 2nd, 2026: Script Removing ADS/MotW; Google Chrome 0-Day; iOS/iPadOS 18 Update; https://traffic.libsyn.com/securitypodcast/9876.mp3 https://isc.sans.edu/podcastdetail/9876 Thu, 02 Apr 2026 02:00:02 GMT Malicious Script That Gets Rid of ADS
https://isc.sans.edu/diary/Malicious%20Script%20That%20Gets%20Rid%20of%20ADS/32854
Google Chrome Update fixes 21 Vulnerabilities and 0-Day
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
Apple Addresses Darksword Vulnerabilities for older devices
https://support.apple.com/en-us/126793
]]> 4:01 apple, ios, darksword, google, chrome, ADS, MotW, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9874 SANS Stormcast Wednesday, April 1st, 2026: Application Control Bypass; Axios NPM Module Compromise; TeamPCP vs Cloud Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, April 1st, 2026: Application Control Bypass; Axios NPM Module Compromise; TeamPCP vs Cloud https://traffic.libsyn.com/securitypodcast/9874.mp3 https://isc.sans.edu/podcastdetail/9874 Wed, 01 Apr 2026 02:05:11 GMT Application Control Bypass for Data Exfiltration
https://isc.sans.edu/diary/Application%20Control%20Bypass%20for%20Data%20Exfiltration/32850
Axios NPM Module Supply Chain Compromise
https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
https://www.linkedin.com/events/7444763050819092480/
TeamPCP vs. Cloud Resources
https://www.wiz.io/blog/tracking-teampcp-investigating-post-compromise-attacks-seen-in-the-wild
]]> 6:48 teampcp, cloud, axios, npm, application conftrol, palo alto, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9872 SANS Stormcast Tuesday, March 31st, 2026: Honeypot Session Lifetime; Let’s Encrypt Tests Mass Revocation; F5 RCE Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, March 31st, 2026: Honeypot Session Lifetime; Let’s Encrypt Tests Mass Revocation; F5 RCE Exploited https://traffic.libsyn.com/securitypodcast/9872.mp3 https://isc.sans.edu/podcastdetail/9872 Tue, 31 Mar 2026 02:00:02 GMT Honeypot Session Lifetime
https://isc.sans.edu/diary/DShield%20%28Cowrie%29%20Honeypot%20Stats%20and%20When%20Sessions%20Disconnect/32840
Let s Encrypt Tests Mass Revocation
https://community.letsencrypt.org/t/lets-encrypt-2026-mass-revocation-simulation/245960
https://www.certkit.io/blog/ari-solves-mass-certificate-revocation
https://www.certkit.io/blog/lets-encrypt-mass-revocation-simulation
F5 Vulnerability Re-Classified (and already exploited) as RCE
https://my.f5.com/manage/s/article/K000156741
]]> 5:13 F5, Lets’ Encrypt, ARI, revocation, honeypot, session, lifetime, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9870 SANS Stormcast Monday, March 30th, 2026: More TeamPCP: telnyx; Netscaler Exploit; macOS ClickFix Fix; Windows Smart Install Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, March 30th, 2026: More TeamPCP: telnyx; Netscaler Exploit; macOS ClickFix Fix; Windows Smart Install https://traffic.libsyn.com/securitypodcast/9870.mp3 https://isc.sans.edu/podcastdetail/9870 Mon, 30 Mar 2026 02:00:02 GMT TeamPCP Update #2: Telnyx PyPi Compromise
https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20002%20-%20Telnyx%20PyPI%20Compromise%2C%20Vect%20Ransomware%20Mass%20Affiliate%20Program%2C%20and%20First%20Named%20Victim%20Claim/32838
Citrix Netscaler Vulnerability Details
https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread/
macOS Clickfix Warning
https://x.com/ClassicII_MrMac/status/2036797948911141129
Windows Smart Install
https://textslashplain.com/2026/03/24/windows-choose-where-to-get-apps/
]]> 8:26 windows, install, smart, citrix, netscaler, teampcp, telnyx, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9868 SANS Stormcast Friday, March 27th, 2026: TeamPCP Update; DarkSword vs Patches; LangFlow Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, March 27th, 2026: TeamPCP Update; DarkSword vs Patches; LangFlow Exploited https://traffic.libsyn.com/securitypodcast/9868.mp3 https://isc.sans.edu/podcastdetail/9868 Fri, 27 Mar 2026 02:00:02 GMT TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available
https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20001%20-%20Checkmarx%20Scope%20Wider%20Than%20Reported%2C%20CISA%20KEV%20Entry%2C%20and%20Detection%20Tools%20Available/32834
DarkSword and This Weeks iOS Updates
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
LangFlow Exploited
https://www.cisa.gov/news-events/alerts/2026/03/25/cisa-adds-one-known-exploited-vulnerability-catalog
]]> 6:13 langflow, darksword, ios, patches, teampcp, checkmarx, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9866 SANS Stormcast Thursday, March 26th, 2026: Apple Patches; SmatApeSG Update; Trivy/LiteLLM/TeamPCP Update; Google Accelerates Quantum Save Crypto Rollout Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, March 26th, 2026: Apple Patches; SmatApeSG Update; Trivy/LiteLLM/TeamPCP Update; Google Accelerates Quantum Save Crypto Rollout https://traffic.libsyn.com/securitypodcast/9866.mp3 https://isc.sans.edu/podcastdetail/9866 Thu, 26 Mar 2026 02:00:02 GMT Apple Patches (almost) everything again. March 2026 edition.
https://isc.sans.edu/diary/Apple%20Patches%20%28almost%29%20everything%20again.%20March%202026%20edition./32830
SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2)
https://isc.sans.edu/diary/SmartApeSG%20campaign%20pushes%20Remcos%20RAT%2C%20NetSupport%20RAT%2C%20StealC%2C%20and%20Sectop%20RAT%20%28ArechClient2%29/32826
Trivy/LiteLLM/TeamPCP Updates
https://www.sans.org/webcasts/when-security-scanner-became-weapon
https://rosesecurity.dev/2026/03/24/sha-pinning-is-not-enough.html
Google Moves Up Quantum Crypto Deadline
https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/
]]> 6:56 trivy, litellm, teampcp, apple, smartapesg, google, quantum, crypto, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9864 SANS Stormcast Wednesday, March 25th, 2026: IP KVM Usage; TeampPCP, Trivy, liteLLM and More Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, March 25th, 2026: IP KVM Usage; TeampPCP, Trivy, liteLLM and More https://traffic.libsyn.com/securitypodcast/9864.mp3 https://isc.sans.edu/podcastdetail/9864 Wed, 25 Mar 2026 02:00:03 GMT ---
Special Webcast about Trivy Supply Chain Attacks
https://www.sans.org/webcasts/when-security-scanner-became-weapon
---
Detecting IP KVM Usage
https://isc.sans.edu/diary/Detecting%20IP%20KVMs/32824
TeamPCP, Trivy, liteLLM, Iran and more
https://www.aikido.dev/blog/teampcp-stage-payload-canisterworm-iran
https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/
https://blog.gitguardian.com/trivys-march-supply-chain-attack-shows-where-secret-exposure-hurts-most/
https://www.sysdig.com/blog/teampcp-expands-supply-chain-compromise-spreads-from-trivy-to-checkmarx-github-actions
]]> 11:54 ipkvm, teampcp, trivy, litellm, checkmarx, supply chain, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9862 SANS Stormcast Tuesday, March 24th, 2026: Tax Scam to EDR Kill; Netscaler Patches; gRPC-Go Authz Bypass; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, March 24th, 2026: Tax Scam to EDR Kill; Netscaler Patches; gRPC-Go Authz Bypass; https://traffic.libsyn.com/securitypodcast/9862.mp3 https://isc.sans.edu/podcastdetail/9862 Tue, 24 Mar 2026 02:00:02 GMT From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill
https://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300
gRPC-Go Authorization bypass via missing leading slash in :path CVE-2026-33186
https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3
]]> 5:41 gRPC, Go, authz, netscaler, citrix, w-2, tax, scam, google, seo, BYOVD, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9860 SANS Stormcast Monday, March 23rd, 2026: GSocket Backdoor in Bash; Oracle Security Alert; Rockwell Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, March 23rd, 2026: GSocket Backdoor in Bash; Oracle Security Alert; Rockwell Attacks https://traffic.libsyn.com/securitypodcast/9860.mp3 https://isc.sans.edu/podcastdetail/9860 Mon, 23 Mar 2026 02:00:02 GMT GSocket Backdoor Delivered Through Bash Script
https://isc.sans.edu/diary/GSocket+Backdoor+Delivered+Through+Bash+Script/32816/#comments
Oracle Security Alert CVE-2026-21992 Released
https://blogs.oracle.com/security/alert-cve-2026-21992
Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet and Harden PLCs to Protect from Cyber Threats
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1771.html
]]> 5:34 rockwell, oracle, gsocket, bash, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9858 SANS Stormcast Friday, March 20th, 2026: Cowrie Strings; MSFT Intune Hardening; Unifi Network Update; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, March 20th, 2026: Cowrie Strings; MSFT Intune Hardening; Unifi Network Update; https://traffic.libsyn.com/securitypodcast/9858.mp3 https://isc.sans.edu/podcastdetail/9858 Fri, 20 Mar 2026 02:00:02 GMT Interesting Cowrie Strings
https://isc.sans.edu/diary/Interesting+Message+Stored+in+Cowrie+Logs/32810
Microsoft Intune Hardening Advice
https://techcommunity.microsoft.com/blog/intunecustomersuccess/best-practices-for-securing-microsoft-intune/4502117
https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization
Unifi Network Update
https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b
]]> 5:45 unifi, ubiquity, microsoft, intune, cowrie, iran, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9856 SANS Stormcast Thursday, March 19th, 2026: Adminer Scans; Apple WebKit Patch; another telnetd vuln; screenconnect vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, March 19th, 2026: Adminer Scans; Apple WebKit Patch; another telnetd vuln; screenconnect vuln https://traffic.libsyn.com/securitypodcast/9856.mp3 https://isc.sans.edu/podcastdetail/9856 Thu, 19 Mar 2026 02:00:02 GMT Scans for "adminer"
https://isc.sans.edu/diary/Scans%20for%20%22adminer%22/32808
Background Security Improvement for WebKit
https://support.apple.com/en-us/126604
Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC)
https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
ScreenConnect 26.1 Security Hardening
https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin
]]> 5:55 screenconnect, connectwise, webkit, adminer, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9854 SANS Stormcast Wednesday, March 18th, 2026: IPv4 mapped IPv6; KVM Vulnerabilities; AWS Bedrock DNS Covert Channel Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, March 18th, 2026: IPv4 mapped IPv6; KVM Vulnerabilities; AWS Bedrock DNS Covert Channel https://traffic.libsyn.com/securitypodcast/9854.mp3 https://isc.sans.edu/podcastdetail/9854 Wed, 18 Mar 2026 11:05:02 GMT IPv4 Mapped IPv6 Addresses
https://isc.sans.edu/diary/IPv4%20Mapped%20IPv6%20Addresses/32804
More IP KVM Vulnerabilities
https://eclypsium.com/blog/your-kvm-is-the-weak-link-how-30-dollar-devices-can-own-your-entire-network/
AWS Bedrock AgentCore Code Interpreter DNS Leak
https://www.beyondtrust.com/blog/entry/pwning-aws-agentcore-code-interpreter
]]> 6:00 aws, bedrock, agentcore, kvm, ipv6, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9852 SANS Stormcast Tuesday, March 17th, 2026: Proxy URLs; Local Network Address Restrictions; Advanced Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, March 17th, 2026: Proxy URLs; Local Network Address Restrictions; Advanced Phishing https://traffic.libsyn.com/securitypodcast/9852.mp3 https://isc.sans.edu/podcastdetail/9852 Tue, 17 Mar 2026 02:00:02 GMT /proxy/ URL scans with IP addresses
https://isc.sans.edu/forums/diary/proxy+URL+scans+with+IP+addresses/32800/
Local Network Address Restrictions
https://learn.microsoft.com/en-us/deployedge/ms-edge-local-network-access#how-to-mitigate-impact-for-cross-origin-iframes https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel
European Security Vendor Targeted by Hackers Fronting as Cisco Domain
https://specopssoft.com/blog/phishing-campaign-cisco/
]]> 7:50 phishing, dkim, url, proxy, chrome, edge, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9850 SANS Stormcast Monday, March 16th, 2026: SmartApeSG and Remcos RAT; React Based Phishing; Google Chrome Patches; AdGaurd Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, March 16th, 2026: SmartApeSG and Remcos RAT; React Based Phishing; Google Chrome Patches; AdGaurd Vuln https://traffic.libsyn.com/securitypodcast/9850.mp3 https://isc.sans.edu/podcastdetail/9850 Mon, 16 Mar 2026 02:00:02 GMT SmartApeSG campaign uses ClickFix page to push Remcos RAT
https://isc.sans.edu/diary/SmartApeSG%20campaign%20uses%20ClickFix%20page%20to%20push%20Remcos%20RAT/32796
A React-based phishing page with credential exfiltration via EmailJS
https://isc.sans.edu/diary/32794
Google Chrome announced two zero-day fixes, then removed one.
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
AdGuard Vulnerability
https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.73
]]> 6:13 adguard, google, chorme, remco, react, rat, emailjs clickfix. smartagesg, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9848 SANS Stormcast Friday, March 13th, 2026: IOT Device Discovery; Apple Patches; Veeam Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, March 13th, 2026: IOT Device Discovery; Apple Patches; Veeam Patches https://traffic.libsyn.com/securitypodcast/9848.mp3 https://isc.sans.edu/podcastdetail/9848 Fri, 13 Mar 2026 02:00:02 GMT When your IoT Device Logs in as Admin, It s too Late!
https://isc.sans.edu/diary/When%20your%20IoT%20Device%20Logs%20in%20as%20Admin%2C%20It%3Fs%20too%20Late!%20%5BGuest%20Diary%5D/32788
Apple Patches
https://support.apple.com/en-us/100100
Veeam Patches
https://www.veeam.com/kb4830
]]> 5:19 veeam, apple, patches, iot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9846 SANS Stormcast Thursday, March 12th, 2026: Zombie Zip; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, March 12th, 2026: Zombie Zip; https://traffic.libsyn.com/securitypodcast/9846.mp3 https://isc.sans.edu/podcastdetail/9846 Thu, 12 Mar 2026 02:00:02 GMT Analyzing "Zombie Zip" Files (CVE-2026-0866)
https://isc.sans.edu/diary/Analyzing%20%22Zombie%20Zip%22%20Files%20%28CVE-2026-0866%29/32786
How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit
https://pentesterlab.com/blog/freshrss-bcrypt-truncation-auth-bypass
]]> 7:27 zombie, zip, fressrss, bcrypt, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9844 SANS Stormcast Wednesday, March 11th, 2026: Windows, Fortinet, Adobe, and Zoom Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, March 11th, 2026: Windows, Fortinet, Adobe, and Zoom Patches https://traffic.libsyn.com/securitypodcast/9844.mp3 https://isc.sans.edu/podcastdetail/9844 Wed, 11 Mar 2026 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20March%202026/32782
Fortinet Updates
https://fortiguard.fortinet.com/psirt
Adobe Updates
https://helpx.adobe.com/security.html
Zoom Update
https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0061222
]]> 6:10 zoom, adobe, fortinet, microsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9842 SANS Stormcast Tuesday, March 10th, 2026: Encrypted Client Hello; ExitTool Vulnerability; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, March 10th, 2026: Encrypted Client Hello; ExitTool Vulnerability; https://traffic.libsyn.com/securitypodcast/9842.mp3 https://isc.sans.edu/podcastdetail/9842 Tue, 10 Mar 2026 02:00:02 GMT Encrypted Client Hello: Ready for Prime Time?
https://isc.sans.edu/diary/Encrypted%20Client%20Hello%3A%20Ready%20for%20Prime%20Time%3F/32778
The ExifTool vulnerability: how an image can infect macOS systems
https://www.kaspersky.com/blog/exiftool-macos-picture-vulnerability-mitigation-cve-2026-3102/55362/
Remote code execution in Nextcloud Flow via vulnerable Windmill version
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g7vj-98x3-qvjf
]]> 7:27 Windmill, ExifTool, macOS, ECH, https, tls, client hello, encrypted, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9840 SANS Stormcast Monday, March 9th, 2026: YARA-X Update; IP Camera Targeting; Node.js Upgrades; nginx UI Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, March 9th, 2026: YARA-X Update; IP Camera Targeting; Node.js Upgrades; nginx UI Vuln https://traffic.libsyn.com/securitypodcast/9840.mp3 https://isc.sans.edu/podcastdetail/9840 Mon, 09 Mar 2026 02:00:02 GMT YARA-X 1.14.0 Release https://isc.sans.edu/diary/YARA-X%201.14.0%20Release/32774
INTERPLAY BETWEEN IRANIAN TARGETING OF IP CAMERAS AND PHYSICAL WARFARE IN THE MIDDLE EAST
https://research.checkpoint.com/2026/interplay-between-iranian-targeting-of-ip-cameras-and-physical-warfare-in-the-middle-east/
Announcing the Node.js LTS Upgrade and Modernization Program
https://openjsf.org/blog/nodejs-lts-upgrade-program
nginx UI Vulnerability
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-g9w5-qffc-6762
]]> 5:08 yara, iran, ip cameras, node.js, nginx, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9838 SANS Stormcast Friday, March 6th, 2026: Targeted or Not? pac4j-jwt auth bypass; freescout dangerous uploads; MSFT Authenticator vs Graphene OS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, March 6th, 2026: Targeted or Not? pac4j-jwt auth bypass; freescout dangerous uploads; MSFT Authenticator vs Graphene OS https://traffic.libsyn.com/securitypodcast/9838.mp3 https://isc.sans.edu/podcastdetail/9838 Fri, 06 Mar 2026 02:00:02 GMT Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary]
https://isc.sans.edu/diary/Differentiating%20Between%20a%20Targeted%20Intrusion%20and%20an%20Automated%20Opportunistic%20Scanning%20%5BGuest%20Diary%5D/32768
CVE-2026-29000: Critical Authentication Bypass in pac4j-jwt - Using Only a Public Key (CVSS 10)
https://www.codeant.ai/security-research/pac4j-jwt-authentication-bypass-public-key
FreeScout Help Desk Vulnerability
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-x7j3-74vc
Microsoft Authenticator Not Supported on Graphene OS
https://www.heise.de/en/news/GrapheneOS-Microsoft-Authenticator-does-not-support-secure-Android-OS-11200495.html
]]> 6:55 freesccout, pac4j-jwt, algorithm confusion, targeted, honeypot, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9836 SANS Stormcast Thursday, March 5th, 2026: XWorm Analysis; Cisco “Secure” Firewall Managmeent Center; LastPass Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, March 5th, 2026: XWorm Analysis; Cisco “Secure” Firewall Managmeent Center; LastPass Phishing https://traffic.libsyn.com/securitypodcast/9836.mp3 https://isc.sans.edu/podcastdetail/9836 Thu, 05 Mar 2026 11:50:11 GMT Want More XWorm?
https://isc.sans.edu/diary/Want%20More%20XWorm%3F/32766
Cisco Secure Firewall Management Center Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
LastPass Phishing
https://www.securityweek.com/lastpass-users-targeted-with-backup-themed-phishing-emails/
]]> 7:38 LastPass, cisco, firewall management, xworm, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9834 SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse https://traffic.libsyn.com/securitypodcast/9834.mp3 https://isc.sans.edu/podcastdetail/9834 Wed, 04 Mar 2026 02:00:03 GMT Bruteforce Scans for CrushFTP
https://isc.sans.edu/diary/Bruteforce%20Scans%20for%20CrushFTP%20/32762
Android March 2026 Patches, including 0-Day (CVE-2026-21385)
https://source.android.com/docs/security/bulletin/2026/2026-03-01
OAuth redirection abuse enables phishing and malware delivery
https://www.microsoft.com/en-us/security/blog/2026/03/02/oauth-redirection-abuse-enables-phishing-malware-delivery/
]]> 5:03 crushftp, android, oauth, phishing, brute force, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9832 SANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers https://traffic.libsyn.com/securitypodcast/9832.mp3 https://isc.sans.edu/podcastdetail/9832 Tue, 03 Mar 2026 02:00:02 GMT Quick Howto: ZIP Files Inside RTF
https://isc.sans.edu/diary/Quick+Howto+ZIP+Files+Inside+RTF/32696/#comments
Keeping the Internet fast and secure: introducing Merkle Tree Certificates
https://blog.cloudflare.com/bootstrap-mtc/
Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel
https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/
]]> 8:10 agentic, gemini, browsers, chrome, certificate, webpki, zip, rtf, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9830 SANS Stormcast Monday, March 2nd, 2026: Reversing Fake Fedex; Abusing .ARPA; MSFT Authenticator Update; Apex One Vuln; Special AirSnitch Webcast Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, March 2nd, 2026: Reversing Fake Fedex; Abusing .ARPA; MSFT Authenticator Update; Apex One Vuln; Special AirSnitch Webcast https://traffic.libsyn.com/securitypodcast/9830.mp3 https://isc.sans.edu/podcastdetail/9830 Mon, 02 Mar 2026 02:00:02 GMT Fake Fedex Email Delivers Donuts!
https://isc.sans.edu/diary/Fake%20Fedex%20Email%20Delivers%20Donuts!/32754
Abusing .ARPA: The TLD that isn t supposed to host anything
https://www.infoblox.com/blog/threat-intelligence/abusing-arpa-the-tld-that-isnt-supposed-to-host-anything/
MC1179154 - Microsoft Authenticator app: Upcoming changes to jailbreak and root detection
https://mc.merill.net/message/MC1179154
SECURITY BULLETIN: Apex One and Apex One (Mac) - February 2026
https://success.trendmicro.com/en-US/solution/KA-0022458
Special Webcast: AirSnitch How Worried Should You Be?
https://www.sans.org/webcasts/airsnitch-how-worried-should-you-be
]]> 7:35 fedex, apex, one, airsnitch, webcast, authenticator, microsoft, arpa, tld, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9828 SANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation https://traffic.libsyn.com/securitypodcast/9828.mp3 https://isc.sans.edu/podcastdetail/9828 Fri, 27 Feb 2026 02:00:02 GMT Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary]
https://isc.sans.edu/diary/Finding%20Signal%20in%20the%20Noise%3A%20Lessons%20Learned%20Running%20a%20Honeypot%20with%20AI%20Assistance%20%5BGuest%20Diary%5D/32744
Google API Keys Weren't Secrets. But then Gemini Changed the Rules.
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules
AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks
https://www.ndss-symposium.org/ndss-paper/airsnitch-demystifying-and-breaking-client-isolation-in-wi-fi-networks/
]]> 9:22 airsnitch, wifi, api, google, maps, gemini, noise, honeypot, sans.edu, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9826 SANS Stormcast Thursday, February 26th, 2026: CLAIR Model; Cisco SD-WAN 0-Day; Cortex XDR Abuse; OpenSSL Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, February 26th, 2026: CLAIR Model; Cisco SD-WAN 0-Day; Cortex XDR Abuse; OpenSSL Vuln; https://traffic.libsyn.com/securitypodcast/9826.mp3 https://isc.sans.edu/podcastdetail/9826 Thu, 26 Feb 2026 02:00:03 GMT The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary]
https://isc.sans.edu/diary/The+CLAIR+Model+A+Synthesized+Conceptual+Framework+for+Mapping+Critical+Infrastructure+Interdependencies+Guest+Diary/32748
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability CVE-2026-20127
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk https://blog.talosintelligence.com/uat-8616-sd-wan/
Abusing Cortex XDR Live
https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/
OpenSSL Vulnerability CVE-2025-15467
https://seclists.org/oss-sec/2026/q1/220
]]> 6:48 openssl, cortex, xdr, cisco, catalyst, sd-wan, clair, ics, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9824 SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues https://traffic.libsyn.com/securitypodcast/9824.mp3 https://isc.sans.edu/podcastdetail/9824 Wed, 25 Feb 2026 02:00:02 GMT Open Redirects: A Forgotten Vulnerability?
https://isc.sans.edu/diary/Open%20Redirects%3A%20A%20Forgotten%20Vulnerability%3F/32742
Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148
https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/
More telnetd issues
https://seclists.org/oss-sec/2026/q1/199
]]> 7:29 redirects, innerhtml, telnet, sethtml, xss, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9822 SANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited https://traffic.libsyn.com/securitypodcast/9822.mp3 https://isc.sans.edu/podcastdetail/9822 Tue, 24 Feb 2026 02:00:02 GMT Another day, another malicious JPEG
https://isc.sans.edu/diary/Another%20day%2C%20another%20malicious%20JPEG/32738
Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution CVE-2026-26064 CVE-2026-26065
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w
CVE-2026-25755: PDF Object Injection in jsPDF (addJS Method)
https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md
Roundcube Webmail Exploited CVE-2025-49113 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
https://www.openwall.com/lists/oss-security/2025/06/02/3
]]> 7:04 roundcube, webmail, jspdf, calibre, jpeg, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9820 SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing https://traffic.libsyn.com/securitypodcast/9820.mp3 https://isc.sans.edu/podcastdetail/9820 Mon, 23 Feb 2026 02:45:11 GMT Japanese-Language Phishing Emails
https://isc.sans.edu/diary/Japanese-Language%20Phishing%20Emails/32734
'God-Like' Attack Machines: AI Agents Ignore Security Policies
https://www.darkreading.com/application-security/ai-agents-ignore-security-policies
Starkiller: New Phishing Framework Proxies Real Login Pages to Bypass MFA
https://abnormal.ai/blog/starkiller-phishing-kit
]]> 6:33 starkiller, phishing, mfa, mitm, japanese, ai, agents, security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9818 SANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC https://traffic.libsyn.com/securitypodcast/9818.mp3 https://isc.sans.edu/podcastdetail/9818 Fri, 20 Feb 2026 02:00:02 GMT Under the Hood of DynoWiper
https://isc.sans.edu/diary/Under%20the%20Hood%20of%20DynoWiper/32730
Vibe Password Generation: Predictable by Design
https://www.irregular.com/publications/vibe-password-generation
Vulnerabilities (CVE-2025-65715, CVE-2025-65716, CVE-2025-65717) in four popular IDE Extensions
https://www.ox.security/blog/four-vulnerabilities-expose-a-massive-security-blind-spot-in-ide-extensions/
Grandstream GXP1600 VoIP Phones
https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed/
]]> 6:19 grandstream, gxp1600, vibe, password, vs code, extensions, dynowiper, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9816 SANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01 https://traffic.libsyn.com/securitypodcast/9816.mp3 https://isc.sans.edu/podcastdetail/9816 Thu, 19 Feb 2026 02:00:02 GMT Tracking Malware Campaigns With Reused Material
https://isc.sans.edu/diary/Tracking%20Malware%20Campaigns%20With%20Reused%20Material/32726
From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day
https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day
Windows Admin Center Elevation of Privilege Vulnerability CVE-2026-26119
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119
DNS-PERSIST-01: A New Model for DNS-based Challenge Validation
https://letsencrypt.org/2026/02/18/dns-persist-01.html
Defending Web Apps
https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices
]]> 7:04 windows, admin center, dns-persist-01, brickstorm, grimpbolt, dell, recoverypoint, malware, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9814 SANS Stormcast Wednesday, February 18th, 2026: IR Phishing; Neenadu Android Backdoor; NiFi Bugs; LLMs Phishing; Encrypted RCS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, February 18th, 2026: IR Phishing; Neenadu Android Backdoor; NiFi Bugs; LLMs Phishing; Encrypted RCS https://traffic.libsyn.com/securitypodcast/9814.mp3 https://isc.sans.edu/podcastdetail/9814 Wed, 18 Feb 2026 02:15:12 GMT Fake Incident Report Used in Phishing Campaign
https://isc.sans.edu/diary/Fake%20Incident%20Report%20Used%20in%20Phishing%20Campaign/32722
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets https://securelist.com/keenadu-android-backdoor/118913/
CVE-2026-25903: Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates https://seclists.org/oss-sec/2026/q1/166
The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time
https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/
Encrypted RCS in iOS/iPadOS
https://developer.apple.com/documentation/ios-ipados-release-notes/ios-ipados-26_4-release-notes
]]> 7:30 rcs, apple, nifi, android, backdoor, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9812 SANS Stormcast Tuesday, February 17th, 2026: 64Bit Malware; Password Manager Weaknesses; OpenClaw Config Theft; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, February 17th, 2026: 64Bit Malware; Password Manager Weaknesses; OpenClaw Config Theft; https://traffic.libsyn.com/securitypodcast/9812.mp3 https://isc.sans.edu/podcastdetail/9812 Tue, 17 Feb 2026 02:00:02 GMT 2026 64-Bits Malware Trend
https://isc.sans.edu/diary/2026%2064-Bits%20Malware%20Trend/32718
A Comparative Security Analysis of Three Cloud-based Password Managers
https://zkae.io
Infostealer Infection Targeting OpenClaw Configurations
https://www.infostealers.com/article/hudson-rock-identifies-real-world-infostealer-infection-targeting-openclaw-configurations/
]]> 5:12 openclaw, infostealer, password, managers, malware, 64 bit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9810 SANS Stormcast Monday, February 16th, 2026: Graph Generator; nslookup and clickfix; Chrome 0-Day; TURN Threats Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, February 16th, 2026: Graph Generator; nslookup and clickfix; Chrome 0-Day; TURN Threats https://traffic.libsyn.com/securitypodcast/9810.mp3 https://isc.sans.edu/podcastdetail/9810 Mon, 16 Feb 2026 02:00:02 GMT AI-Powered Knowledge Graph Generator & APTs
https://isc.sans.edu/diary/AI-Powered%20Knowledge%20Graph%20Generator%20%26%20APTs/32712
nslookup and ClickFix
https://x.com/MsftSecIntel/status/2022456612120629742
Google Chrome 0-Day Patch
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
TURN Security Threats
https://www.enablesecurity.com/blog/turn-server-security-threats/
]]> 6:00 TURN, Chrome, nslookup, ClickFix, AI, graph, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9808 SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring https://traffic.libsyn.com/securitypodcast/9808.mp3 https://isc.sans.edu/podcastdetail/9808 Fri, 13 Feb 2026 02:00:02 GMT Four Seconds to Botnet - Analyzing a Self-Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary]
https://isc.sans.edu/diary/Four%20Seconds%20to%20Botnet%20-%20Analyzing%20a%20Self%20Propagating%20SSH%20Worm%20with%20Cryptographically%20Signed%20C2%20%5BGuest%20Diary%5D/32708
OpenSSH Update on MacOS
https://www.openssh.org/releasenotes.html
Employee Monitoring and SimpleHelp Software Abused in Ransomware Operations
https://www.huntress.com/blog/employee-monitoring-simplehelp-abused-in-ransomware-operations
]]> 5:43 monitoring, openssh, macos, botnet, ssh, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9806 SANS Stormcast Thursday, February 12th, 2026: WSL in Malware; Apple and Adobe Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, February 12th, 2026: WSL in Malware; Apple and Adobe Patches https://traffic.libsyn.com/securitypodcast/9806.mp3 https://isc.sans.edu/podcastdetail/9806 Thu, 12 Feb 2026 02:00:02 GMT WSL in the Malware Ecosystem https://isc.sans.edu/diary/32704
Apple Patches Everything: February 2026
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20February%202026/32706
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
]]> 6:09 apple, adobe, wsl, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9804 SANS Stormcast Wednesday, February 11th, 2026: Microsoft Patch Tuesday; Secure Boot Updates; Fake 7-Zip; FortiSlob Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, February 11th, 2026: Microsoft Patch Tuesday; Secure Boot Updates; Fake 7-Zip; FortiSlob https://traffic.libsyn.com/securitypodcast/9804.mp3 https://isc.sans.edu/podcastdetail/9804 Wed, 11 Feb 2026 02:05:02 GMT Microsoft Patch Tuesday - February 2026
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20February%202026/32700
Refreshing the root of trust
https://blogs.windows.com/windowsexperience/2026/02/10/refreshing-the-root-of-trust-industry-collaboration-on-secure-boot-certificate-updates/
Fake 7-Zip downloads are turning home PCs into proxy nodes
https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-7-zip-downloads-are-turning-home-pcs-into-proxy-nodes
FortiNet Vulnerabilities
https://fortiguard.fortinet.com/psirt/FG-IR-25-093 https://fortiguard.fortinet.com/psirt/FG-IR-25-1052
]]> 7:54 Fortinet, 7zip, fake, trojan, trust, boot, root, microsoft, patch, tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9802 SANS Stormcast Tuesday, February 10th, 2026: Extracting URLs; Singal Phishing; Ivanti PoC; BeyondTrust RCE; Forticlient SQL Inection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, February 10th, 2026: Extracting URLs; Singal Phishing; Ivanti PoC; BeyondTrust RCE; Forticlient SQL Inection https://traffic.libsyn.com/securitypodcast/9802.mp3 https://isc.sans.edu/podcastdetail/9802 Tue, 10 Feb 2026 02:00:02 GMT Quick Howto: Extract URLs from RTF files
https://isc.sans.edu/diary/Quick%20Howto%3A%20Extract%20URLs%20from%20RTF%20files/32692
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
German: https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html English: https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/praevention_wirtschafts-und_wissenschaftsschutz/2026-02-06-gemeinsame-warnmitteilung-phishing.pdf?__blob=publicationFile&v=3
Someone Knows Bash Far Too Well, And We Love It - Pre-Auth RCEs
https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/
Pre-Auth RCE in BeyondTrust Remote Support & PRA CVE-2026-1731
https://www.hacktron.ai/blog/cve-2026-1731-beyondtrust-remote-support-rce
https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
Fortinet FortiClientEMS SQLi in the administrative interface
https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
]]> 4:30 urls, rtf, signal, phishing, ivanti, beyondtrust, fortinet, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9800 SANS Stormcast Monday, February 9th, 2026: Azure Vulnerabilties; AI Vulnerability Discovery; GitLab AI Gateway Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, February 9th, 2026: Azure Vulnerabilties; AI Vulnerability Discovery; GitLab AI Gateway Vuln https://traffic.libsyn.com/securitypodcast/9800.mp3 https://isc.sans.edu/podcastdetail/9800 Mon, 09 Feb 2026 11:47:32 GMT Microsoft Patches Four Azure Vulnerabilities (three critical)
https://msrc.microsoft.com/update-guide/vulnerability
Evaluating and mitigating the growing risk of LLM-discovered 0-days
https://red.anthropic.com/2026/zero-days/
Gitlab AI Gateway Vulnerability CVE-2026-1868
https://about.gitlab.com/releases/2026/02/06/patch-release-gitlab-ai-gateway-18-8-1-released/
]]> 5:23 gitlab, ai gateway, llm, 0-days, anthropic, claude, opus, microsoft, azure, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9798 SANS Stormcast Friday, February 6th, 2026: Broken Phishing; n8n vulnerability; Android Update; Watchguard Firebox LDAP Injection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, February 6th, 2026: Broken Phishing; n8n vulnerability; Android Update; Watchguard Firebox LDAP Injection https://traffic.libsyn.com/securitypodcast/9798.mp3 https://isc.sans.edu/podcastdetail/9798 Fri, 06 Feb 2026 02:05:02 GMT Broken Phishing URLs
https://isc.sans.edu/diary/Broken+Phishing+URLs/32686/
n8n command injection vulnerability
https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8
Android February Update
https://source.android.com/docs/security/bulletin/pixel/2026/2026-02-01?hl=en
Watchguard Firebox LDAP Injection
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001
]]> 4:42 watchguard, firebox, ldap, android, n8n, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9796 SANS Stormcast Thursday, February 5th, 2026: Malicious Scripts; Synectix Vuln; Google Chrome; Google Looker; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, February 5th, 2026: Malicious Scripts; Synectix Vuln; Google Chrome; Google Looker; https://traffic.libsyn.com/securitypodcast/9796.mp3 https://isc.sans.edu/podcastdetail/9796 Thu, 05 Feb 2026 02:10:11 GMT Malicious Script Delivering More Maliciousness
https://isc.sans.edu/diary/Malicious+Script+Delivering+More+Maliciousness/32682
Synectix LAN 232 TRIO Unauthenticated Web Admin CVE-2026-1633
https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04
Google Chrome Patches
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem)
https://www.tenable.com/blog/google-looker-vulnerabilities-rce-internal-access-lookout
]]> 6:17 lookup, looker, google, chrome, patches, synectix, malicious script, infostealer, xworm, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9794 SANS Stormcast Wednesday, February 4th, 2026: Detecting OpenClaw; Synology telnetd Patch; More GlassWorm Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, February 4th, 2026: Detecting OpenClaw; Synology telnetd Patch; More GlassWorm https://traffic.libsyn.com/securitypodcast/9794.mp3 https://isc.sans.edu/podcastdetail/9794 Wed, 04 Feb 2026 02:00:02 GMT Detecting and Monitoring OpenClaw (clawdbot, moltbot)
https://isc.sans.edu/diary.html/Detecting+and+Monitoring+OpenClaw+%28clawdbot%2C+moltbot%29/32678/#comment
Synology telnetd Patch
https://www.synology.com/en-us/releaseNote/DSM
GlassWorm Loader Hits Open VSX via Developer Account Compromise
https://socket.dev/blog/glassworm-loader-hits-open-vsx-via-suspected-developer-account-compromise
]]> 4:56 vsx, glssworm, synology, telnetd, openclaw, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9792 SANS Stormcast Tuesday, February 3rd, 2026: Scanning for AI; Notepad++ Compromise; OpenClaw Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, February 3rd, 2026: Scanning for AI; Notepad++ Compromise; OpenClaw Vulnerabilities https://traffic.libsyn.com/securitypodcast/9792.mp3 https://isc.sans.edu/podcastdetail/9792 Tue, 03 Feb 2026 02:00:02 GMT Scanning for exposed Anthropic Models https://isc.sans.edu/diary/Scanning%20for%20exposed%20Anthropic%20Models/32674
Notepad++ Hijacked by State-Sponsored Hackers https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/
https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Insecure Websockets in OpenClaw
https://zeropath.com/blog/openclaw-clawdbot-credential-theft-vulnerability
Malicious OpenClaw Skills
https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting
Exposed OpenClaw Instances
https://censys.com/blog/openclaw-in-the-wild-mapping-the-public-exposure-of-a-viral-ai-assistant
]]> 6:25 openclaw, websockets, notpad++, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9790 SANS Stormcast Monday, February 2nd, 2026: Google Presentation Abuse; Ivanti Vuln Exploited; Microsoft NTLM Strategy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, February 2nd, 2026: Google Presentation Abuse; Ivanti Vuln Exploited; Microsoft NTLM Strategy https://traffic.libsyn.com/securitypodcast/9790.mp3 https://isc.sans.edu/podcastdetail/9790 Mon, 02 Feb 2026 02:00:02 GMT Google Presentation Abuse
https://isc.sans.edu/diary/Google+Presentations+Abused+for+Phishing/32668/
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340)
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US
Microsoft NTLM Strategy
https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526
]]> 7:15 microsoft, ntlm, ivanti, google, presentation, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9788 SANS Stormcast Friday, January 30th, 2026: Residential Proxy Networks; Clowdbot/Moltbot Themed Malware; eScan Malicious Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, January 30th, 2026: Residential Proxy Networks; Clowdbot/Moltbot Themed Malware; eScan Malicious Updates https://traffic.libsyn.com/securitypodcast/9788.mp3 https://isc.sans.edu/podcastdetail/9788 Fri, 30 Jan 2026 02:00:03 GMT No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network
Google dismantled the IPIDEA network that used residential proxies to route malicious traffic.
https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network
Fake Clawdbot VS Code Extension Installs ScreenConnect RAT
The news about Clawdbot (now Moltbot) is used to distribute malware, in particular malicious VS Code extensions.
https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware
Threat Bulletin: Critical eScan Supply Chain Compromise
Anti-virus vendor eScan was compromised, and its update servers were used to install malware on some customer systems.
https://www.morphisec.com/blog/critical-escan-threat-bulletin/
]]> 6:19 escan, update, malcious, anti virus, vs code, clawdbot, moltbot, residential, proxy, network, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9786 SANS Stormcast Thursday, January 29th, 2026: WebLogic AI Slop; Fortinet Patches; WebLogic AI Slop; Fortinet Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, January 29th, 2026: WebLogic AI Slop; Fortinet Patches; WebLogic AI Slop; Fortinet Patches https://traffic.libsyn.com/securitypodcast/9786.mp3 https://isc.sans.edu/podcastdetail/9786 Thu, 29 Jan 2026 12:40:11 GMT Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop?
We are seeing attempts to attack CVE-2026-21962, a recent weblog vulnerability, using a non-working AI slop exploit
https://isc.sans.edu/diary/Odd%20WebLogic%20Request.%20Possible%20CVE-2026-21962%20Exploit%20Attempt%20or%20AI%20Slop%3F/32662
Fortinet Patches are Rolling Out
Fortinet is starting to roll out patches for the recent SSO vulnerability
https://fortiguard.fortinet.com/psirt/FG-IR-26-060
SolarWinds Web Helpdesk Vulnerability
Another set of vulnerabilities in SolarWinds Web Helpdesk may result in unauthenticated system access
https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/
]]> 6:01 solarwinds, fortinet, weblogic, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9784 SANS Stormcast Wednesday, January 28th, 2026: Romance Scams; DoS Vuln in React Server Components; OpenSSL Patch; Kubernetes Priv Confusion Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, January 28th, 2026: Romance Scams; DoS Vuln in React Server Components; OpenSSL Patch; Kubernetes Priv Confusion https://traffic.libsyn.com/securitypodcast/9784.mp3 https://isc.sans.edu/podcastdetail/9784 Wed, 28 Jan 2026 02:05:03 GMT Initial Stages of Romance Scams [Guest Diary]
Romance scams often start with random text messages that appear to be misrouted . This guest diary by Faris Azhari is following some of the initial stages of such a scam.
https://isc.sans.edu/diary/Initial%20Stages%20of%20Romance%20Scams%20%5BGuest%20Diary%5D/32650
Denial of Service Vulnerabilities in React Server Components
Another folowup fix for the severe React vulnerability from last year, but now only fixing a DoS condition.
https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg
OpenSSL Updates
OpenSSL released its monthly updates, fixing a potential RCE.
https://openssl-library.org/news/vulnerabilities/
Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission
Many Kubernetes Helm Charts are vulnerable to possible remote code executions due to unclear defined access controls.
https://grahamhelton.com/blog/nodes-proxy-rce
]]> 7:38 kubernetes, rce, proxy, openssl, dos, react, romance scam, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9782 SANS Stormcast Tuesday, January 27th, 2026: PWD scanning; MSFT Office OOB Patch; Exposed Clawdbot Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, January 27th, 2026: PWD scanning; MSFT Office OOB Patch; Exposed Clawdbot https://traffic.libsyn.com/securitypodcast/9782.mp3 https://isc.sans.edu/podcastdetail/9782 Tue, 27 Jan 2026 02:00:02 GMT Scanning Webserver with pwd as a Starting Path
Attackers are adding the output of the pwd command to their web scans.
https://isc.sans.edu/diary/x/32654
Microsoft Office Security Feature Bypass Vulnerability CVE-2026-21509
Microsoft released an out-of-band patch for Office fixing a currently exploited vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509
Exposed Clawdbot Instances
Many users of the AI tool clawdbot expose instances without access control.
https://x.com/theonejvo/status/2015485025266098536
]]> 5:50 clwadbot, office, patch, microsoft, webserver, scan, pwd, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9780 SANS Stormcast Monday, January 26th, 2026: FortiOS SSO Vuln Updates; Outlook OOB Update; VMware vCenter Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, January 26th, 2026: FortiOS SSO Vuln Updates; Outlook OOB Update; VMware vCenter Exploited https://traffic.libsyn.com/securitypodcast/9780.mp3 https://isc.sans.edu/podcastdetail/9780 Mon, 26 Jan 2026 02:00:03 GMT Analysis of Single Sign-On Abuse on FortiOS
Fortinet released an advisory. FortiOS devices are vulnerable if configured with any SAML integration, not just FortiCloud
https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios
Outlook OOB Update
Microsoft released a non-security OOB Update for Outlook, fixing an issue introduced with this months security patches.
https://support.microsoft.com/en-us/topic/january-24-2026-kb5078127-os-builds-26200-7628-and-26100-7628-out-of-band-cf5777f6-bb4e-4adb-b9cd-2b64df577491
VMware vCenter Server Vulnerabilities Exploited (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081)
A VMWare vCenter vulnerability patched last June is now actively exploited.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
]]> 4:21 vmware, vcenter, oob, update, microsoft, outlook, fortios, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9778 SANS Stormcast Friday, January 23rd, 2026: Scanning AI Code; FortiGate Update; ISC BIND DoS; Trivial SmaterMail Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, January 23rd, 2026: Scanning AI Code; FortiGate Update; ISC BIND DoS; Trivial SmaterMail Vulnerability https://traffic.libsyn.com/securitypodcast/9778.mp3 https://isc.sans.edu/podcastdetail/9778 Fri, 23 Jan 2026 02:00:02 GMT Is AI-Generated Code Secure?
Xavier used the free static code analysis tool Bandit to review code he wrote with heavy AI support.
https://isc.sans.edu/diary/Is%20AI-Generated%20Code%20Secure%3F/32648
Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts
Arctic Wolf summarized some of the attacks it is seeing against FortiGate devices via the insufficiently patched SSL vulnerability.
https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-configuration-changes-fortinet-fortigate-devices-via-sso-accounts/
ISC BIND DoS vulnerability in Drone ID Records
HHIT and BRID records, which are used as part of Drone ID, can be used to crash named if their length is 3 bytes.
https://marlink.com/resources/knowledge-hub/isc-bind-vulnerability-discovered-and-disclosed-by-marlink-cyber/
SmarterTools SmarterMail Password Reset Vulnerability
SmarterTools recently patched a trivial vulnerability in SmarterMail that would allow anybody without authentication to reset administrator passwords.
https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/
]]> 7:03 smartermail, smartertools, isc, bind, dos, drone, drone id, fortinet, fortigate, bandit, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9776 SANS Stormcast Thursday, January 22nd, 2026: Visual Studio Code Scripts; Cisco Unified Comm and Zoom Vuln; Insufficient Fortinet Patch; SANS SOC Survey Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, January 22nd, 2026: Visual Studio Code Scripts; Cisco Unified Comm and Zoom Vuln; Insufficient Fortinet Patch; SANS SOC Survey https://traffic.libsyn.com/securitypodcast/9776.mp3 https://isc.sans.edu/podcastdetail/9776 Thu, 22 Jan 2026 02:00:02 GMT Automatic Script Execution In Visual Studio Code
Visual Studio Code will read configuration files within the source code that may lead to code execution.
https://isc.sans.edu/diary/Automatic%20Script%20Execution%20In%20Visual%20Studio%20Code/32644
Cisco Unified Communications Products Remote Code Execution Vulnerability A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
Zoom Vulnerability
A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to execute remote code on the MMR via network access.
https://www.zoom.com/en/trust/security-bulletin/zsb-26001/
Possible new SSO Exploit (CVE-2025-59718) on 7.4.9
https://www.reddit.com/r/fortinet/comments/1qibdcb/possible_new_sso_exploit_cve202559718_on_749/
SANS SOC Survey
The 2026 SOC Survey is open, and we need your input to create a meaningful report. Please share your experience so we can advocate for what actually works in the trenches.
https://survey.sans.org/jfe/form/SV_3ViqWZgWnfQAzkO?is=socsurveystormcenter
]]> 6:33 soc, survey, sso, fortinet, zoom, cisco, visual studio, code, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9774 SANS Stormcast Wednesday, January 21st, 2026: Punycode Hunting; telnetd vuln; 6 day Certs and IP Certs; Oracle Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, January 21st, 2026: Punycode Hunting; telnetd vuln; 6 day Certs and IP Certs; Oracle Patches https://traffic.libsyn.com/securitypodcast/9774.mp3 https://isc.sans.edu/podcastdetail/9774 Wed, 21 Jan 2026 02:00:02 GMT Add Punycode to your Threat Hunting Routine
Punycode patterns in DNS queries make excellent hunting opportunities.
https://isc.sans.edu/diary/Add%20Punycode%20to%20your%20Threat%20Hunting%20Routine/32640
GNU InetUtils Security Advisory: remote authentication by-pass intelnetd
telnetd shipping with InetUtils suffers from a critical authentication by-pass vulnerability.
https://www.openwall.com/lists/oss-security/2026/01/20/2
6-day and IP Address Certificates are Generally Available
Let s Encrypt will now offer 6-day certificates as an option. These short-lived certificates can be used for IP addresses.
https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability
Oracle Quarterly Critical Patch Update
Oracle released its first quarterly patches for 2026, fixing 337 vulnerabilities
https://www.oracle.com/security-alerts/cpujan2026.html#AppendixFMW
]]> 6:44 oracle, certificates, letsencrypt, inetutils, punycode, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9772 SANS Stormcast Tuesday, January 20th, 2026: Scans Against LLMs; NTLM Rainbow Table; OOB MSFT Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, January 20th, 2026: Scans Against LLMs; NTLM Rainbow Table; OOB MSFT Patch https://traffic.libsyn.com/securitypodcast/9772.mp3 https://isc.sans.edu/podcastdetail/9772 Tue, 20 Jan 2026 02:00:03 GMT "How many states are there in the United States?"
Attackers are actively scanning for LLMs, fingerprinting them using the query How many states are there in the United States? .
https://isc.sans.edu/diary/%22How%20many%20states%20are%20there%20in%20the%20United%20States%3F%22/32618
Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation
Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol.
https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables
Out-of-band update to address issues observed with the January 2026 Windows security update
Microsoft has identified issues upon installing the January 2026 Windows security update. To address these issues, an out-of-band (OOB) update was released today, January 17, 2026
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center
]]> 6:00 Windows, patch, ntlm, rainbow table, llms, scans, llm, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9770 SANS Stormcast Friday, January 16th, 2026: Cryptojacking Hidden Gifts; Bluetooth Vulnerability; Reprompt in MSFT Copilot Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, January 16th, 2026: Cryptojacking Hidden Gifts; Bluetooth Vulnerability; Reprompt in MSFT Copilot https://traffic.libsyn.com/securitypodcast/9770.mp3 https://isc.sans.edu/podcastdetail/9770 Fri, 16 Jan 2026 03:10:11 GMT Battling Cryptojacking, Botnets, and IABs
Cryptojacking often comes with less obvious addons, like SSH backdoors
https://isc.sans.edu/diary/Battling%20Cryptojacking%2C%20Botnets%2C%20and%20IABs%20%5BGuest%20Diary%5D/32632
Microsoft Copilot Reprompt Attacks
Adding a query parameter to the URL may prefill a Copilot prompt, altering the meaning of the prompts that follow.
https://www.varonis.com/blog/reprompt
Hijacking Bluetooth Accessories Using Google Fast Pair
Google s fast pair protocol is often not implemented correctly, allowing the Hijacking of Bluetooth accessories
https://whisperpair.eu/#about
]]> 7:29 ssh, cryptojacking, copilot, fast pair, bluetooth, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9768 SANS Stormcast Thursday, January 15th, 2026: Luma Streal Repeat Infection; ServiceNow Broken Auth; Starlink/GPS Jamming Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, January 15th, 2026: Luma Streal Repeat Infection; ServiceNow Broken Auth; Starlink/GPS Jamming https://traffic.libsyn.com/securitypodcast/9768.mp3 https://isc.sans.edu/podcastdetail/9768 Thu, 15 Jan 2026 02:00:02 GMT Infection repeatedly adds scheduled tasks and increases traffic to the same C2 domain
https://isc.sans.edu/diary/Infection%20repeatedly%20adds%20scheduled%20tasks%20and%20increases%20traffic%20to%20the%20same%20C2%20domain/32628
BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow
https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow/
Starlink Terminal GPS Spoofing/Jamming Detection in Iran
https://github.com/narimangharib/starlink-iran-gps-spoofing/blob/main/starlink-iran.md
]]> 6:10 starlink, gps, bodysnatcher, servicenow, agentic, lumastealer, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9766 SANS Stormcast Wednesday, January 14th, 2026: Microsoft, Adobe and Fortinet Patches; ConsentFix Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, January 14th, 2026: Microsoft, Adobe and Fortinet Patches; ConsentFix https://traffic.libsyn.com/securitypodcast/9766.mp3 https://isc.sans.edu/podcastdetail/9766 Wed, 14 Jan 2026 02:30:02 GMT Microsoft Patch Tuesday January 2026
Microsoft released patches for 113 vulnerabilities. This includes one already exploited vulnerability, one that was made public before today and eight critical vulnerabilities.
https://isc.sans.edu/diary/January%202026%20Microsoft%20Patch%20Tuesday%20Summary/32624
Adobe Patches
Adobe released patches for five products. The code execution vulnerabilities in ColdFusion and Acrobat Reader deserve special attention.
https://helpx.adobe.com/security.html
Fortinet Patches
Fortnet patched two products today, one suffering from an SSRF vulnerability.
https://fortiguard.fortinet.com/psirt/FG-IR-25-783
https://fortiguard.fortinet.com/psirt/FG-IR-25-084
ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants
Attackers are tricking victims to copy/paste OAUTH URLs, including credentials, to a fake CAPTCHA
https://pushsecurity.com/blog/consentfix
]]> 7:58 ssrf, fortinet, adobe, microsoft, oatuh, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9764 SANS Stormcast Tuesday, January 13th, 2026: n8n got npm’ed; Gogs exploit; telegram proxy links Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, January 13th, 2026: n8n got npm’ed; Gogs exploit; telegram proxy links https://traffic.libsyn.com/securitypodcast/9764.mp3 https://isc.sans.edu/podcastdetail/9764 Tue, 13 Jan 2026 02:00:02 GMT n8n supply chain attack
Malicious npm pagackages were used to attempt to obtain user OAUTH credentials for NPM.
https://www.endorlabs.com/learn/n8mare-on-auth-street-supply-chain-attack-targets-n8n-ecosystem
Gogs 0-Day Exploited in the Wild
An at the time unpachted flaw in Gogs was exploited to compromise git repos.
https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit
Telegram Proxy Link Abuse
Telegram proxy links have been abused to deanonymize users
https://x.com/GangExposed_RU/status/2009961417781457129
]]> 5:45 telegram, gogs, npm, n8n, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9762 SANS Stormcast Monday, January 12th, 2026: PEB Manipulation; YARA Update; VideoLAND and Apache NimBLE Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, January 12th, 2026: PEB Manipulation; YARA Update; VideoLAND and Apache NimBLE Patches https://traffic.libsyn.com/securitypodcast/9762.mp3 https://isc.sans.edu/podcastdetail/9762 Mon, 12 Jan 2026 02:00:02 GMT Malicious Process Environment Block Manipulation
The process environment block contains metadata about particular processes, but can be manipulated.
https://isc.sans.edu/diary/Malicious+Process+Environment+Block+Manipulation/32614/
YARA-X 1.11.0 Release: Hash Function Warnings
The latest version of YARA will warn users if a hash rule attempts to match an invalid hash.
https://isc.sans.edu/diary/YARA-X%201.11.0%20Release%3A%20Hash%20Function%20Warnings/32616
VideoLAN Security Bulletin VLC 3.0.22 CVE-2025-51602
VideoLAN fixed several vulnerabilities in its VLC software.
https://www.videolan.org/security/sb-vlc3022.html
Apache NimBLE Bluetooth vulnerabilities
NimBLE is a Bluetooth stack popular in IoT devices. An update fixes some eavesdropping and pairing vulnerabilities.
https://mynewt.apache.org/cve/
]]> 6:16 bluetooth, apache, nimble, videolan, yara, vlc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9760 SANS Stormcast Friday, January 9th, 2026: Gephi Analysis; zlib vuln; GnuPG Vulns; Cisco/Cloudflare DNS Issue Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, January 9th, 2026: Gephi Analysis; zlib vuln; GnuPG Vulns; Cisco/Cloudflare DNS Issue https://traffic.libsyn.com/securitypodcast/9760.mp3 https://isc.sans.edu/podcastdetail/9760 Fri, 09 Jan 2026 02:00:02 GMT Analysis using Gephi with DShield Sensor Data
Gephi is a neat tool to create interactive data visualizations. It can be applied to honeypot data to find data clusters.
https://isc.sans.edu/diary/Analysis%20using%20Gephi%20with%20DShield%20Sensor%20Data/32608
zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility
The untgz utility that is part of zlib suffers from a straightforward buffer overflow in the filename parameter
https://seclists.org/fulldisclosure/2026/Jan/3
GnuPG Vulnerabilities
Several vulnerabilities in GnuPG were disclosed during a recent talk at the CCC congress.
https://gpg.fail
Cisco DNS Bug Reboot
Last night, several Cisco users reported that their switches rebooted. The issue appears to be related to a change Cloudflare made in the order of CNAME records. Only users using 1.1.1.1 as a recursive resolver appear to be affected.
https://community.cisco.com/t5/switches-small-business/got-fatal-error-cbs350-24t-4g/td-p/5359883?utm_source=chatgpt.com
]]> 7:12 gephi, dshield, honeypot, zlib, untgz, gnupg, ccc, cisco, cloudflare, dns, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9758 SANS Stormcast Thursday, January 8th, 2026: HTML QR Code Phishing; n8n vulnerability; Powerbank Feature Creep Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, January 8th, 2026: HTML QR Code Phishing; n8n vulnerability; Powerbank Feature Creep https://traffic.libsyn.com/securitypodcast/9758.mp3 https://isc.sans.edu/podcastdetail/9758 Thu, 08 Jan 2026 02:00:02 GMT A phishing campaign with QR codes rendered using an HTML table
Phishing emails are bypassing filters by encoding QR codes as HTML tables.
https://isc.sans.edu/diary/A%20phishing%20campaign%20with%20QR%20codes%20rendered%20using%20an%20HTML%20table/32606
n8n vulnerabilities
In recent days, several new n8n vulnerabilities were disclosed. Ensure that you update any on-premises installations and carefully consider what to use n8n for.
https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858
https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg
Power bank feature creep is out of control
Simple power banks are increasingly equipped with advanced features, including networking, which may expose them to security risks.
https://www.theverge.com/tech/856225/power-banks-are-the-latest-victims-of-feature-creep
]]> 7:23 n8n, phishing, html, table, qr code, n8n, power banks, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9756 SANS Stormcast Wednesday, January 7th, 2026: Tailsnitch Review; D-Link DSL EoL Vuln; TOTOLINK Unpatched Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, January 7th, 2026: Tailsnitch Review; D-Link DSL EoL Vuln; TOTOLINK Unpatched Vuln https://traffic.libsyn.com/securitypodcast/9756.mp3 https://isc.sans.edu/podcastdetail/9756 Wed, 07 Jan 2026 02:05:02 GMT Tool Review: Tailsnitch
Tailsnitch is a tool to audit your Tailscale configuration. It does a comprehensive analysis of your configuration and suggests (or even applies) fixes.
https://isc.sans.edu/diary/Tool%20Review%3A%20Tailsnitch/32602
D-Link DSL Command Injection via DNS Configuration Endpoint
A new vulnerability in very old D-Link DSL modems is currently being exploited.
https://www.vulncheck.com/advisories/dlink-dsl-command-injection-via-dns-configuration-endpoint
TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service
TOTOLINK extenders may start a telnet server and allow unauthenticated access if a firmware update fails.
https://kb.cert.org/vuls/id/295169
]]> 5:44 totolink, ex200, d-link, dsl, tailsnitch, tailscale, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9754 SANS Stormcast Tuesday, January 6th, 2026: IPKVM Risks; Tailsnitch; Net-SNMP Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, January 6th, 2026: IPKVM Risks; Tailsnitch; Net-SNMP Vuln; https://traffic.libsyn.com/securitypodcast/9754.mp3 https://isc.sans.edu/podcastdetail/9754 Tue, 06 Jan 2026 02:00:02 GMT Risks of OOB Access via IP KVM Devices
Recently, cheap IP KVMs have become popular. But their deployment needs to be secured.
https://isc.sans.edu/diary/Risks%20of%20OOB%20Access%20via%20IP%20KVM%20Devices/32598
Tailsnitch
Tailsnitch is a tool to review your Tailscale configuration for vulnerabilities
https://github.com/Adversis/tailsnitch
Net-SNMP snmptrapd vulnerability
A new vulnerability in snmptrapd may lead to remote code execution
https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
]]> 6:08 net-snmp, snmp, tailscale, tailsnitch, ipkvm, kvm, nanokvm, pikvm, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9752 SANS Stormcast Monday, January 5th, 2026: MongoBleed/React2Shell Recap; Crypto Scams; DNS Stats; Old Fortinet Vulns Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, January 5th, 2026: MongoBleed/React2Shell Recap; Crypto Scams; DNS Stats; Old Fortinet Vulns https://traffic.libsyn.com/securitypodcast/9752.mp3 https://isc.sans.edu/podcastdetail/9752 Mon, 05 Jan 2026 02:00:02 GMT Cryptocurrency Scam Emails and Web Pages As We Enter 2026
Scam emails are directing victims to confidence scams attempting to steal cryptocurrencies.
https://isc.sans.edu/diary/Cryptocurrency%20Scam%20Emails%20and%20Web%20Pages%20As%20We%20Enter%202026/32594
Debugging DNS response times with tshark
tshark is a powerful tool to debug DNS timing issues.
https://isc.sans.edu/diary/Debugging+DNS+response+times+with+tshark/32592/
Old Fortinet Devices Have not been updated
Over 10,000 Fortinet devices are still vulnerable to a five year old vulnerability
https://www.bleepingcomputer.com/news/security/over-10-000-fortinet-firewalls-exposed-to-ongoing-2fa-bypass-attacks/
]]> 6:57 fortinet, dns, tshark, crypto, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9750 SANS Stormcast Sunday, December 28th, 2025: MongoDB Unauthenticated Memory Leak CVE-2025-14847 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Sunday, December 28th, 2025: MongoDB Unauthenticated Memory Leak CVE-2025-14847 https://traffic.libsyn.com/securitypodcast/9750.mp3 https://isc.sans.edu/podcastdetail/9750 Sun, 28 Dec 2025 02:00:03 GMT MongoDB Unauthenticated Attacker Sensitive Memory Leak CVE-2025-14847
Over the Christmas holiday, MongoDB patched a sensitive memory leak vulnerability that is now actively being exploited
https://www.mongodb.com/community/forums/t/important-mongodb-patch-available/332977
https://github.com/mongodb/mongo/commit/505b660a14698bd2b5233bd94da3917b585c5728
https://www.ox.security/blog/attackers-could-exploit-zlib-to-exfiltrate-data-cve-2025-14847/
https://github.com/joe-desimone/mongobleed/
]]> 5:50 mongodb, bleed, memory leak, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9748 SANS Stormcast Monday, December 22nd, 2025: TLS Callbacks; FreeBSD RCE; NIST Time Server Issues Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, December 22nd, 2025: TLS Callbacks; FreeBSD RCE; NIST Time Server Issues https://traffic.libsyn.com/securitypodcast/9748.mp3 https://isc.sans.edu/podcastdetail/9748 Mon, 22 Dec 2025 02:00:03 GMT DLLs & TLS Callbacks
As a follow-up to last week's diary about DLL Entrypoints, Didier is looking at TLS ( Thread Local Storage ) and how it can be abused.
https://isc.sans.edu/diary/DLLs%20%26%20TLS%20Callbacks/32580
FreeBSD Remote code execution via ND6 Router Advertisements
A critical vulnerability in FreeBSD allows for remote code execution. But an attacker must be on the same network.
https://www.freebsd.org/security/advisories/FreeBSD-SA-25:12.rtsold.asc
NIST Time Server Problems
The atomic ensemble time scale at the NIST Boulder campus has failed due to a prolonged utility power outage. One impact is that the Boulder Internet Time Services no longer have an accurate time reference.
https://tf.nist.gov/tf-cgi/servers.cgi https://groups.google.com/a/list.nist.gov/g/internet-time-service/c/o0dDDcr1a8I
]]> 6:00 nist, dll, tls, freebsd, IPv6, rtsol, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9746 SANS Stormcast Friday, December 19th, 2025: Less Vulnerabie Devices; Critical OneView Vulnerablity; Trufflehog finds JWTs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, December 19th, 2025: Less Vulnerabie Devices; Critical OneView Vulnerablity; Trufflehog finds JWTs https://traffic.libsyn.com/securitypodcast/9746.mp3 https://isc.sans.edu/podcastdetail/9746 Fri, 19 Dec 2025 02:00:02 GMT Positive trends related to public IP range from the year 2025
Fewer ICS systems, as well as fewer systems with outdated SSL versions, are exposed to the internet than before. The trend isn t quite clean for ISC, but SSL2 and SSL3 systems have been cut down by about half.
https://isc.sans.edu/diary/Positive%20trends%20related%20to%20public%20IP%20ranges%20from%20the%20year%202025/32584
Hewlett-Packard Enterprise OneView Software, Remote Code Execution
HPs OneView Software allows for unauthenticated code execution
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1
Trufflehog Detecting JWTs with Public Keys
Trufflehog added the ability to detect JWT tokens and validate them using public keys.
https://trufflesecurity.com/blog/trufflehog-now-detects-jwts-with-public-key-signatures-and-verifies-them-for-liveness
]]> 4:37 Trufflehog, JWT, ICS, HP, OneView, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9744 SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory https://traffic.libsyn.com/securitypodcast/9744.mp3 https://isc.sans.edu/podcastdetail/9744 Thu, 18 Dec 2025 02:00:02 GMT Maybe a Little Bit More Interesting React2Shell Exploit
Attackers are branching out to attack applications that initial exploits may have missed. The latest wave of attacks is going after less common endpoints and attempting to exploit applications that do not have Next.js exposed.
https://isc.sans.edu/diary/Maybe%20a%20Little%20Bit%20More%20Interesting%20React2Shell%20Exploit/32578
UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager
Cisco s Security Email Gateway and Secure Email and Web Manager patch an already-exploited vulnerability.
https://blog.talosintelligence.com/uat-9686/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4
SONICWALL SMA1000 APPLIANCE LOCAL PRIVILEGE ESCALATION VULNERABILITY
A local privilege escalation vulnerability, which SonicWall patched today, is already being exploited.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019
Google releases vulnerability details
Google updated last week s advisory by adding a CVE to the mystery vulnerability and adding a statement that it affects WebGPU. No new patch was released.
https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html
]]> 6:10 Google, Chrome, WebGPU, sonicwall, cisco, react2shell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9742 SANS Stormcast Wednesday, December 17th, 2025: Beyond RC4; Forticloud SSO Vuln Exploited; FortiGate SSO Exploited; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, December 17th, 2025: Beyond RC4; Forticloud SSO Vuln Exploited; FortiGate SSO Exploited; https://traffic.libsyn.com/securitypodcast/9742.mp3 https://isc.sans.edu/podcastdetail/9742 Wed, 17 Dec 2025 02:00:02 GMT Beyond RC4 for Windows authentication
Microsoft outlined its transition plan to move away from RC4 for authentication and published guidance and tools to facilitate this change.
https://www.microsoft.com/en-us/windows-server/blog/2025/12/03/beyond-rc4-for-windows-authentication
FortiCloud SSO Login Vuln Exploited
Arctic Wolf observed exploit attempts against vulnerable FortiGate appliances.
https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/
FrePBX Vulnerability
Horizon3.ai identified three distinct vulnerabilities in FreePBX. In particular, the authentication by-pass issue should be of concern, but default FreePBX installs do not use the vulnerable web authentication feature.
https://horizon3.ai/attack-research/the-freepbx-rabbit-hole-cve-2025-66039-and-others/
]]> 6:38 freepbx, fortinet, saml, rc4, microsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9740 SANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML woes; MSMQ issues after patch; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML woes; MSMQ issues after patch; https://traffic.libsyn.com/securitypodcast/9740.mp3 https://isc.sans.edu/podcastdetail/9740 Tue, 16 Dec 2025 02:00:02 GMT More React2Shell Exploits CVE-2025-55182
Our honeypots continue to detect numerous React2Shell variants. Some using slightly modified exploits
https://isc.sans.edu/diary/More%20React2Shell%20Exploits%20CVE-2025-55182/32572
The Fragile Lock: Novel Bypasses For SAML Authentication
SAML is a tricky protocol to implement correctly, in particular if different XML parsers are used that may not always agree on how to parse a specific message
https://portswigger.net/research/the-fragile-lock
December Updates Causes issues with Microsoft Message Queuing
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22h2#message-queuing--msmq--might-fail-with-the-december-2025-windows-security-update
]]> 5:45 MSMQ, message queue, patch, saml, ruby, react2shell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9738 SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches https://traffic.libsyn.com/securitypodcast/9738.mp3 https://isc.sans.edu/podcastdetail/9738 Mon, 15 Dec 2025 02:00:02 GMT Abusing DLLs EntryPoint for the Fun
DLLs will not just execute code when some of their functions are called, but also as they are loaded.
https://isc.sans.edu/diary/Abusing%20DLLs%20EntryPoint%20for%20the%20Fun/32562
Apple Patches Everything: December 2025 Edition
Apple released patches for all of its operating systems, fixing two already exploited vulnerabilities.
ClickFix Attacks Still Using the Finger
ClickFix Attacks Still Using the Finger
Two examples of ClickFix attacks abusing the finger protocol to load additional malware
Denial of Service and Source Code Exposure in React Server Components
Denial of Service and Source Code Exposure in React Server Components
After last week's critical patch, three more, but less critical, vulnerabilities were identified in React Server Components.
https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
]]> 6:45 react, clickfix, finger, apple, dll, entrypoint, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9736 SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack https://traffic.libsyn.com/securitypodcast/9736.mp3 https://isc.sans.edu/podcastdetail/9736 Fri, 12 Dec 2025 02:00:03 GMT Using AI Gemma 3 Locally with a Single CPU
Installing AI models on modes hardware is possible and can be useful to experiment with these models on premise
https://isc.sans.edu/diary/Using%20AI%20Gemma%203%20Locally%20with%20a%20Single%20CPU%20/32556
Mystery Google Chrome 0-Day Vulnerability
Google released an update for Google Chrome fixing a vulnerability that is already being exploited, but has not CVE number assigned to it yet
https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html
SOAPwn: Pwning NET Framework Applications Through HTTP Client Proxies And WSDL
Watchtwr identified a common vulnerability in SOAP implementations using .Net
https://labs.watchtowr.com/soapwn-pwning-net-framework-applications-through-http-client-proxies-and-wsdl/
]]> 6:56 SOAP, NET, SOAPwn, Google, Chrome, gemma, ai, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9734 SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation https://traffic.libsyn.com/securitypodcast/9734.mp3 https://isc.sans.edu/podcastdetail/9734 Thu, 11 Dec 2025 01:48:20 GMT Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection)
We observed HTTP requests with our honeypot that may be indicative of a new version of an exploit against an older vulnerability. Help us figure out what is going on.
https://isc.sans.edu/diary/Possible%20exploit%20variant%20for%20CVE-2024-9042%20%28Kubernetes%20OS%20Command%20Injection%29/32554
React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182
Wiz has a writeup with more background on the React2Shell vulnerability and current attacks
https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive
Notepad++ Update Hijacking
Notepad++ s vulnerable update process was exploited
https://notepad-plus-plus.org/news/v889-released/
New macOS PackageKit Privilege Escalation
A PoC was released for a new privilege escalation vulnerability in macOS. Currently, there is no patch.
https://khronokernel.com/macos/2024/06/03/CVE-2024-27822.html
]]> 6:58 macos, privilege escalation, zsh, notepad++, evilgrade, react2shell, exploit, kubernetes, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9732 SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches. Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches. https://traffic.libsyn.com/securitypodcast/9732.mp3 https://isc.sans.edu/podcastdetail/9732 Wed, 10 Dec 2025 00:35:23 GMT Microsoft Patch Tuesday
Microsoft released its regular monthly patch on Tuesday, addressing 57 flaws.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202025/32550
Adobe Patches
Adobe patched five products. The remote code execution in ColdFusion, as well as the code execution issue in Acrobat, will very likely see exploits soon.
https://helpx.adobe.com/security.html
Ivanti Endpoint Manager Patches
Ivanti patched four vulnerabilities in End Point Manager.
https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024?language=en_US
Fortinet FortiCloud SSO Vulnerability
Due to a cryptographic vulnerability, Forinet s FortiCloud SSO authentication is bypassable.
https://fortiguard.fortinet.com/psirt/FG-IR-25-647
ruby-saml vulnerability
Ruby fixed a vulnerability in ruby-saml. The issue is due to an incomplete patch for another vulnerability a few months ago.
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3
]]> 8:04 ruby, saml, fortinet, forticloud, sso, ivanti, adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9730 SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory https://traffic.libsyn.com/securitypodcast/9730.mp3 https://isc.sans.edu/podcastdetail/9730 Tue, 09 Dec 2025 02:00:03 GMT nanoKVM Vulnerabilities
The nanoKVM device updates firmware insecurely; however, the microphone that the authors of the advisory referred to as undocumented may actually be documented in the underlying hardware description.
https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in-sipeed-nanokvm
Ghostframe Phishing Kit
The Ghostframe phishing kit uses iFrames and random subdomains to evade detection
https://blog.barracuda.com/2025/12/04/threat-spotlight-ghostframe-phishing-kit
WatchGuard Advisory
WatchGuard released an update for its Firebox appliance, fixing ten vulnerabilities. Five of these are rated as High.
https://www.watchguard.com/wgrd-psirt/advisories
]]> 6:26 sipeed, nanokvm, kvm, ghostframe, watchguard, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9728 SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln https://traffic.libsyn.com/securitypodcast/9728.mp3 https://isc.sans.edu/podcastdetail/9728 Mon, 08 Dec 2025 02:00:02 GMT AutoIT3 Compiled Scripts Dropping Shellcodes
Malicious AutoIT3 scripts are usign the FileInstall function to include additional scripts at compile time that are dropped as temporary files during execution.
https://isc.sans.edu/diary/AutoIT3%20Compiled%20Scripts%20Dropping%20Shellcodes/32542
React2Shell Update
The race is on to patch vulnerable systems. Various groups are aggressively scanning the internet with different exploit variants. Some attempt to bypass WAFs.
https://blog.cloudflare.com/5-december-2025-outage/
https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/
Apache Tika XXE Flaw
Apache s Tika library patched a XXE flaw.
https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
]]> 5:34 apache, tika, react, autoit3, autoit, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9726 SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks https://traffic.libsyn.com/securitypodcast/9726.mp3 https://isc.sans.edu/podcastdetail/9726 Fri, 05 Dec 2025 02:05:17 GMT Nation-State Attack or Compromised Government? [Guest Diary]
An IP address associated with the Indonesian Government attacked one of our interns' honeypots.
https://isc.sans.edu/diary/Nation-State%20Attack%20or%20Compromised%20Government%3F%20%5BGuest%20Diary%5D/32536
React Update
Working exploits for the React vulnerability patched yesterday are not widely available
Array Networks Array AG Vulnerablity
A recently patched vulnerability in Array Networks Array AG VPN gateways is actively exploited.
https://www.jpcert.or.jp/at/2025/at250024.html
]]> 4:35 react, ssh, array networks, vpn, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9724 SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch https://traffic.libsyn.com/securitypodcast/9724.mp3 https://isc.sans.edu/podcastdetail/9724 Thu, 04 Dec 2025 03:10:12 GMT Attempts to Bypass CDNs
Our honeypots recently started receiving scans that included CDN specific headers.
https://isc.sans.edu/diary/Attempts%20to%20Bypass%20CDNs/32532
React Vulnerability CVE-2025-55182
React patched a critical vulnerability in React server components. Exploitation is likely imminent.
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Unveiling 3 PickleScan Vulnerabilities
The PyTorch AI model security tool, PickleScan, has patched three critical vulnerabilities.
https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/
]]> 6:44 pytorch, picklescan, react, server components, cdn, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9722 SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability https://traffic.libsyn.com/securitypodcast/9722.mp3 https://isc.sans.edu/podcastdetail/9722 Wed, 03 Dec 2025 02:45:11 GMT SmartTube Android App Compromise
The key a developer used to sign the Android YouTube player SmartTube was compromised and used to publish a malicious version.
https://github.com/yuliskov/SmartTube/issues/5131#issue-3670629826
https://github.com/yuliskov/SmartTube/releases/tag/notification
Two Years, 17K Downloads: The NPM Malware That Tried to Gaslight Security Scanners
Over the course of two years, a malicious NPM package was updated to evade detection and has now been identified, in part, due to its attempt to bypass AI scanners through prompt injection.
https://www.koi.ai/blog/two-years-17k-downloads-the-npm-malware-that-tried-to-gaslight-security-scanners
Stored XSS Vulnerability via SVG Animation, SVG URL, and MathML Attributes
Angular fixed a store XSS vulnerability.
https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49
]]> 6:06 angular, xss, svg, mathml, npm, smarttube, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9720 SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext. Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext. https://traffic.libsyn.com/securitypodcast/9720.mp3 https://isc.sans.edu/podcastdetail/9720 Tue, 02 Dec 2025 02:05:12 GMT Hunting for SharePoint In-Memory ToolShell Payloads
A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all the way to decoding embedded PowerShell commands.
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Hunting%20for%20SharePoint%20In-Memory%20ToolShell%20Payloads/32524
Android Security Bulletin December 2025
Google fixed numerous vulnerabilities with its December Android update. Two of these vulnerabilities are already being exploited.
https://source.android.com/docs/security/bulletin/2025-12-01
4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign
A group or individual released several browser extensions that worked fine for years until an update injected malicious code into the extension
https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign
]]> 5:49 browser, extension, long game, android, zero-day, sharepoint, toolshell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9718 SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity https://traffic.libsyn.com/securitypodcast/9718.mp3 https://isc.sans.edu/podcastdetail/9718 Mon, 01 Dec 2025 02:00:02 GMT Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix
The latest variant of ClickFix tricks users into copy/pasting commands by displaying a fake blue screen of death.
https://www.acronis.com/en/tru/posts/fake-adult-websites-pop-realistic-windows-update-screen-to-deliver-stealers-via-clickfix/
B2B Guest Access Creates an Unprotected Attack Vector
Users may be tricked into joining an external Teams workspace as a guest, bypassing protections typically enabled for Teams workspaces.
https://www.ontinue.com/resource/blog-microsoft-chat-with-anyone-understanding-phishing-risk/
Geoserver XXE Vulnerability CVE-2025-58360
Geoserver patched an external XML entity (XXE) vulnerability.
https://helixguard.ai/blog/CVE-2025-58360
]]> 5:42 geoserver, teams, clickfix, xxe, xml, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9716 SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving https://traffic.libsyn.com/securitypodcast/9716.mp3 https://isc.sans.edu/podcastdetail/9716 Wed, 26 Nov 2025 03:10:10 GMT Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications
Spyware attacks messaging applications in part by triggering vulnerabilities in messaging applications but also by deploying tools like keystroke loggers and screenshot applications.
https://www.cisa.gov/news-events/alerts/2025/11/24/spyware-allows-cyber-threat-actors-target-users-messaging-applications
Stop Putting Your Passwords Into Random Websites Yes. Just Stop!
https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/
Fluentbit Vulnerability
https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover
Happy Thanksgiving. Next podcast on Monday after Thanksgiving.
]]> 6:07 fluentbit, passwords, spyware, messaging, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9714 SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore https://traffic.libsyn.com/securitypodcast/9714.mp3 https://isc.sans.edu/podcastdetail/9714 Tue, 25 Nov 2025 02:00:02 GMT Conflicts between URL mapping and URL based access control.
Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication and access control gaps.
https://isc.sans.edu/diary/Conflicts%20between%20URL%20mapping%20and%20URL%20based%20access%20control./32518
Sha1-Hulud, The Second Coming
A new, destructive variant of the Shai-Hulud worm is currently spreading through NPM/Github repos.
https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised
Hacklore: Cleaning up Outdated Security Advice
A new website, hacklore.org, has published an open letter from former CISOs and other security leaders aimed at addressing some outdated security advice that is often repeated.
https://www.hacklore.org
]]> 6:11 hacklore, sha1-hulud, npm, url, mapping, access control, authentication, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9712 SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update; https://traffic.libsyn.com/securitypodcast/9712.mp3 https://isc.sans.edu/podcastdetail/9712 Mon, 24 Nov 2025 02:00:02 GMT Use of CSS stuffing as an obfuscation technique?
Phishing sites stuff their HTML with benign CSS code. This is likely supposed to throw of simple detection engines
https://isc.sans.edu/diary/Use%20of%20CSS%20stuffing%20as%20an%20obfuscation%20technique%3F/32510
Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day
Early exploit attempts for the vulnerability were part of Searchlight Cyber s research effort
https://www.securityweek.com/critical-oracle-identity-manager-flaw-possibly-exploited-as-zero-day/
ClamAV Cleaning Signature Database
ClamAV will significantly clean up its signature database
https://blog.clamav.net/2025/11/clamav-signature-retirement-announcement.html
]]> 4:59 clamav, oracle, css, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9710 SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection. Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection. https://traffic.libsyn.com/securitypodcast/9710.mp3 https://isc.sans.edu/podcastdetail/9710 Fri, 21 Nov 2025 02:00:03 GMT Oracle Identity Manager Exploit Observation from September (CVE-2025-61757)
We observed some exploit attempts in September against an Oracle Identity Manager vulnerability that was patched in October, indicating that exploitation may have occurred prior to the patch being released.
https://isc.sans.edu/diary/Oracle%20Identity%20Manager%20Exploit%20Observation%20from%20September%20%28CVE-2025-61757%29/32506
https://slcyber.io/research-center/breaking-oracles-identity-manager-pre-auth-rce/
DigitStealer: a JXA-based infostealer that leaves little footprint
https://www.jamf.com/blog/jtl-digitstealer-macos-infostealer-analysis/
SonicWall DoS Vulnerability
Sonicwall patched a DoS vulnerability in SonicOS
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016
Adam Wilson: Automating Generative AI Guidelines: Reducing Prompt Injection Risk with 'Shift-Left' MITRE ATLAS Mitigation Testing
]]> 14:09 prompt injection, ai, atlas, mitre, sonicwall, sonicos, digitstealer, oracle, identity manager, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9708 SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers https://traffic.libsyn.com/securitypodcast/9708.mp3 https://isc.sans.edu/podcastdetail/9708 Thu, 20 Nov 2025 02:00:02 GMT Unicode: It is more than funny domain names.
Unicode can cause a number of issues due to odd features like variance selectors and text direction issues.
https://isc.sans.edu/diary/Unicode%3A%20It%20is%20more%20than%20funny%20domain%20names./32472
FortiWeb Multiple OS command injection in API and CLI
A second silently patched vulnerability in FortiWeb is already being exploited in the wild.
https://fortiguard.fortinet.com/psirt/FG-IR-25-513
DLink DIR-878 Vulnerability
DLink disclosed four different vulnerabilities in its popular DIR-878 router. The router is end-of-life and DLink will not release patches
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10475
Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router
A new report, Operation WrtHug, has uncovered a massive, coordinated effort that has compromised thousands of ASUS routers worldwide.
https://securityscorecard.com/blog/operation-wrthug-the-global-espionage-campaign-hiding-in-your-home-router/
]]> 6:34 unicode, wrthug, asus, dlink, dir-878, fortiweb, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9706 SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage https://traffic.libsyn.com/securitypodcast/9706.mp3 https://isc.sans.edu/podcastdetail/9706 Wed, 19 Nov 2025 02:00:03 GMT KongTuke Activity
This diary investigates how a recent Kong Tuke infections evolved all the way from starting with a ClickFix attack.
https://isc.sans.edu/diary/KongTuke%20activity/32498
Cloudflare Outage
Cloudflare suffered a large outage today after an oversized configuration file was loaded into its bot protection service
https://x.com/dok2001
Google Patches Chrome 0-Day
Google patched two vulnerabilities in Chrome. One of them is already being exploited.
https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html
]]> 4:38 google, chrome, v8, cloudflare, outages, kongtuke, clickfix, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9704 SANS Stormcast Tuesday, November 18th, 2025: Binary Expression Decoding. Tea NPM Pollution; IBM AIX NIMSH Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, November 18th, 2025: Binary Expression Decoding. Tea NPM Pollution; IBM AIX NIMSH Vulnerability https://traffic.libsyn.com/securitypodcast/9704.mp3 https://isc.sans.edu/podcastdetail/9704 Tue, 18 Nov 2025 02:00:02 GMT Decoding Binary Numeric Expressions
Didier updated his number to hex script to support simple arithmetic operations in the text.
https://isc.sans.edu/diary/Decoding%20Binary%20Numeric%20Expressions/32490
Tea Token NPM Pollution
The NPM repository was hit with around 150,000 submissions that did not contain any useful contributions, but instead attempted to fake contributions to earn a new tea coin.
https://aws.amazon.com/blogs/security/amazon-inspector-detects-over-150000-malicious-packages-linked-to-token-farming-campaign/
IBM AIX NIMSH Vulnerabilities
IBM patched several critical vulnerablities in the NIMSH daemon
https://www.ibm.com/support/pages/node/7251173
]]> 4:58 nimsh, ibm, aix, tea, npm, binary, numeric, decoding, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9702 SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix https://traffic.libsyn.com/securitypodcast/9702.mp3 https://isc.sans.edu/podcastdetail/9702 Mon, 17 Nov 2025 02:00:02 GMT Fortiweb Vulnerability
Fortinet, with significant delay, acknowledged a recently patched vulnerability after exploit attempts were seen publicly.
https://isc.sans.edu/diary/Honeypot+FortiWeb+CVE202564446+Exploits/32486
https://labs.watchtowr.com/when-the-impersonation-function-gets-used-to-impersonate-users-fortinet-fortiweb-auth-bypass/
https://fortiguard.fortinet.com/psirt/FG-IR-25-910?ref=labs.watchtowr.com
Flnger.exe and ClickFix
Attackers started to use the finger.exe binary to retrieve additional payload in ClickFix attacks
https://isc.sans.edu/diary/Finger.exe%20%26%20ClickFix/32492
]]> 7:10 clickfix, finger, fortiweb, finger.exe, fortinet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9700 SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge https://traffic.libsyn.com/securitypodcast/9700.mp3 https://isc.sans.edu/podcastdetail/9700 Fri, 14 Nov 2025 01:18:18 GMT SmartApeSG campaign uses ClickFix page to push NetSupport RAT
A detailed analysis of a recent SamtApeSG campaign taking advantage of ClickFix
https://isc.sans.edu/diary/32474
Formbook Delivered Through Multiple Scripts
An analysis of a recent version of Formbook showing how it takes advantage of multiple obfuscation tricks
https://isc.sans.edu/diary/32480
sudo-rs vulnerabilities
Two vulnerabilities were patched in sudo-rs, the version of sudo written in Rust, showing that while Rust does have an advantage when it comes to memory safety, there are plenty of other vulnerabilities to worry about
https://ubuntu.com/security/notices/USN-7867-1
https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw?ref=itsfoss.com
SANS Holiday Hack Challenge
https://sans.org/HolidayHack
]]> 10:09 holiday, hack, challenge, sudo-rs, formbook, click-fix, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9698 SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness https://traffic.libsyn.com/securitypodcast/9698.mp3 https://isc.sans.edu/podcastdetail/9698 Thu, 13 Nov 2025 02:00:02 GMT OWASP Top 10 2025 Release Candidate
OWASP published a release candidate for the 2025 version of its Top 10 list
https://owasp.org/Top10/2025/0x00_2025-Introduction/
Citrix/Cisco Exploitation Details
Amazon detailed how Citrix and Cisco vulnerabilities were used by advanced actors to upload webshells
https://aws.amazon.com/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/
Testing Quantum Readyness
A website tests your services for post-quantum computing-resistant cryptographic algorithms
https://qcready.com/
]]> 6:33 quantum, crypto, citrix, cisco, owasp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9696 SANS Stormcast Wednesday, November 12th, 2025: Microsoft Patch Tuesday; Gladinet Triofox Vulnerability; SAP Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, November 12th, 2025: Microsoft Patch Tuesday; Gladinet Triofox Vulnerability; SAP Patches https://traffic.libsyn.com/securitypodcast/9696.mp3 https://isc.sans.edu/podcastdetail/9696 Wed, 12 Nov 2025 02:00:02 GMT Microsoft Patch Tuesday for November 2025
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/
Gladinet Triofox Vulnerability
Triofox uses the host header in lieu of proper access control, allowing an attacker to access the page managing administrators by simply setting the host header to localhost.
https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480/
SAP November 2025 Patch Day
SAP fixed a critical vulnerability, fixed default credentials in its SQL Anywhere Monitor
https://onapsis.com/blog/sap-security-patch-day-november-2025/
Ivanti Endpoint Manager Updates
https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2025-for-EPM-2024?language=en_US
]]> 6:03 ivanti, sap, gladinet, triofox, microsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9694 SANS Stormcast Tuesday, November 11th, 2025: 3CX Related Scans; Watchguard Default Password; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, November 11th, 2025: 3CX Related Scans; Watchguard Default Password; https://traffic.libsyn.com/securitypodcast/9694.mp3 https://isc.sans.edu/podcastdetail/9694 Tue, 11 Nov 2025 02:00:03 GMT It isn t always defaults: Scans for 3CX Usernames
Our honeypots detected scans for usernames that may be related to 3CX business phone systems
https://isc.sans.edu/diary/It%20isn%27t%20always%20defaults%3A%20Scans%20for%203CX%20usernames/32464
Watchguard Default Password Controversy
A CVE number was assigned to a default password commonly used in Watchguard products. This was a documented username and password that was recently removed in a firmware upgrade.
https://github.com/cyberbyte000/CVE-2025-59396/blob/main/CVE-2025-59396.txt
https://nvd.nist.gov/vuln/detail/CVE-2025-59396
JavaScript expr-eval Vulnerability
The JavaScript expr-eval library was vulnerable to a code execution issue.
https://www.kb.cert.org/vuls/id/263614
]]> 7:25 javascript, eval, expt-eval, watchguard, 3cx, usernames, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9692 SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks https://traffic.libsyn.com/securitypodcast/9692.mp3 https://isc.sans.edu/podcastdetail/9692 Mon, 10 Nov 2025 02:00:02 GMT Honeypot Requests for Code Repository
Attackers continue to scan websites for source code repositories. Keep your repositories outside your document root and proactively scan your own sites.
https://isc.sans.edu/diary/Honeypot%3A%20Requests%20for%20%28Code%29%20Repositories/32460
Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads
Newly discovered malicious .NET packages attempt to deliver a time-delayed attack targeting ICS systems.
https://socket.dev/blog/9-malicious-nuget-packages-deliver-time-delayed-destructive-payloads
Side Channel Leaks in Encrypted Traffic to LLMs
Traffic to LLMs can be profiled to discover the nature of prompts sent by a user based on the amount and structure of the encrypted data.
https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/
]]> 7:06 llms, ai, nuget, ics, control systems, time, honeypot, source code, repositories, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9690 SANS Stormcast Friday, November 7th, 2025: PowerShell Log Correlation; RondoBox Disected; Google Chrome and Cisco Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, November 7th, 2025: PowerShell Log Correlation; RondoBox Disected; Google Chrome and Cisco Patches https://traffic.libsyn.com/securitypodcast/9690.mp3 https://isc.sans.edu/podcastdetail/9690 Fri, 07 Nov 2025 02:00:02 GMT Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary]
Windows, with PowerShell, has a great scripting platform to match common Linux/Unix command line utilities.
https://isc.sans.edu/diary/Binary%20Breadcrumbs%3A%20Correlating%20Malware%20Samples%20with%20Honeypot%20Logs%20Using%20PowerShell%20%5BGuest%20Diary%5D/32454
RondoDox v2 Increases Exploits
The RondoDox (or RondoWorm) added a substantial amount of new exploits to its repertoire.
https://beelzebub.ai/blog/rondo-dox-v2/
Google Chrome Updates
Google released an update for Google Chrome addressing five vulnerabilities.
https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html
Cisco Unified Contact Center Express Remote Code Execution Vulnerabilities
Cisco patched two critical vulnerabilities in its Contact Center Express software. These vulnerabilities may lead to a full system compromise.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ
]]> 5:31 Cisco, Google, Chrome, RondoDox, Windows, PowerShell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9688 SANS Stormcast Thursday, November 6th, 2025: Domain API Update; Teams Spoofing; VShell Report Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, November 6th, 2025: Domain API Update; Teams Spoofing; VShell Report https://traffic.libsyn.com/securitypodcast/9688.mp3 https://isc.sans.edu/podcastdetail/9688 Thu, 06 Nov 2025 02:00:02 GMT Updates to Domainname API
Some updates to our domainname API will make it more flexible and make it easier and faster to get the complete dataset.
https://isc.sans.edu/diary/Updates%20to%20Domainname%20API/32452
Microsoft Teams Impersonation and Spoofing Vulnerabilities
Checkpoint released details about recently patched spoofing and impersonation vulnerabilities in Microsoft Teams
https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/
NViso Report: VSHELL
NViso published an amazingly detailed report describing the remote control implant VSHELL. The report includes details about the inner workings of the tool as well as detection ideas.
https://www.nviso.eu/blog/nviso-analyzes-vshell-post-exploitation-tool
]]> 5:43 vshell, teams, microsoft, domains, api, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9686 SANS Stormcast Wednesday, November 5th, 2025: Apple Patches; Exploits against Trucking and Logistic; Google Android Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, November 5th, 2025: Apple Patches; Exploits against Trucking and Logistic; Google Android Patches https://traffic.libsyn.com/securitypodcast/9686.mp3 https://isc.sans.edu/podcastdetail/9686 Wed, 05 Nov 2025 02:00:02 GMT Apple Patches Everything, Again
Apple released a minor OS upgrade across its lineup, fixing a number of security vulnerabilities.
https://isc.sans.edu/diary/Apple%20Patches%20Everything%2C%20Again/32448
Remote Access Tools Used to Compromise Trucking and Logistics
Attackers infect trucking and logistics companies with regular remote management tools to inject malware into other companies or learn about high-value loads in order to steal them.
https://www.proofpoint.com/us/blog/threat-insight/remote-access-real-cargo-cybercriminals-targeting-trucking-and-logistics
Google Android Patch Day
Google released its usual monthly Android updates this week
https://source.android.com/docs/security/bulletin/2025-11-01
]]> 6:29 apple, patches, trucks, google, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9684 SANS Stormcast Tuesday, November 4th, 2025: XWiki SolrSearch Exploits and Rapper Feud; AMD Zen 5 RDSEED Bug; More Malicious Open VSX Extensions Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, November 4th, 2025: XWiki SolrSearch Exploits and Rapper Feud; AMD Zen 5 RDSEED Bug; More Malicious Open VSX Extensions https://traffic.libsyn.com/securitypodcast/9684.mp3 https://isc.sans.edu/podcastdetail/9684 Tue, 04 Nov 2025 02:00:02 GMT XWiki SolrSearch Exploit Attempts CVE-2025-24893
We have detected a number of exploit attempts against XWiki taking advantage of a vulnerability that was added to the KEV list on Friday.
https://isc.sans.edu/diary/XWiki%20SolrSearch%20Exploit%20Attempts%20%28CVE-2025-24893%29%20with%20link%20to%20Chicago%20Gangs%20Rappers/32444
AMD Zen 5 Random Number Generator Bug
The RDSEED function for AMD s Zen 5 processors does return 0 more often than it should.
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html
SleepyDuck malware invades Cursor through Open VSX
Yet another Open VSX extension stealing crypto credentials
https://secureannex.com/blog/sleepyduck-malware/
]]> 6:56 crypto, open vsx, extensions, amd, zen 5, random, rdseed, xwikit, solrsearch, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9682 SANS Stormcast Monday, November 3rd, 2025: Port 8530/8531 Scans; BADCANDY Webshells; Open VSX Security Improvements Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, November 3rd, 2025: Port 8530/8531 Scans; BADCANDY Webshells; Open VSX Security Improvements https://traffic.libsyn.com/securitypodcast/9682.mp3 https://isc.sans.edu/podcastdetail/9682 Mon, 03 Nov 2025 02:35:11 GMT Scans for WSUS: Port 8530/8531 TCP, CVE-2025-59287
We did observe an increase in scans for TCP ports 8530 and 8531. These ports are associated with WSUS and the scans are likely looking for servers vulnerable to CVE-2025-59287
https://isc.sans.edu/diary/Scans%20for%20Port%208530%208531%20%28TCP%29.%20Likely%20related%20to%20WSUS%20Vulnerability%20CVE-2025-59287/32440
BADCANDY Webshell Implant Deployed via
The Australian Signals Directorate warns that they still see Cisco IOS XE devices not patches for CVE-2023-20198. A threat actor is now using this vulnerability to deploy the BADCANDY implant for persistent access
https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/badcandy
Improvements to Open VSX Security
In reference to the Glassworm incident, OpenVSX published a blog post outlining some of the security improvements they will make to prevent a repeat of this incident.
https://blogs.eclipse.org/post/mika l-barbero/open-vsx-security-update-october-2025
]]> 6:26 wsus, open vsx, badcandy, cisco, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9680 SANS Stormcast Friday, October 31st, 2025: Bug Bounty Headers; Exchange hardening; MOVEIt vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, October 31st, 2025: Bug Bounty Headers; Exchange hardening; MOVEIt vulnerability https://traffic.libsyn.com/securitypodcast/9680.mp3 https://isc.sans.edu/podcastdetail/9680 Fri, 31 Oct 2025 02:00:02 GMT X-Request-Purpose: Identifying "research" and bug bounty related scans?
Our honeypots captured a few requests with bug bounty specific headers. These headers are meant to make it easier to identify requests related to bug bounty, and they are supposed to identify the researcher conducting the scans
https://isc.sans.edu/diary/X-Request-Purpose%3A%20Identifying%20%22research%22%20and%20bug%20bounty%20related%20scans%3F/32436
Proton Breach Observatory
Proton opened up its breach observatory. This website will collect information about breaches affecting companies that have not yet made the breach public.
https://proton.me/blog/introducing-breach-observatory
Microsoft Exchange Server Security Best Practices
A new document published by a collaboration of national cyber security agencies summarizes steps that should be taken to harden Exchange Server.
https://www.nsa.gov/Portals/75/documents/resources/cybersecurity-professionals/CSI_Microsoft_Exchange_Server_Security_Best_Practices.pdf?ver=9mpKKyUrwfpb9b9r4drVMg%3d%3d
MOVEit Vulnerability
Progress published an advisory for its file transfer program MOVEIt . This software has had heavily exploited vulnerabilities in the past.
https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-10932-October-29-2025
]]> 6:19 moveit, microsoft, exchange, proton, headers, bug bounty, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9678 SANS Stormcast Thursday, October 30th, 2025: Memory Only Filesystems Forensics; Azure Outage; docker-compose patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, October 30th, 2025: Memory Only Filesystems Forensics; Azure Outage; docker-compose patch https://traffic.libsyn.com/securitypodcast/9678.mp3 https://isc.sans.edu/podcastdetail/9678 Thu, 30 Oct 2025 02:00:02 GMT How to Collect Memory-Only Filesystems on Linux Systems
Getting forensically sound copies of memory-only file systems on Linux can be tricky, as tools like dd do not work.
https://isc.sans.edu/diary/How%20to%20collect%20memory-only%20filesystems%20on%20Linux%20systems/32432
Microsoft Azure Front Door Outage
Today, Microsoft s Azure Front Door service failed, leading to users not being able to authenticate to various Azure-related services.
https://azure.status.microsoft/en-us/status
Docker-Compose Vulnerability
A vulnerability in docker-compose may be used to trick users into creating files outside the docker-compose directory
https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q
]]> 6:07 docker, compose, microsoft, azure, ram, temporary, files, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9676 SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC https://traffic.libsyn.com/securitypodcast/9676.mp3 https://isc.sans.edu/podcastdetail/9676 Wed, 29 Oct 2025 02:00:02 GMT Phishing with Invisible Characters in the Subject Line
Phishing emails use invisible UTF-8 encoded characters to break up keywords used to detect phishing (or spam). This is aided by mail clients not rendering some characters that should be rendered.
https://isc.sans.edu/diary/A%20phishing%20with%20invisible%20characters%20in%20the%20subject%20line/32428
Apache Tomcat PUT Directory Traversal
Apache released an update to Tomcat fixing a directory traversal vulnerability in how the PUT method is used. Exploits could upload arbitrary files, leading to remote code execution.
https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog
BIND9 DNS Spoofing Vulnerability
A PoC exploit is now available for the recently patched BIND9 spoofing vulnerability
https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918
]]> 8:04 bind9, dns, apache, tomcat, put, phishing, subject, unicode, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9674 SANS Stormcast Tuesday, October 28th, 2025: Bytes over DNS; Unifi Access Vuln; OpenAI Atlas Prompt Injection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, October 28th, 2025: Bytes over DNS; Unifi Access Vuln; OpenAI Atlas Prompt Injection https://traffic.libsyn.com/securitypodcast/9674.mp3 https://isc.sans.edu/podcastdetail/9674 Tue, 28 Oct 2025 02:00:02 GMT Bytes over DNS
Didiear investigated which bytes may be transmitted as part of a hostname in DNS packets, depending on the client resolver and recursive resolver constraints
https://isc.sans.edu/diary/Bytes%20over%20DNS/32420
Unifi Access Vulnerability
Unifi fixed a critical vulnerability in it s Access product
https://community.ui.com/releases/Security-Advisory-Bulletin-056-056/ce97352d-91cd-40a7-a2f4-2c73b3b30191
OpenAI Atlas Omnibox Prompt Injection
OpenAI s latest browser can be jailbroken by inserting prompts in URLs
https://neuraltrust.ai/blog/openai-atlas-omnibox-prompt-injection
]]> 6:17 openai, atlas, unifi, bytes, dns, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9672 SANS Stormcast Monday, October 27th, 2025: Bilingual Phishing; Kaitai Struct WebIDE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, October 27th, 2025: Bilingual Phishing; Kaitai Struct WebIDE https://traffic.libsyn.com/securitypodcast/9672.mp3 https://isc.sans.edu/podcastdetail/9672 Mon, 27 Oct 2025 02:00:02 GMT Bilingual Phishing for Cloud Credentials
Guy observed identical phishing messages in French and English attempting to phish cloud credentials
https://isc.sans.edu/diary/Phishing%20Cloud%20Account%20for%20Information/32416
Kaitai Struct WebIDE
The binary file analysis tool Kaitai Struct is now available in a web only version
https://isc.sans.edu/diary/Kaitai%20Struct%20WebIDE/32422
WSUS Emergency Update
Microsoft released an emergency patch for WSUS to fix a currently exploited critical vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
Network Security Devices Endanger Orgs with 90s-era Flaws
Attackers increasingly use simple-to-exploit network security device vulnerabilities to compromise organizations.
https://www.csoonline.com/article/4074945/network-security-devices-endanger-orgs-with-90s-era-flaws.html
]]> 6:20 network security, border security, exploits, 0-day, wsus, kaitai, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9670 SANS Stormcast Friday, October 24th, 2025: Android Infostealer; SessionReaper Exploited; BIND/unbound DNS Spoofing fix; WSUS Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, October 24th, 2025: Android Infostealer; SessionReaper Exploited; BIND/unbound DNS Spoofing fix; WSUS Exploit https://traffic.libsyn.com/securitypodcast/9670.mp3 https://isc.sans.edu/podcastdetail/9670 Fri, 24 Oct 2025 02:00:04 GMT Infostealer Targeting Android Devices
This infostealer, written in Python, specifically targets Android phones. It takes advantage of Termux to gain access to data and exfiltrates it via Telegram.
https://isc.sans.edu/diary/Infostealer%20Targeting%20Android%20Devices/32414
Attackers exploit recently patched Adobe Commerce Vulnerability CVE-2025-54236
Six weeks after Adobe's emergency patch, SessionReaper (CVE-2025-54236) has entered active exploitation. E-Commerce security company SanSec has detected multiple exploit attempts.
https://sansec.io/research/sessionreaper-exploitation
Patch for BIND and unbound nameservers CVE-2025-40780
The Internet Systems Consortium (ISC.org), as well as the Unbound project, patched a flaw that may allow for DNS spoofing due to a weak random number generator.
https://kb.isc.org/docs/cve-2025-40780
WSUS Exploit Released CVE-2025-59287
Hawktrace released a walk through showing how to exploit the recently patched WSUS vulnerability
https://hawktrace.com/blog/CVE-2025-59287
]]> 6:25 wsus, deserialization, bind, adobe, commerce, infostealer, android, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9668 SANS Stormcast Thursday, October 23rd, 2025: Blue Angle Software Exploit; Oracle CPU; Rust tar library vulnerability. Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, October 23rd, 2025: Blue Angle Software Exploit; Oracle CPU; Rust tar library vulnerability. https://traffic.libsyn.com/securitypodcast/9668.mp3 https://isc.sans.edu/podcastdetail/9668 Thu, 23 Oct 2025 02:00:03 GMT webctrl.cgi/Blue Angel Software Suite Exploit Attempts. Maybe CVE-2025-34033 Variant?
Our honeypots detected attacks that appear to exploit CVE-2025-34033 or a similar vulnerability in the Blue Angle Software Suite.
https://isc.sans.edu/diary/webctrlcgiBlue+Angel+Software+Suite+Exploit+Attempts+Maybe+CVE202534033+Variant/32410
Oracle Critical Patch Update
Oracle released its quarterly critical patch update. The update includes patches for 374 vulnerabilities across all of Oracle s products. There are nine more patches for Oracle s e-Business Suite.
https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixEBS
Rust TAR Library Vulnerability
A vulnerability in the popular, but no longer maintained, async-tar vulnerability could lead to arbitrary code execution
https://edera.dev/stories/tarmageddon
]]> 7:28 tar, rust, webctrl, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9666 SANS Stormcast Wednesday, October 22nd, 2025: NTP Pool; Xubuntu Compromise; Squid Vulnerability; Lanscope Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, October 22nd, 2025: NTP Pool; Xubuntu Compromise; Squid Vulnerability; Lanscope Vuln; https://traffic.libsyn.com/securitypodcast/9666.mp3 https://isc.sans.edu/podcastdetail/9666 Wed, 22 Oct 2025 02:00:03 GMT What time is it? Accuracy of pool.ntp.org.
How accurate and reliable is pool.ntp.org? Turns out it is very good!
https://isc.sans.edu/diary/What%20time%20is%20it%3F%20Accuracy%20of%20pool.ntp.org./32390
Xubuntu Compromise
The Xubuntu website was compromised last weekend and served malware
https://floss.social/@bluesabre/115401767635718361
Squid Proxy Vulnerability
The Squid team fixed an information disclosure vulnerabilty that may leak authentication credentials.
https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr
Lanscope Endpoint Manager Vulnerablity
https://jvn.jp/en/jp/JVN86318557/index.html
]]> 6:37 squid, xubuntu, time, ntp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9664 SANS Stormcast Tuesday, October 21st, 2025: Syscall() Obfuscation; AWS down; Beijing Time Attack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, October 21st, 2025: Syscall() Obfuscation; AWS down; Beijing Time Attack https://traffic.libsyn.com/securitypodcast/9664.mp3 https://isc.sans.edu/podcastdetail/9664 Mon, 20 Oct 2025 22:45:23 GMT Using Syscall() for Obfuscation/Fileless Activity
Fileless malware written in Python can uses syscall() to create file descriptors in memory, evading signatures.
https://isc.sans.edu/diary/Using%20Syscall%28%29%20for%20Obfuscation%20Fileless%20Activity/32384
AWS Outages
AWS has had issues most of the day on Monday, affecting numerous services.
https://health.aws.amazon.com/health/status
Time Server Hack
China reports a compromise of its time standard servers.
https://thehackernews.com/2025/10/mss-claims-nsa-used-42-cyber-tools-in.html
]]> 9:17 ntp, time, china, aws, outage, syscall, python, obfuscation, malware, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9662 SANS Stormcast Monday, October 20th, 2025: Malicious Tiktok; More Google Ad Problems; Satellite Insecurity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, October 20th, 2025: Malicious Tiktok; More Google Ad Problems; Satellite Insecurity https://traffic.libsyn.com/securitypodcast/9662.mp3 https://isc.sans.edu/podcastdetail/9662 Sun, 19 Oct 2025 19:45:21 GMT TikTok Videos Promoting Malware InstallationTikTok Videos Promoting Malware Installation
Tiktok videos advertising ways to obtain software like Photoshop for free will instead trick users into downloading
https://isc.sans.edu/diary/TikTok%20Videos%20Promoting%20Malware%20Installation/32380
Google Ads Advertise Malware Targeting MacOS Developers
Hunt.io discovered Google ads that pretend to advertise tools like Homebrew and password managers to spread malware
https://hunt.io/blog/macos-odyssey-amos-malware-campaign
Satellite Transmissions are often unencrypted
A large amount of satellite traffic is unencrypted and easily accessible to eavesdropping
https://satcom.sysnet.ucsd.edu
]]> 6:14 google, ads, malware, tiktop, satellite, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9660 SANS Stormcast Friday, October 17th, 2025: New Slack Workspace; Cisco SNMP Exploited; BIOS Backdoor; @sans_edu research: Active Defense Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, October 17th, 2025: New Slack Workspace; Cisco SNMP Exploited; BIOS Backdoor; @sans_edu research: Active Defense https://traffic.libsyn.com/securitypodcast/9660.mp3 https://isc.sans.edu/podcastdetail/9660 Fri, 17 Oct 2025 01:45:06 GMT Due to an error on Salesforce s side, we had to create a new Slack Workspace for DShield support.
https://isc.sans.edu/diary/New%20DShield%20Support%20Slack/32376
Attackers Exploiting Recently Patched Cisco SNMP Flaw (CVE-2025-20352)
Trend Micro published details explaining how attackers took advantage of a recently patched Cisco SNMP Vulnerability
https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
Framework BIOS Backdoor
The mm command implemented in Framework BIOS shells can be used to compromise a device pre-boot.
https://eclypsium.com/blog/bombshell-the-signed-backdoor-hiding-in-plain-sight-on-framework-devices/
SANS.edu Research: Mark Stephens, Validating the Effectiveness of MITRE Engage and Active Defense
https://www.sans.edu/cyber-research/validating-effectiveness-mitre-engage-active-defense/
]]> 21:28 @sans_edu, active defenense, mitre, engage, framework, bios, snmp, cisco, slack, salesforce, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9658 SANS Stormcast Thursday, October 16th, 2025: Clipboard Image Stealer; F5 Compromise; Adobe Updates; SAP Patchday Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, October 16th, 2025: Clipboard Image Stealer; F5 Compromise; Adobe Updates; SAP Patchday https://traffic.libsyn.com/securitypodcast/9658.mp3 https://isc.sans.edu/podcastdetail/9658 Wed, 15 Oct 2025 20:45:21 GMT Xavier presents an infostealer in Python that steals images from the clipboard.
https://isc.sans.edu/diary/Clipboard%20Pictures%20Exfiltration%20in%20Python%20Infostealer/32372
F5 Compromise
F5 announced a wide-ranging compromise today. Source code and information about unpatched vulnerabilities were stolen.
https://my.f5.com/manage/s/article/K000157005
https://my.f5.com/manage/s/article/K000156572
https://my.f5.com/manage/s/article/K000154696
Adobe Updates
Adobe updated 12 different products yesterday.
https://helpx.adobe.com/security.html
SAP Patchday
Among the critical vulnerabilities patched in SAP s products are two deserialization vulnerabilities with a CVSS score of 10.0
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
https://onapsis.com/blog/sap-security-patch-day-october-2025/
]]> 8:40 adobe, f5, nginx, breach, clipboard, stealer, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9656 SANS Stormcast Wednesday, October 15th, 2025: Microsoft Patchday; Ivanti Advisory; Fortinet Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, October 15th, 2025: Microsoft Patchday; Ivanti Advisory; Fortinet Patches https://traffic.libsyn.com/securitypodcast/9656.mp3 https://isc.sans.edu/podcastdetail/9656 Tue, 14 Oct 2025 23:45:28 GMT Microsoft Patch Tuesday
Microsoft not only released new patches, but also the last patches for Windows 10, Office 2016, Office 2019, Exchange 2016 and Exchange 2019.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20October%202025/32368
Ivanti Advisory
Ivanti released an advisory with some mitigation steps users can take until the recently made public vulnerablities are patched.
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025?language=en_US
Fortinet Patches
https://fortiguard.fortinet.com/psirt/FG-IR-25-010
https://fortiguard.fortinet.com/psirt/FG-IR-24-361
]]> 6:22 ivanti, microsoft, patches, fortinet, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9654 SANS Stormcast Tuesday, October 14th, 2025: ESAFENET Scans; Payroll Priates; MSFT Edge IE Mode Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, October 14th, 2025: ESAFENET Scans; Payroll Priates; MSFT Edge IE Mode https://traffic.libsyn.com/securitypodcast/9654.mp3 https://isc.sans.edu/podcastdetail/9654 Mon, 13 Oct 2025 22:45:46 GMT Scans for ESAFENET CDG V5
We do see some increase in scans for the Chinese secure document management system, ESAFENET.
https://isc.sans.edu/diary/Heads%20Up%3A%20Scans%20for%20ESAFENET%20CDG%20V5%20/32364
Investigating targeted payroll pirate attacks affecting US universities
Microsoft wrote about how payroll pirates redirect employee paychecks via phishing.
https://www.microsoft.com/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/
Attacks against Edge via IE Mode
Microsoft Edge offers an IE legacy mode to support websites created for Internet Explorer. The old JavaScript engine, which is part of this mode, has been abused in recent attacks, and Microsoft will make it more difficult to enable IE Mode to counter these attacks.
https://microsoftedge.github.io/edgevr/posts/Changes-to-Internet-Explorer-Mode-in-Microsoft-Edge/
]]> 6:02 microsoft, ie, internet explorer, edge, javascript, payroll, pirates, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9652 SANS Stormcast Monday, October 13th, 2025: More Oracle Patches; Sonicwall Compromisses; Unpatched Gladinet; 7-Zip Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, October 13th, 2025: More Oracle Patches; Sonicwall Compromisses; Unpatched Gladinet; 7-Zip Patches https://traffic.libsyn.com/securitypodcast/9652.mp3 https://isc.sans.edu/podcastdetail/9652 Sun, 12 Oct 2025 21:45:20 GMT New Oracle E-Business Suite Patches
Oracle released one more patch for the e-business suite. Oracle does not state if it is already exploited, but the timing of the patch suggests that it should be expedited.
https://www.oracle.com/security-alerts/alert-cve-2025-61884.html
Widespread Sonicwall SSLVPN Compromise
Huntress Labs observed the widespread compromise of the Sonicwall SSLVPN appliance.
https://www.huntress.com/blog/sonicwall-sslvpn-compromise
Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371)
An unpatched vulnerability in the secure file sharing solutions Gladinet CentreStack and TrioFox is being exploited.
https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw
Two 7-Zip Vulnerabilities CVE-2025-11002, CVE-2025-11001
7-Zip patched two vulnerabilities that may lead to arbitrary code execution
https://www.zerodayinitiative.com/advisories/ZDI-25-949/
https://www.zerodayinitiative.com/advisories/ZDI-25-950/
]]> 5:56 7zip, gladinet, cntrestack, triofox, sonicwall, oracle, ebusiness, suite, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9650 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. https://traffic.libsyn.com/securitypodcast/9650.mp3 https://isc.sans.edu/podcastdetail/9650 Fri, 10 Oct 2025 00:45:06 GMT Defending against attacks like RedTail is more then blocking IoCs, but instead one must focus on the techniques and tactics attackers use.
https://isc.sans.edu/diary/Guest+Diary+Building+Better+Defenses+RedTail+Observations+from+a+Honeypot/32312
Sonicwall: It wasn t the user s fault
Sonicwall admits to a breach resulting in the loss of user configurations stored in its cloud service
https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330
Crowdstrike has Issues
Crowdstrike fixes two vulnerabilities in the Windows version of its Falcon sensor.
https://www.crowdstrike.com/en-us/security-advisories/issues-affecting-crowdstrike-falcon-sensor-for-windows/
Interrogators: Attack Surface Mapping in an Agentic World
A SANS.edu master s degree student research paper by Michael Samson
https://isc.sans.edu/researchpapers/pdfs/michael_samson.pdf
keywords: ai; agentic; attack surface; crowdstrike; sonicwall; ivanti; zero day; initiative; redline]]> 15:12 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9648 SANS Stormcast Thursday, October 9th, 2025: Polymorphic Python; ssh ProxyCommand Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, October 9th, 2025: Polymorphic Python; ssh ProxyCommand Vuln; https://traffic.libsyn.com/securitypodcast/9648.mp3 https://isc.sans.edu/podcastdetail/9648 Thu, 09 Oct 2025 03:10:14 GMT Polymorphic Python Malware
Xavier discovered self-modifying Python code on Virustotal. The remote access tool takes advantage of the inspect module to modify code on the fly.
https://isc.sans.edu/diary/Polymorphic%20Python%20Malware/32354
SSH ProxyCommand Vulnerability
A user cloning a git repository may be tricked into executing arbitrary code via the SSH proxycommand option.
https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984
Framelink Figma MCP Server CVE-2025-53967
Framelink Figma s MCP server suffers from a remote code execution vulnerability.
]]> 6:12 polymorphic, python, git, ssh, proxycommand, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9646 SANS Stormcast Wednesday, October 8th, 2025: FreePBX Exploits; Disrupting Teams Threats; Kibana and QT SVG Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, October 8th, 2025: FreePBX Exploits; Disrupting Teams Threats; Kibana and QT SVG Patches https://traffic.libsyn.com/securitypodcast/9646.mp3 https://isc.sans.edu/podcastdetail/9646 Wed, 08 Oct 2025 03:25:14 GMT FreePBX Exploit Attempts (CVE-2025-57819)
A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems.
https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350
Disrupting Threats Targeting Microsoft Teams
Microsoft published a blog post outlining how to better secure Teams.
https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/
Kibana XSS Patch CVE-2025-25009
Elastic patched a stored XSS vulnerability in Kibana
https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449
QT SVG Vulnerabilities CVE-2025-10728, CVE-2025-10729,
The QT group fixed two vulnerabilities in the QT SVG module. One of the vulnerabilities may be used for code execution
https://www.qt.io/blog/security-advisory-uncontrolled-recursion-and-use-after-free-vulnerabilities-in-qt-svg-module-impact-qt
]]> 5:57 kibana, elastic, xss, microsoft, teams, freepbx, sql injection, svg, qt, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9644 SANS Stormcast Tuesday, October 7th, 2025: More About Oracle; Redis Vulnerability; GoAnywhere Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, October 7th, 2025: More About Oracle; Redis Vulnerability; GoAnywhere Exploited https://traffic.libsyn.com/securitypodcast/9644.mp3 https://isc.sans.edu/podcastdetail/9644 Tue, 07 Oct 2025 02:00:03 GMT More Details About Oracle 0-Day
The exploit is now widely distributed and has been analyzed to show the nature of the underlying vulnerabilities.
https://isc.sans.edu/diary/Quick%20and%20Dirty%20Analysis%20of%20Possible%20Oracle%20E-Business%20Suite%20Exploit%20Script%20%28CVE-2025-61882%29%20%5BUPDATED%5B/32346
https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/
Redis Vulnerability
Redis patched a ciritcal use after free vulnerability that could lead to arbitrary code execution.
https://redis.io/blog/security-advisory-cve-2025-49844/
GoAnywhere Bug Exploited
Microsoft is reporting about the exploitation of the recent GoAnywhere vulnerability
https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/
]]> 5:33 goanywhere, redis, oracle, ebusiness suite, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9642 SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day https://traffic.libsyn.com/securitypodcast/9642.mp3 https://isc.sans.edu/podcastdetail/9642 Mon, 06 Oct 2025 02:45:14 GMT Last week, the Cl0p ransomware gang sent messages to many businesses stating that an Oracle E-Business Suite vulnerability was used to exfiltrate data. Initially, Oracle believed the root cause to be a vulnerability patched in June, but now Oracle released a patch for a new vulnerability.
https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
Zimbra Exploit Analysis
An exploit against a Zimbra system prior to the patch release is analyzed. These exploits take advantage of .ics files to breach vulnerable systems.
https://strikeready.com/blog/0day-ics-attack-in-the-wild/
Unity Editor Vulnerability CVE-2025-59489
The Unity game editor suffered from a code execution vulnerablity that would also expose software developed with vulnerable versions
https://unity.com/security/sept-2025-01]]> 6:28 oracle, cl0p, e-business suite, unity, zimbra, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9640 SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln; https://traffic.libsyn.com/securitypodcast/9640.mp3 https://isc.sans.edu/podcastdetail/9640 Fri, 03 Oct 2025 02:00:02 GMT More .well-known scans
Attackers are using API documentation automatically published in the .well-known directory for reconnaissance.
https://isc.sans.edu/diary/More%20.well-known%20Scans/32340
RedHat Patches Openshift AI Services
A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example, as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator.
https://access.redhat.com/security/cve/cve-2025-10725#cve-affected-packages
TOTOLINK X6000R Vulnerabilities
Paloalto released details regarding three recently patched vulnerabilities in TotalLink-X6000R routers.
https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/
DrayOS Vulnerability Patched
Draytek fixed a single memory corruption vulnerability in its Vigor series router. An unauthenticated user may use it to execute arbitrary code.
https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities
]]> 6:35 .well-known, redhat, openshift, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9638 SANS Stormcast Thursday, October 2nd, 2025: Honeypot Passwords; OneLogin Vuln; Breaking Intel SGX; OpenSSL Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, October 2nd, 2025: Honeypot Passwords; OneLogin Vuln; Breaking Intel SGX; OpenSSL Patch https://traffic.libsyn.com/securitypodcast/9638.mp3 https://isc.sans.edu/podcastdetail/9638 Thu, 02 Oct 2025 02:00:03 GMT Comparing Honeypot Passwords with HIBP
Most passwords used against our honeypots are also found in the Have I been pwn3d list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations.
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/32310
Breaking Server SGX via DRAM Inspection
By observing read and write operations to memory, it is possible to derive keys stored in SGX and break the security of systems relying on SGX.
https://wiretap.fail/files/wiretap.pdf
OneLogin OIDC Vulnerability
A vulnerability in OneLogin can be used to read secret application keys
https://www.clutch.security/blog/onelogin-many-secrets-clutch-uncovers-vulnerability-exposing-client-credentials
OpenSSL Patch
OpenSSL patched three vulnerabilities. One could lead to remote code execution, but the feature is used infrequently, and the exploit is difficult, according to OpenSSL
]]> 8:11 openssl, onelogin, sgx, dram, hibp, passwords, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9636 SANS Stormcast Wednesday, October 1st, 2025: Cookie Auth Issues; Western Digtial Command Injection; sudo exploited; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, October 1st, 2025: Cookie Auth Issues; Western Digtial Command Injection; sudo exploited; https://traffic.libsyn.com/securitypodcast/9636.mp3 https://isc.sans.edu/podcastdetail/9636 Wed, 01 Oct 2025 02:00:02 GMT Sometimes you don t even need to log in
Applications using simple, predictable cookies to verify a user s identity are still exploited, and relatively recent vulnerabilities are still due to this very basic mistake.
https://isc.sans.edu/diary/%22user%3Dadmin%22.%20Sometimes%20you%20don%27t%20even%20need%20to%20log%20in./32334
Western Digital My Cloud Vulnerability
Western Digital patched a critical vulnerability in its MyCloud device.
https://nvd.nist.gov/vuln/detail/CVE-2025-30247
sudo vulnerability exploited
A recently patched vulnerability in sudo is now being exploited.
https://www.sudo.ws/security/advisories/
]]> 5:10 mycloud, sudo, western digital, cookies, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9634 SANS Stormcast Tuesday, September 30th, 2025: Apple Patch; PAN Global Protect Scans; SSL.com signed malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, September 30th, 2025: Apple Patch; PAN Global Protect Scans; SSL.com signed malware https://traffic.libsyn.com/securitypodcast/9634.mp3 https://isc.sans.edu/podcastdetail/9634 Tue, 30 Sep 2025 02:00:02 GMT Apple Patches
Apple released patches for iOS, macOS, and visionOS, fixing a single font parsing vulnerability
https://isc.sans.edu/diary/Apple%20Patches%20Single%20Vulnerability%20CVE-2025-43400/32330
Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400).
Our honeypots detected an increase in scans for a Palo Alto Global Protect vulnerability.
https://isc.sans.edu/diary/Increase%20in%20Scans%20for%20Palo%20Alto%20Global%20Protect%20Vulnerability%20%28CVE-2024-3400%29/32328
Nimbus Manticore / Charming Kitten Malware update
Checkpoint released a report with details regarding a new Nimbus Manticore exploit kit. The malware in this case uses valid SSL.com-issued certificates.
https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/
]]> 5:06 apple, ios, macos, nimus, manticode, charming kitten, ssl.com, pan, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9632 SANS Stormcast Monday, September 29th, 2025: Convert Timestamps; Cisco Compromises; GitHub Notification Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, September 29th, 2025: Convert Timestamps; Cisco Compromises; GitHub Notification Phishing https://traffic.libsyn.com/securitypodcast/9632.mp3 https://isc.sans.edu/podcastdetail/9632 Mon, 29 Sep 2025 02:05:18 GMT Converting Timestamps in .bash_history
Unix shells offer the ability to add timestamps to commands in the .bash_history file. This is often done in the form of Unix timestamps. This new tool converts these timestamps into a more readable format.
https://isc.sans.edu/diary/New%20tool%3A%20convert-ts-bash-history.py/32324
Cisco ASA/FRD Compromises
Exploitation of the vulnerabilities Cisco patched last week may have bone back about a year. Cisco and CISA have released advisories with help identifying affected devices.
https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks
https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices
Github Notification Phishing
Github notifications are used to impersonate YCombinator and trick victims into installing a crypto drainer.
https://www.bleepingcomputer.com/news/security/github-notifications-abused-to-impersonate-y-combinator-for-crypto-theft/
]]> 8:36 cisco, timestamp, bash, history, asa, firepower, ftd, github, phishing, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9630 SANS Stormcast Friday, September 26th, 2025: Webshells in .well-known; Critical Cisco Vulns Exploited; XCSSET Update; GoAnywhere MFT Exploit Details Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, September 26th, 2025: Webshells in .well-known; Critical Cisco Vulns Exploited; XCSSET Update; GoAnywhere MFT Exploit Details https://traffic.libsyn.com/securitypodcast/9630.mp3 https://isc.sans.edu/podcastdetail/9630 Fri, 26 Sep 2025 04:05:15 GMT Webshells Hiding in .well-known Places
Our honeypots registered an increase in scans for URLs in the .well-known directory, which appears to be looking for webshells.
https://isc.sans.edu/diary/Webshells%20Hiding%20in%20.well-known%20Places/32320
Cisco Patches Critical Exploited Vulnerabilities
Cisco released updates addressing already-exploited vulnerabilities in the VPN web server for the ASA and FTD appliances.
https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW
XCSSET Evolves Again
Microsoft detected a new XCSSET variant, an infostealer infecting X-Code projects.
https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/
Exploitation of Fortra GoAnywhere MFT CVE-2025-10035
watchTowr analyzed the latest GoAnywhere MFT vulnerability and exploits used against it.
https://labs.watchtowr.com/it-is-bad-exploitation-of-fortra-goanywhere-mft-cve-2025-10035-part-2/
]]> 6:52 goanywhere, mft, xcsset, x-code, cisco, asa, ftd, webhsells, .well-known, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9628 SANS Stormcast Thursday, September 25th, 2025: Hikvision Exploits; Cisco Patches; Sonicawall Anit-Rootkit Patch; Windows 10 Support Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, September 25th, 2025: Hikvision Exploits; Cisco Patches; Sonicawall Anit-Rootkit Patch; Windows 10 Support https://traffic.libsyn.com/securitypodcast/9628.mp3 https://isc.sans.edu/podcastdetail/9628 Thu, 25 Sep 2025 03:40:13 GMT Exploit Attempts Against Older Hikvision Camera Vulnerability
Out honeypots observed an increase in attacks against some older Hikvision issues. A big part of the problem is weak passwords, and the ability to send credentials as part of the URL.
https://isc.sans.edu/diary/Exploit%20Attempts%20Against%20Older%20Hikvision%20Camera%20Vulnerability/32316
Cisco Patches Already Exploited SNMP Vulnerability
Cisco patched a stack-based buffer overflow in the SNMP subsystem. It is already exploited in the wild, but requires
admin privileges to achieve code execution.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
SonicWall Anti-Rootkit Update
SonicWall released a firmware update for its SMA100 devices specifically designed to eradicate a commonly deployed rootkit.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0015
Extended Windows 10 Support
Microsoft will extend free Windows 10 essential support for US and European customers.
https://www.straitstimes.com/world/united-states/microsoft-offers-no-cost-windows-10-lifeline
]]> 5:33 windows, support, hikvision, sonicwall, cisco, snmp, rootkit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9626 SANS Stormcast Wednesday, September 24th, 2025: DoS against the Analyst; GitHub Improvements; Solarwinds and Supermicro BMC vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, September 24th, 2025: DoS against the Analyst; GitHub Improvements; Solarwinds and Supermicro BMC vulnerabilities https://traffic.libsyn.com/securitypodcast/9626.mp3 https://isc.sans.edu/podcastdetail/9626 Wed, 24 Sep 2025 03:15:14 GMT Distracting the Analyst for Fun and Profit
Our undergraduate intern, Tyler House analyzed what may have been a small DoS attack that was likely more meant to distract than to actually cause a denial of service
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Distracting%20the%20Analyst%20for%20Fun%20and%20Profit/32308
GitHub s plan for a more secure npm supply chain
GitHub outlined its plan to harden the supply chain, in particular in light of the recent attack against npm packages
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-26399)
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399
Vulnerabilities in Supermicro BMC Firmware CVE-2025-7937 CVE-2025-6198
Supermicro fixed two vulnerabilities that could allow an attacker to compromise the BMC with rogue firmware.
https://www.supermicro.com/en/support/security_BMC_IPMI_Sept_2025
]]> 7:22 BMC, supermicro, solarwinds, github, npm, dos, distraction, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9624 SANS Stormcast Tuesday, September 23rd, 2025: Ivanti EPMM Exploit; GitHub Impersonation Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, September 23rd, 2025: Ivanti EPMM Exploit; GitHub Impersonation https://traffic.libsyn.com/securitypodcast/9624.mp3 https://isc.sans.edu/podcastdetail/9624 Tue, 23 Sep 2025 03:50:13 GMT CISA Reports Ivanti EPMM Exploit Sightings
Two different organizations submitted backdoors to CISA, which are believed to have been installed using Ivanti vulnerabilities patched in May.
https://www.cisa.gov/news-events/analysis-reports/ar25-261a
Lastpass Observes Impersonation on GitHub
Lastpass noted a number of companies being impersonated via fake GitHub repositories in order to trick victims to download Mac malware.
https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
Oracle Scheduler Ransomware
Ransomware has been discovered that gained access to systems via an exposed Oracle Database Scheduler service.
https://labs.yarix.com/2025/09/elons-proxima-black-shadow-related-ransomware-attack-via-oracle-dbs-external-jobs/
]]> 4:49 oracle, lastpass, github, cisa, epmm, ivanti, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9622 SANS Stormcast Monday, September 22nd, 2025: Odd HTTP Reuqest; GoAnywhere MFT Bug; EDR Freeze Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, September 22nd, 2025: Odd HTTP Reuqest; GoAnywhere MFT Bug; EDR Freeze https://traffic.libsyn.com/securitypodcast/9622.mp3 https://isc.sans.edu/podcastdetail/9622 Mon, 22 Sep 2025 02:00:03 GMT Help Wanted: What are these odd requests about?
An odd request is hitting a number of our honeypots with a somewhat unusual HTTP request
header. Please let me know if you no what the request is about.
https://isc.sans.edu/forums/diary/Help+Wanted+What+are+these+odd+reuqests+about/32302/
Forta GoAnywhere MFT Vulnerability
Forta s GoAnywhere MFT product suffers from a critical deserialization vulnerability. Forta released
an advisory disclosing the vulnerability on Thursday.
https://www.fortra.com/security/advisories/product-security/fi-2025-012
EDR Freeze
A new tool, EDR Freeze, allows regular users to suspend EDR processes.
https://www.zerosalarium.com/2025/09/EDR-Freeze-Puts-EDRs-Antivirus-Into-Coma.html
]]> 9:02 EDR, GoAnywhere MFT, Forta, http, proxy, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9620 SANS Stormcast Friday, September 19th, 2025: Honeypot File Analysis (@sans_edu); SonicWall Breach; DeepSeek Bias; Chrome 0-day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, September 19th, 2025: Honeypot File Analysis (@sans_edu); SonicWall Breach; DeepSeek Bias; Chrome 0-day https://traffic.libsyn.com/securitypodcast/9620.mp3 https://isc.sans.edu/podcastdetail/9620 Fri, 19 Sep 2025 02:00:03 GMT Exploring Uploads in a Dshield Honeypot Environment
This guest diary by one of our SANS.edu undergraduate interns shows how to analyze files uploaded to Cowrie
https://isc.sans.edu/diary/Exploring%20Uploads%20in%20a%20Dshield%20Honeypot%20Environment%20%5BGuest%20Diary%5D/32296
Sonicwall Breach
SonicWall MySonicWall accounts were breached via credential brute forcing
https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330
DeepSeek Bias
Cloudflare found significant biases in code created by the Chinese AI engine DeepSeek. Code for organizations not aligned with China s politics contained significantly more bugs
https://www.washingtonpost.com/technology/2025/09/16/deepseek-ai-security/
Google Chrome 0-day
Google fixed an already-exploited vulnerability in Google Chrome
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html
]]> 7:14 bugs, ai, deepseek, bias, sonicwall, google, chrome, cowrie, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9618 SANS Stormcast Thursday, September 18th, 2025: DLL Hooking; Entra ID Actor Tokens; Watchguard and NVidia Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, September 18th, 2025: DLL Hooking; Entra ID Actor Tokens; Watchguard and NVidia Patches https://traffic.libsyn.com/securitypodcast/9618.mp3 https://isc.sans.edu/podcastdetail/9618 Thu, 18 Sep 2025 02:00:02 GMT CTRL-Z DLL Hooking
Attackers may use a simple reload trick to overwrite breakpoints left by analysts to reverse malicious binaries.
https://isc.sans.edu/diary/CTRL-Z%20DLL%20Hooking/32294
Global Admin in every Entra ID tenant via Actor tokens
As part of September s patch Tuesday, Microsoft patched CVE-2025-55241. The discoverer of the vulnerability,
Dirk-jan Mollema has published a blog post showing how this vulnerability could have been exploited.
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
WatchGuard Firebox iked Out of Bounds Write Vulnerability CVE-2025-9242
WatchGuard patched an out-of-bounds write vulnerability, which could allow an unauthenticated attacker to compromise the devices.
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015
NVidia Triton Inference Server
NVIDIA patched critical vulnerabilities in its Triton Inference Server.
https://nvidia.custhelp.com/app/answers/detail/a_id/5691
]]> 6:31 nvidia, watchguard, triton, entra, azure, tokens, ctrl-z, dll, hooking, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9616 SANS Stormcast Wednesday, September 17th, 2025: Phishing Resistants; More npm Attacks; ChatGPT MCP abuse Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, September 17th, 2025: Phishing Resistants; More npm Attacks; ChatGPT MCP abuse https://traffic.libsyn.com/securitypodcast/9616.mp3 https://isc.sans.edu/podcastdetail/9616 Wed, 17 Sep 2025 02:00:03 GMT Why You Need Phishing-Resistant Authentication NOW.
The recent compromise of a number of high-profile npmjs.com accounts has yet again shown how dangerous a simple phishing email can be.
https://isc.sans.edu/diary/Why%20You%20Need%20Phishing%20Resistant%20Authentication%20NOW./32290
S1ngularity/nx Attackers Strike Again
A second wave of attacks has hit over a hundred npm-related GitHub repositories. The updated payload implements a worm that propagates itself to other repositories.
https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again
ChatGPT s Calendar Integration Can Be Exploited to Steal Emails
ChatGPT s new MCP integration can be used, via prompt injection, to affect software connected to ChatGPT via MCP.
https://www.linkedin.com/posts/eito-miyamura-157305121_we-got-chatgpt-to-leak-your-private-email-activity-7372306174253256704-xoX1/
]]> 8:47 chatgpt, openai, prompt injection, mcp, s1ngularity, nx, npm, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9614 SANS Stormcast Tuesday, September 16th, 2025: Apple Updates; Rust Phishing; Samsung 0-day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, September 16th, 2025: Apple Updates; Rust Phishing; Samsung 0-day https://traffic.libsyn.com/securitypodcast/9614.mp3 https://isc.sans.edu/podcastdetail/9614 Tue, 16 Sep 2025 02:00:02 GMT Apple Updates
Apple released major updates for all of its operating systems. In addition to new features, these updates patch 33 different vulnerabilities.
https://isc.sans.edu/diary/Apple%20Updates%20Everything%20-%20iOS%20macOS%2026%20Edition/32286
Microsoft End of Life
October 14th, support for Windows 10, Exchange 2016, and Exchange 2019 will end.
https://support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281#:~:text=As%20a%20reminder%2C%20Windows%2010,one%20that%20supports%20Windows%2011.
https://techcommunity.microsoft.com/blog/exchange/t-9-months-exchange-server-2016-and-exchange-server-2019-end-of-support/4366605
Phishing Targeting Rust Developers
Rust developers are reporting similar phishing emails as the emails causing the major NPM compromise last week.
https://github.com/rust-lang/crates.io/discussions/11889#discussion-8886064
Samsung Patches 0-Day
Samsung released its monthly updates for its flagship phones fixing, among other vulnerability, an already exploited 0-day.
https://security.samsungmobile.com/securityUpdate.smsb
]]> 6:42 Samsung, phishing, rust, microsoft, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9612 SANS Stormcast Monday, September 15th, 2025: More Archives; Salesforce Attacks; White Cobra; BSides Augusta Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, September 15th, 2025: More Archives; Salesforce Attacks; White Cobra; BSides Augusta https://traffic.libsyn.com/securitypodcast/9612.mp3 https://isc.sans.edu/podcastdetail/9612 Mon, 15 Sep 2025 02:00:03 GMT Web Searches For Archives
Didier observed additional file types being searched for as attackers continue to focus on archive files as they spider web pages
https://isc.sans.edu/diary/Web%20Searches%20For%20Archives/32282
FBI Flash Alert: Salesforce Attacks
The FBI is alerting users of Salesforce of two different threat actors targeting Salesforce. There are no new vulnerabilities disclosed, but the initial access usually takes advantage of social engineering or leaked data from the Salesdrift compromise.
https://www.ic3.gov/CSA/2025/250912.pdf
VSCode Cursor Extensions Malware
Koe Security unmasked details about a recent malicious cursor extension campaign they call White Cobra.
https://www.koi.security/blog/whitecobra-vscode-cursor-extensions-malware
BSides Augusta
https://bsidesaugusta.org/
]]> 6:06 bsides, vscode, cursor, fbi, salesforce, web, search, archive, zip, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9610 SANS Stormcast Friday, September 12th, 2025: DShield SIEM Update; Another Sonicwall Warning; Website Keystroke Logging Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, September 12th, 2025: DShield SIEM Update; Another Sonicwall Warning; Website Keystroke Logging https://traffic.libsyn.com/securitypodcast/9610.mp3 https://isc.sans.edu/podcastdetail/9610 Fri, 12 Sep 2025 02:00:02 GMT DShield SIEM Docker Updates
Guy updated the DShield SIEM which graphically summarizes what is happening inside your honeypot.
https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/32276
Again: Sonicwall SSL VPN Compromises
The Australian Government s Signals Directorate noted an increase in compromised Sonicwall devices.
https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/ongoing-active-exploitation-of-sonicwall-ssl-vpns-in-australia
Website Keystroke Logging
Many websites log every keystroke, not just data submitted in forms.
https://arxiv.org/pdf/2508.19825
]]> 6:38 dshield, siem, sonicwall, website, keystroke, logging, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9608 SANS Stormcast Thursday, September 11th, 2025: BASE64 in DNS; Google Chrome, Ivantii and Sophos Patches; Apple Memory Integrity Feature Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, September 11th, 2025: BASE64 in DNS; Google Chrome, Ivantii and Sophos Patches; Apple Memory Integrity Feature https://traffic.libsyn.com/securitypodcast/9608.mp3 https://isc.sans.edu/podcastdetail/9608 Thu, 11 Sep 2025 02:00:02 GMT BASE64 Over DNS
The base64 character set exceeds what is allowable in DNS. However, some implementations will work even with these invalid characters.
https://isc.sans.edu/diary/BASE64%20Over%20DNS/32274
Google Chrome Update
Google released an update for Google Chrome, addressing two vulnerabilities. One of the vulnerabilities is rated critical and may allow code execution.
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html
Ivanti Updates
Ivanti patched a number of vulnerabilities, several of them critical, across its product portfolio.
https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs
Sophos Patches
Sophos resolved authentication bypass vulnerability in Sophos AP6 series wireless access point firmware (CVE-2025-10159)
https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6
Apple Introduces Memory Integrity Enforcement
With the new hardware promoted in yesterday s event, Apple also introduced new memory integrity features based on this new hardware.
https://security.apple.com/blog/memory-integrity-enforcement/
]]> 7:12 apple, memory safe, memory integrity, sophos, ap6, ivanti, patches, updates, google, base64, dns, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9606 SANS Stormcast Wednesday, September 10th, 2025: Microsoft Patch Tuesday; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, September 10th, 2025: Microsoft Patch Tuesday; https://traffic.libsyn.com/securitypodcast/9606.mp3 https://isc.sans.edu/podcastdetail/9606 Wed, 10 Sep 2025 02:00:02 GMT Microsoft Patch Tuesday
As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were already made public. Microsoft rates 13 of the vulnerabilities are critical.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20September%202025/32270
Adobe Patches
Adobe released patches for nine products, including Adobe Commerce, Coldfusion, and Acrobat.
https://helpx.adobe.com/security/security-bulletin.html
SAP Patches
SAP patched vulnerabilities across its product portfolio. Particularly interesting are a few critical vulnerabilities in Netweaver, one of which scored a perfect 10.0 CVSS score.
https://onapsis.com/blog/sap-security-notes-september-2025-patch-day/
]]> 8:25 netweaver, sap, adobe, commerce, acrobat, coldfusion, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9604 SANS Stormcast Tuesday, September 9th, 2025: Major npm compromise; HTTP Request Signature Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, September 9th, 2025: Major npm compromise; HTTP Request Signature https://traffic.libsyn.com/securitypodcast/9604.mp3 https://isc.sans.edu/podcastdetail/9604 Tue, 09 Sep 2025 02:00:02 GMT Major npm compromise
A number of high-profile npm libraries were compromised after developers fell for a phishing email. This compromise affected libraries with a total of hundreds of millions of downloads a week.
https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydioq5swk2y https://github.com/orgs/community/discussions/172738 https://github.com/chalk/chalk/issues/656#issuecomment-3266894253
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised
HTTP Request Signatures
It looks like some search engines and AI bots are starting to use the HTTP request signature. This should make it easier to identify bot traffic.
https://isc.sans.edu/diary/HTTP%20Request%20Signatures/32266
]]> 8:44 http, request, signature, npm, qix, debug, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9602 SANS Stormcast Monday, September 8th, 2025: YARA to Debugger Offsets; SVG JavaScript Phishing; FreePBX Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, September 8th, 2025: YARA to Debugger Offsets; SVG JavaScript Phishing; FreePBX Patches; https://traffic.libsyn.com/securitypodcast/9602.mp3 https://isc.sans.edu/podcastdetail/9602 Mon, 08 Sep 2025 02:00:03 GMT From YARA Offsets to Virtual Addresses
Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with debuggers.
https://isc.sans.edu/diary/From%20YARA%20Offsets%20to%20Virtual%20Addresses/32262
Phishing via JavaScript in SVG Files
Virustotal uncovered a Colombian phishing campaign that takes advantage of JavaScript in SVG files.
https://blog.virustotal.com/2025/09/uncovering-colombian-malware-campaign.html
FreePBX Patches
FreePBX released details regarding two vulnerabilities patched last week. One of these vulnerabilities was already actively exploited.
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-3r47-p39v-vqqf
]]> 5:34 FreePBX, javascript, svg, yara, offset, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9600 SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption https://traffic.libsyn.com/securitypodcast/9600.mp3 https://isc.sans.edu/podcastdetail/9600 Fri, 05 Sep 2025 02:00:02 GMT Unauthorized Issuance of Certificate for 1.1.1.1
Cloudflare published a blog post with more details regarding the bad 1.1.1.1 certificate that was issued by Fina.
https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/
AI Model Namespace Reuse
Deleted accounts on Huggingface can be taken over by other entities unrelated to the original owner.
https://unit42.paloaltonetworks.com/model-namespace-reuse/
macOS vulnerability allowed Keychain and iOS app decryption without a password
Excessive entitlements for the gcore binary facilitated access to key material that was sufficient to access secrets stored in Apple s keychain.
https://www.helpnetsecurity.com/2025/09/04/macos-gcore-vulnerability-cve-2025-24204/
]]> 8:18 keychain, macos, gcore, ai model, namespace, certificate, ca, cloudflare, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9598 SANS Stormcast Thursday, September 4th, 2025: Dassault DELMIA Apriso Exploit Attempts; Android Updates; 1.1.1.1 Certificate Issued Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, September 4th, 2025: Dassault DELMIA Apriso Exploit Attempts; Android Updates; 1.1.1.1 Certificate Issued https://traffic.libsyn.com/securitypodcast/9598.mp3 https://isc.sans.edu/podcastdetail/9598 Thu, 04 Sep 2025 13:59:15 GMT Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086
Our honeypots detected attacks against the manufacturing management system DELMIA Apriso. The deserialization vulnerability was patched in June and is one of a few critical vulnerabilities patched in recent months.
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Dassault%20DELMIA%20Apriso.%20CVE-2025-5086/32256
Android Bulletin
Google released its September update, fixing two already-exploited privilege escalation flaws and some remote code execution issues.
https://source.android.com/docs/security/bulletin/2025-09-01
Mis-issued Certificates for SAN iPAddress:1.1.1.1 by Fina RDC 2020
Certificate authority Fina RDC issues a certificate for Cloudflare s IP address 1.1.1.1
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/SgwC1QsEpvc
]]> 6:22 SAN, Certifiate, Fina RDC, fina, android, honeypot, dassault, demia, apriso, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9596 SANS Stormcast Wednesday, September 3rd, 2025: Sextortiion Analysis; Covert Channel DNS/ICMP; Azure AD Secret Theft; Official FreePBX Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, September 3rd, 2025: Sextortiion Analysis; Covert Channel DNS/ICMP; Azure AD Secret Theft; Official FreePBX Patches https://traffic.libsyn.com/securitypodcast/9596.mp3 https://isc.sans.edu/podcastdetail/9596 Wed, 03 Sep 2025 02:00:02 GMT A Quick Look at Sextortion at Scale
Jan analyzed 1900 different sextortion messages using 205 different Bitcoin addresses to look at the success rate, lifetime, and other metrics defining these campaigns.
https://isc.sans.edu/diary/A%20quick%20look%20at%20sextortion%20at%20scale%3A%201%2C900%20messages%20and%20205%20Bitcoin%20addresses%20spanning%20four%20years/32252
Azure AD Client Secret Leak
Attackers are stealing Azure AD client secrets from websites that are leaving them exposed.
https://www.resecurity.com/blog/article/azure-ad-client-secret-leak-the-keys-to-cloud
Covert Channel via ICMP and DNS
A new bot combines ICMP and DNS in new ways for covert communication. The DNS requests use domains with a fixed prefix followed by a base64 encoded command, and the ICMP echo request packets include commands as a payload.
https://blog.xlab.qianxin.com/mystrodx_covert_dual-mode_backdoor_en/
Official Release of Critical FreePBX Patch
Sangoma has announced that the experimental patch released for the exploited FreePBX vulnerability is now considered stable, and users should update to apply it.
https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203
]]> 5:29 freepbx, icmp, dns, azure, secrets, ad, azure ad, sextortion, bitcoin, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9594 SANS Stormcast Tuesday, September 2nd, 2025: pdf-parser Patch; Salesloft Compromise; Velociraptor Abuse; NeuVector Default Password Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, September 2nd, 2025: pdf-parser Patch; Salesloft Compromise; Velociraptor Abuse; NeuVector Default Password https://traffic.libsyn.com/securitypodcast/9594.mp3 https://isc.sans.edu/podcastdetail/9594 Tue, 02 Sep 2025 02:00:02 GMT pdf-parser: All Streams
Didier released a new version of pdf-parser.py. This version fixes a problem with dumping all filtered streams.
https://isc.sans.edu/diary/pdf-parser%3A%20All%20Streams/32248
Salesloft Drift Putting OAuth Tokens at Risk
OAuth tokens used by Salesloft Drift users to provide access to integrations with Salesforce, Google Workspace, and others have been compromised and heavily abused for additional compromise and large-scale data exfiltration from exposed services.
https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift
Velociraptor incident response tool abused for remote access
Attackers are using the open source incident response tool Velociraptor to access remote systems in breached networks. Tools like Velocitraptor are ideal for attackers to perform lateral movement.
https://news.sophos.com/en-us/2025/08/26/velociraptor-incident-response-tool-abused-for-remote-access/
Default Password in NeuVector (Rancher Desktop)
SuSE fixed a default password vulnerability in NeuVector, a security tool included in Rancher Desktop.
https://github.com/neuvector/neuvector/security/advisories/GHSA-8pxw-9c75-6w56
]]> 5:39 velociraptor, salesloft, pdf, pdf-parser, neuvector, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9592 SANS Stormcast Friday, August 29th, 2025: Scans for ZIP Files; FreePBX 0-Day; Passwordstate Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, August 29th, 2025: Scans for ZIP Files; FreePBX 0-Day; Passwordstate Patch https://traffic.libsyn.com/securitypodcast/9592.mp3 https://isc.sans.edu/podcastdetail/9592 Fri, 29 Aug 2025 02:00:02 GMT Increasing Searches for ZIP Files
Attackers are scanning our honeypots more and more for .zip files. They are looking for backups of credential files and the like left behind by careless administrators and developers.
https://isc.sans.edu/diary/Increasing%20Searches%20for%20ZIP%20Files/32242
FreePBX Vulnerability
An upatched vulnerability in FreePBX is currently being exploited. FreePBX offers mitigation advice and has also just released a beta patch.
https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203
Passwordstate Vulnerability
Clickstudios patched an authentication bypass vulnerability in its password manager, Passwordstate. The vulnerability can be used to access the emergency password page.
https://www.clickstudios.com.au/passwordstate-changelog.aspx
]]> 5:45 clickstudio, passwordstate, freepbx, zip, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9590 SANS Stormcast Thursday, August 28th, 2025: Launching Shellcode; NX Compromise; Volt Typhoon Report Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, August 28th, 2025: Launching Shellcode; NX Compromise; Volt Typhoon Report https://traffic.libsyn.com/securitypodcast/9590.mp3 https://isc.sans.edu/podcastdetail/9590 Thu, 28 Aug 2025 02:00:02 GMT Interesting Technique to Launch a Shellcode
Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code.
https://isc.sans.edu/diary/Interesting%20Technique%20to%20Launch%20a%20Shellcode/32238
NX Compromised to Steal Wallets and Credentials
The popular open source NX build package was compromised. Code was added that uses the help of AI tools like Claude and Gemini to steal credentials from affected systems
https://semgrep.dev/blog/2025/security-alert-nx-compromised-to-steal-wallets-and-credentials/
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed the Global Espionage System
Several law enforcement and cybersecurity agencies worldwide collaborated to release a detailed report on the recent Volt Typhoon incident.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a
]]> 6:39 cisa, volt typhoon, cisco, nx, credentials, supply chain, shellcode, callwindowproca, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9588 SANS Stormcast Wednesday, August 27th, 2025: Analyzing IDNs; Netscaler 0-Day Vuln; Git Vuln Exploited; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, August 27th, 2025: Analyzing IDNs; Netscaler 0-Day Vuln; Git Vuln Exploited; https://traffic.libsyn.com/securitypodcast/9588.mp3 https://isc.sans.edu/podcastdetail/9588 Wed, 27 Aug 2025 02:00:02 GMT Getting a Better Handle on International Domain Names and Punycode
International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use.
https://isc.sans.edu/diary/Getting%20a%20Better%20Handle%20on%20International%20Domain%20Names%20and%20Punycode/32234
Citrix Netscaler Vulnerabilities CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424
Citrix patched three vulnerabilities in Netscaler. One is already being exploited
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424
git vulnerability exploited (CVE-2025-48384)
A git vulnerability patched in early July is now being exploited
https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9
]]> 5:43 git, citrix, idn, punycode, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9586 SANS Stormcast Tuesday, August 26th, 2025: Decoding Word Reading Location; Image Downscaling AI Vulnerability; IBM Jazz Team Server Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, August 26th, 2025: Decoding Word Reading Location; Image Downscaling AI Vulnerability; IBM Jazz Team Server Vuln https://traffic.libsyn.com/securitypodcast/9586.mp3 https://isc.sans.edu/podcastdetail/9586 Tue, 26 Aug 2025 02:00:02 GMT Reading Location Position Value in Microsoft Word Documents
Jessy investigated how Word documents store the last visited document location in the registry.
https://isc.sans.edu/diary/Reading%20Location%20Position%20Value%20in%20Microsoft%20Word%20Documents/32224
Weaponizing image scaling against production AI systems
AI systems often downscale images before processing them. An attacker can create a harmless looking image that would reveal text after downscaling leading to prompt injection
https://blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/
IBM Jazz Team Server Vulnerability CVE-2025-36157
IBM patched a critical vulnerability in its Jazz Team Server
https://www.ibm.com/support/pages/node/7242925
]]> 5:01 IBM, Jazz, Team, downscaling, images, AI, prompt, word, location, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9584 SANS Stormcast Monday, August 25th, 2025: IP Cleanup; Linux Desktop Attacks; Malicious Go SSH Brute Forcer; Onmicrosoft Domain Restrictions Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, August 25th, 2025: IP Cleanup; Linux Desktop Attacks; Malicious Go SSH Brute Forcer; Onmicrosoft Domain Restrictions https://traffic.libsyn.com/securitypodcast/9584.mp3 https://isc.sans.edu/podcastdetail/9584 Mon, 25 Aug 2025 02:00:02 GMT The end of an era: Properly formatted IP addresses in all of our data.
When initiall designing DShield, addresses were zero padded , an unfortunate choice. As of this week, datafeeds should no longer be zero padded .
https://isc.sans.edu/diary/The%20end%20of%20an%20era%3A%20Properly%20formated%20IP%20addresses%20in%20all%20of%20our%20data./32228
.desktop files used in an attack against Linux Desktops
Pakistani attackers are using .desktop files to target Indian Linux desktops.
https://www.cyfirma.com/research/apt36-targets-indian-boss-linux-systems-with-weaponized-autostart-files/
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A go module advertising its ability to quickly brute force passwords against random IP addresses, has been used to exfiltrate credentials from the person running the module.
https://socket.dev/blog/malicious-go-module-disguised-as-ssh-brute-forcer-exfiltrates-credentials
Limiting Onmicrosoft Domain Usage for Sending Emails
Microsoft is limiting how many emails can be sent by Microsoft 365 users using the onmicrosoft.com domain.
https://techcommunity.microsoft.com/blog/exchange/limiting-onmicrosoft-domain-usage-for-sending-emails/4446167
]]> 6:04 onmicrosoft, go, ssh, brute forcer, desktop, BOSS, linux, ip addresses, padding, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9582 SANS Stormcast Friday, August 22nd, 2025: The -n switch; Commvault Exploit; Docker Desktop Escape Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, August 22nd, 2025: The -n switch; Commvault Exploit; Docker Desktop Escape Vuln; https://traffic.libsyn.com/securitypodcast/9582.mp3 https://isc.sans.edu/podcastdetail/9582 Fri, 22 Aug 2025 02:00:03 GMT Don't Forget The "-n" Command Line Switch
Disabling reverse DNS lookups for IP addresses is important not just for performance, but also for opsec. Xavier is explaining some of the risks.
https://isc.sans.edu/diary/Don%27t%20Forget%20The%20%22-n%22%20Command%20Line%20Switch/32220
watchTowr releases details about recent Commvault flaws
Users of the Commvault enterprise backup solution must patch now after watchTowr released details about recent vulnerabilities
https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/?123
Docker Desktop Vulnerability CVE-2025-9074
A vulnerability in Docker Desktop allows attackers to escape from containers to attack the host.
https://docs.docker.com/desktop/release-notes/#4443
]]> 6:52 docker, watchTowr, commvault, tcpdump, tshark, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9580 SANS Stormcast Thursday, August 21st, 2025: Airtel Scans; Apple Patch; Microsoft Copilot Audit Log Issue; Password Manager Clickjacking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, August 21st, 2025: Airtel Scans; Apple Patch; Microsoft Copilot Audit Log Issue; Password Manager Clickjacking https://traffic.libsyn.com/securitypodcast/9580.mp3 https://isc.sans.edu/podcastdetail/9580 Thu, 21 Aug 2025 02:00:02 GMT Airtel Router Scans and Mislabeled Usernames
A quick summary of some odd usernames that show up in our honeypot logs
https://isc.sans.edu/diary/Airtel%20Router%20Scans%2C%20and%20Mislabeled%20usernames/32216
Apple Patches 0-Day CVE-2025-43300
Apple released an update for iOS, iPadOS and MacOS today patching a single, already exploited, vulnerability in ImageIO.
https://support.apple.com/en-us/124925
Microsoft Copilot Audit Logs
A user retrieving data via copilot obscures the fact that the user may have had access to data in a specific file
https://pistachioapp.com/blog/copilot-broke-your-audit-log
Password Managers Susceptible to Clickjacking
Many password managers are susceptible to clickjacking, and only few have fixed the problem so far
https://marektoth.com/blog/dom-based-extension-clickjacking/
]]> 6:52 password manager, copilot, click jacking, apple, patches, airtel, username, password, ssh, telnet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9578 SANS Stormcast Wednesday, August 20th, 2025: Increased Elasticsearch Scans; MSFT Patch Issues Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, August 20th, 2025: Increased Elasticsearch Scans; MSFT Patch Issues https://traffic.libsyn.com/securitypodcast/9578.mp3 https://isc.sans.edu/podcastdetail/9578 Wed, 20 Aug 2025 02:00:02 GMT Increased Elasticsearch Recognizance Scans
Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the endpoint /_cluster/settings is hit hard.
https://isc.sans.edu/diary/Increased%20Elasticsearch%20Recognizance%20Scans/32212
Microsoft Patch Tuesday Issues
Microsoft noted some issues deploying the most recent patches with WSUS. There are also issues with certain SSDs if larger files are transferred.
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2#3635msgdesc
https://www.tomshardware.com/pc-components/ssds/latest-windows-11-security-patch-might-be-breaking-ssds-under-heavy-workloads-users-report-disappearing-drives-following-file-transfers-including-some-that-cannot-be-recovered-after-a-reboot
SAP Vulnerabilities Exploited CVE-2025-31324, CVE-2025-42999
Details explaining how to take advantage of two SAP vulnerabilities were made public
https://onapsis.com/blog/new-exploit-for-cve-2025-31324/
]]> 6:07 SAP, Microsoft, SSD, WSUS, Elasticsearch, scans, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9576 SANS Stormcast Tuesday, August 19th, 2025: MFA Bombing; Cisco Firewall Management Vuln; F5 Access for Android Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, August 19th, 2025: MFA Bombing; Cisco Firewall Management Vuln; F5 Access for Android Vuln; https://traffic.libsyn.com/securitypodcast/9576.mp3 https://isc.sans.edu/podcastdetail/9576 Tue, 19 Aug 2025 02:15:12 GMT Keeping an Eye on MFA Bombing Attacks
Attackers will attempt to use authentication fatigue by bombing users with MFA authentication requests. Rob is talking in this diary about how to investigate these attacks in a Microsoft ecosystem.
https://isc.sans.edu/diary/Keeping+an+Eye+on+MFABombing+Attacks/32208
Critical Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability
An OS command injection vulnerability may be abused to gain access to the Cisco Secure Firewall Management Center software.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79
F5 Access for Android vulnerability
An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify data in transit. The attacker would need to intercept vulnerable clients specifically, since other clients would detect the man-in-the-middle (MITM) attack.
https://my.f5.com/manage/s/article/K000152049
]]> 5:10 microsoft, mfa, fatique, bombing, F5, Android, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9574 SANS Stormcast Monday, August 18th, 2025: 5G Attack Framework; Plex Vulnerability; Fortiweb Exploit; Flowise Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, August 18th, 2025: 5G Attack Framework; Plex Vulnerability; Fortiweb Exploit; Flowise Vuln https://traffic.libsyn.com/securitypodcast/9574.mp3 https://isc.sans.edu/podcastdetail/9574 Mon, 18 Aug 2025 02:00:02 GMT SNI5GECT: Sniffing and Injecting 5G Traffic Without Rogue Base Stations
Researchers from the Singapore University of Technology and Design released a new framework, SNI5GECT, to passively sniff and inject traffic into 5G data streams, leading to DoS, downgrade and other attacks.
https://isc.sans.edu/diary/SNI5GECT%3A%20Sniffing%20and%20Injecting%205G%20Traffic%20Without%20Rogue%20Base%20Stations/32202
Plex Vulnerability
Plex patched a vulnerability in the Plex Media Server. Make sure you have updated to at least 1.42.1.
https://forums.plex.tv/t/plex-media-server-security-update/928341
FortiWeb Exploit Public
A security researcher published details about the recent FortiWeb vulnerability, including demonstrating a PoC exploit.
https://www.bleepingcomputer.com/news/security/researcher-to-release-exploit-for-full-auth-bypass-on-fortiweb/
Flowise OS vulnerability
https://research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578/
]]> 5:43 Flowise, FortiWeb, Plex, SNI5GECT, 5G, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9572 SANS Stormcast Friday, August 15th, 2025: Analysing Attack with AI; Proxyware via YouTube; Xerox FreeFlow Vuln; Evaluating Zero Trust @SANS_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, August 15th, 2025: Analysing Attack with AI; Proxyware via YouTube; Xerox FreeFlow Vuln; Evaluating Zero Trust @SANS_edu https://traffic.libsyn.com/securitypodcast/9572.mp3 https://isc.sans.edu/podcastdetail/9572 Fri, 15 Aug 2025 02:00:03 GMT AI and Faster Attack Analysis
A few use cases for LLMs to speed up analysis
https://isc.sans.edu/diary/AI%20and%20Faster%20Attack%20Analysis%20%5BGuest%20Diary%5D/32198
Proxyware Malware Being Distributed on YouTube Video Download Site
Popular YouTube download sites will attempt to infect users with proxyware.
https://asec.ahnlab.com/en/89574/
Xerox Freeflow Core Vulnerability
Horizon3.ai discovered XXE Injection (CVE-2025-8355) and Path Traversal (CVE-2025-8356) vulnerabilities in Xerox FreeFlow Core, a print orchestration platform. These vulnerabilities are easily exploitable and enable unauthenticated remote attackers to achieve remote code execution on vulnerable FreeFlow Core instances.
https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/
SANS.edu Research: Darren Carstensen Evaluating Zero Trust Network Access: A Framework for Comparative Security Testing
Not all Zero Trust Network Access (ZTNA) solutions are created equal, and despite bold marketing claims, many fall short of delivering proper Zero Trust security.
https://www.sans.edu/cyber-research/evaluating-zero-trust-network-access-framework-comparative-security-testing/
]]> 15:12 zero trust, xerox, proxyware, youtube, ai, analysis, ztna, sans.edu, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9570 SANS Stormcast Thursday, August 14th, 2025: Equation Editor; Kerberos Patch; XZ-Utils Backdoor; ForitSIEM/FortiWeb patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, August 14th, 2025: Equation Editor; Kerberos Patch; XZ-Utils Backdoor; ForitSIEM/FortiWeb patches https://traffic.libsyn.com/securitypodcast/9570.mp3 https://isc.sans.edu/podcastdetail/9570 Thu, 14 Aug 2025 02:00:12 GMT CVE-2017-11882 Will Never Die
The (very) old equation editor vulnerability is still being exploited, as this recent sample analyzed by Xavier shows. The payload of the Excel file attempts to download and execute an infostealer to exfiltrate passwords via email.
https://isc.sans.edu/diary/CVE-2017-11882%20Will%20Never%20Die/32196
Windows Kerberos Elevation of Privilege Vulnerability
Yesterday, Microsoft released a patch for a vulnerability that had already been made public. This vulnerability refers to the privilege escalation taking advantage of a path traversal issue in Windows Kerberos affecting Exchange Server in hybrid mode.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53779
Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images
Some old Debian Docker images containing the xz-utils backdoor are still available for download from Docker Hub via the official Debian account.
https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images
FortiSIEM / FortiWeb Vulnerablities
Fortinet patched already exploited vulnerabilities in FortiWeb and FortiSIEM
https://fortiguard.fortinet.com/psirt/FG-IR-25-152
https://fortiguard.fortinet.com/psirt/FG-IR-25-448
]]> 7:16 fortinet, fortiweb, fortisiem, xz-utils, docker, debian, kerberos, equation editor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9568 SANS Stormcast Wednesday, August 13th, 2025: Microsoft Patch Tuesday; libarchive vulnerability upgrade; Adobe Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, August 13th, 2025: Microsoft Patch Tuesday; libarchive vulnerability upgrade; Adobe Patches https://traffic.libsyn.com/securitypodcast/9568.mp3 https://isc.sans.edu/podcastdetail/9568 Wed, 13 Aug 2025 02:00:02 GMT Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20August%202025%20Patch%20Tuesday/32192
https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/
libarchive Vulnerability
A libarchive vulnerability patched in June was upgraded from a low CVSS score to a critical one. Libarchive is used by compression software across various operating systems, making this a difficult vulnerability to patch
https://www.freebsd.org/security/advisories/FreeBSD-SA-25:07.libarchive.asc
Adobe Patches
Adobe released patches for 13 different products.
https://helpx.adobe.com/security/Home.html
]]> 8:55 adobe, libarchive, microsoft, patches, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9566 SANS Stormcast Tuesday, August 12th, 2025: Erlang OTP SSH Exploits (Palo Alto Networks); Winrar Exploits; Netscaler Exploits; OpenSSH Pushing PQ Crypto; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, August 12th, 2025: Erlang OTP SSH Exploits (Palo Alto Networks); Winrar Exploits; Netscaler Exploits; OpenSSH Pushing PQ Crypto; https://traffic.libsyn.com/securitypodcast/9566.mp3 https://isc.sans.edu/podcastdetail/9566 Tue, 12 Aug 2025 02:00:02 GMT Erlang OTP SSH Exploits
A recently patched and easily exploited vulnerability in Erlang/OTP SSH is being exploited. Palo Alto collected some of the details about this exploit activity that they observed.
https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/
WinRAR Exploited
WinRAR vulnerabilities are actively being exploited by a number of threat actors. The vulnerability allows for the creation of arbitrary files as the archive is extracted.
https://thehackernews.com/2025/08/winrar-zero-day-under-active.html
Citrix Netscaler Exploit Updates
The Dutch Center for Cyber Security is updating its guidance on recent Citrix Netscaler attacks. Note that the attacks started before a patch became available, and attackers are actively hiding their tracks to make it more difficult to detect a compromise.
https://www.ncsc.nl/actueel/nieuws/2025/07/22/casus-citrix-kwetsbaarheid https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/
OpenSSH Post Quantum Encryption
Starting in version 10.1, OpenSSH will warn users if they are using quantum-unsafe algorithms
https://www.openssh.com/pq.html
]]> 6:52 citirx, netscaler, openssh, ssh, erlang, otp, winrar, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9564 SANS Stormcast Monday, August 11th, 2025: Fake Tesla Preorders; Bad USB Cameras; Win-DoS Epidemic Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, August 11th, 2025: Fake Tesla Preorders; Bad USB Cameras; Win-DoS Epidemic https://traffic.libsyn.com/securitypodcast/9564.mp3 https://isc.sans.edu/podcastdetail/9564 Mon, 11 Aug 2025 02:00:02 GMT Google Paid Ads for Fake Tesla Websites
Someone is setting up fake Tesla lookalike websites that attempt to collect credit card data from unsuspecting users trying to preorder Tesla products.
https://isc.sans.edu/diary/Google%20Paid%20Ads%20for%20Fake%20Tesla%20Websites/32186
Compromising USB Devices for Persistent Stealthy Access
USB devices, like Linux-based web cams, can be compromised to emulate malicious USB devices like keyboards that inject malicious commands.
https://eclypsium.com/blog/badcam-now-weaponizing-linux-webcams/
Win-DoS Epidemic: A crash course in abusing RPC for Win-DoS & Win-DDoS
Internet-exposed DCs can be used in very powerful DoS attacks.
https://defcon.org/html/defcon-33/dc-33-speakers.html#content_60389
]]> 7:07 dos, windows, dc, rpc, ldap, usb, linux, badcam, google, tesla, optimus, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9562 SANS Stormcast Friday, August 8th, 2025:: ASN43350 Mass Scans; HTTP1.1 Must Die; Hyprid Exchange Vuln; Sonicwall Update; SANS.edu Research: OSS Security and Shifting Left Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, August 8th, 2025:: ASN43350 Mass Scans; HTTP1.1 Must Die; Hyprid Exchange Vuln; Sonicwall Update; SANS.edu Research: OSS Security and Shifting Left https://traffic.libsyn.com/securitypodcast/9562.mp3 https://isc.sans.edu/podcastdetail/9562 Fri, 08 Aug 2025 02:00:02 GMT Mass Internet Scanning from ASN 43350
Our undergraduate intern Duncan Woosley wrote up aggressive scans from ASN 43350
https://isc.sans.edu/diary/Mass+Internet+Scanning+from+ASN+43350+Guest+Diary/32180/#comments
HTTP/1.1 Desync Attacks
Portswigger released details about new types of HTTP/1.1 desync attacks it uncovered. These attacks are particularly critical for organizations using middleboxes to translate from HTTP/2 to HTTP/1.1
https://portswigger.net/research/http1-must-die
Microsoft Warns of Exchange Server Vulnerability
An attacker with admin access to an Exchange Server in a hybrid configuration can use this vulnerability to gain full domain access. The issue is mitigated by an April hotfix, but was not noted in the release of the April Hotfix.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
Sonicwall Update
Sonicwall no longer believes that a new vulnerability was used in recent compromises
https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430
SANS.edu Research: Wellington Rampazo, Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components
https://www.sans.edu/cyber-research/shift-left-awareness-detection-developers-using-vulnerable-open-source-software-components/
]]> 23:59 http/1.1, http request smuggeling, http/2, asn 43350, exchange, sonicwall, SANS.edu, research, shiftin left, wellington, rampazo, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9560 SANS Stormcast Thursday, August 7th, 2025: Sextortion Update; Adobe and Trend Micro release emergency patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, August 7th, 2025: Sextortion Update; Adobe and Trend Micro release emergency patches https://traffic.libsyn.com/securitypodcast/9560.mp3 https://isc.sans.edu/podcastdetail/9560 Thu, 07 Aug 2025 02:00:02 GMT Do Sextortion Scams Still Work in 2025?
Jan looked at recent sextortion emails to check if any of the crypto addresses in these emails received deposits. Sadly, some did, so these scams still work.
https://isc.sans.edu/diary/Do%20sextortion%20scams%20still%20work%20in%202025%3F/32178
Akira Ransomware Group s use of Drivers
Guidepoint Security observed the Akira ransomware group using specific legitimate drivers for privilege escalation
https://www.guidepointsecurity.com/blog/gritrep-akira-sonicwall/
Adobe Patches Critical Experience Manager Vulnerability
Adobe released emergency patches for a vulnerability in Adobe Experience Manager after a PoC exploit was made public.
https://slcyber.io/assetnote-security-research-center/struts-devmode-in-2025-critical-pre-auth-vulnerabilities-in-adobe-experience-manager-forms/
https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
Trend Micro Apex One Vulnerability
Trend Micro released an emergency patch for an actively exploited pre-authentication remote code execution vulnerability in the Apex One management console.
https://success.trendmicro.com/en-US/solution/KA-0020652
]]> 5:06 sextortion, akira, ransomware, driver, adobe, experience manager, trend micro, apex one, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9558 SANS Stormcast Wednesday, August 6th, 2025: Machinekeys and VIEWSTATEs; Perplexity Unethical Learning; SonicWall Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, August 6th, 2025: Machinekeys and VIEWSTATEs; Perplexity Unethical Learning; SonicWall Updates https://traffic.libsyn.com/securitypodcast/9558.mp3 https://isc.sans.edu/podcastdetail/9558 Wed, 06 Aug 2025 02:00:02 GMT Stealing Machinekeys for fun and profit (or riding the SharePoint wave)
Bojan explains in detail how .NET uses Machine Keys to protect the VIEWSTATE, and how to abuse the VIEWSTATE for code execution if the Machine Keys are lost.
https://isc.sans.edu/diary/Stealing%20Machine%20Keys%20for%20fun%20and%20profit%20%28or%20riding%20the%20SharePoint%20wave%29/32174
Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives
Perplexity will change its User Agent, or use different originating IP addresses, if it detects being blocked from scanning websites
https://blog.cloudflare.com/perplexity-is-using-stealth-undeclared-crawlers-to-evade-website-no-crawl-directives/
Gen 7 SonicWall Firewalls SSLVPN Recent Threat Activity
Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled.
https://www.sonicwall.com/support/notices/gen-7-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430
]]> 7:41 sonicall, perplexity, machinekeys, viewstate, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9556 SANS Stormcast Tuesday, August 05, 2025: Daily Trends Report; NVidia Triton RCE; Cursor AI Misconfiguration Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, August 05, 2025: Daily Trends Report; NVidia Triton RCE; Cursor AI Misconfiguration https://traffic.libsyn.com/securitypodcast/9556.mp3 https://isc.sans.edu/podcastdetail/9556 Tue, 05 Aug 2025 02:00:02 GMT Daily Trends Report
A new trends report will bring you daily data highlights via e-mail.
https://isc.sans.edu/diary/New%20Feature%3A%20Daily%20Trends%20Report/32170
NVidia Triton RCE
Wiz found an interesting information leakage vulnerability in NVidia s Triton servers that can be leveraged to remote code execution.
https://www.wiz.io/blog/nvidia-triton-cve-2025-23319-vuln-chain-to-ai-server
Cursor AI MCP Vulnerability
An attacker could abuse negligent Cursor MCP configurations to implement backdoors into developer machines.
https://www.aim.security/lp/aim-labs-curxecute-blogpost
]]> 6:48 cursor, mcp, nvidia, triton, rce, trends, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9554 SANS Stormcast Monday, August 4th, 2025: Legacy Protocols; Sonicwall SSL VPN Possible 0-Day; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, August 4th, 2025: Legacy Protocols; Sonicwall SSL VPN Possible 0-Day; https://traffic.libsyn.com/securitypodcast/9554.mp3 https://isc.sans.edu/podcastdetail/9554 Mon, 04 Aug 2025 02:00:02 GMT Scans for pop3user with guessable password
A particular IP assigned to a network that calls itself Unmanaged has been scanning telnet/ssh for a user called pop3user with passwords pop3user or 123456 . I assume they are looking for legacy systems that either currently run pop3 or ran pop3 in the past, and left the user enabled.
https://isc.sans.edu/diary/Legacy%20May%20Kill/32166
Possible Sonicwall SSL VPN 0-Day
Arcticwolf observed compromised Sonicwall SSL VPN devices used by the Akira group to install ransomware. These devices were fully patched, and credentials were recently rotated.
https://arcticwolf.com/resources/blog/arctic-wolf-observes-july-2025-uptick-in-akira-ransomware-activity-targeting-sonicwall-ssl-vpn/
PAM Based Linux Backdoor
For over a year, attackers have used a PAM-based Linux backdoor that so far has gotten little attention from anti-malware vendors. PAM-based backdoors can be stealthy, and this one in particular includes various anti-forensics tricks.
https://www.nextron-systems.com/2025/08/01/plague-a-newly-discovered-pam-based-backdoor-for-linux/
]]> 5:17 pam, linux, backdoor, sonicwall, legacy, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9552 SANS Stormcast Friday, August 1st, 2025: Scattered Spider Domains; Excel Blocking Dangerous Links; CISA Releasing Thorium Platform Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, August 1st, 2025: Scattered Spider Domains; Excel Blocking Dangerous Links; CISA Releasing Thorium Platform https://traffic.libsyn.com/securitypodcast/9552.mp3 https://isc.sans.edu/podcastdetail/9552 Fri, 01 Aug 2025 02:00:02 GMT Scattered Spider Related Domain Names
A quick demo of our domain feeds and how they can be used to find Scattered Spider related domains
https://isc.sans.edu/diary/Scattered+Spider+Related+Domain+Names/32162
Excel External Workbook Links to Blocked File Types Will Be Disabled by Default
Excel will discontinue allowing links to dangerous file types starting as early as October.
https://support.microsoft.com/en-us/topic/external-workbook-links-to-blocked-file-types-will-be-disabled-by-default-6dd12903-0592-463d-9e68-0741cf62ee58
CISA Releases Thorium
CISA announced that it released its malware analysis platform, Thorium, as open-source software.
https://www.cisa.gov/news-events/alerts/2025/07/31/thorium-platform-public-availability
]]> 5:41 thorium, cisa, scattered spider, excel, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9550 SANS Stormcast Thursday July 31st, 2025: Firebase Security; WebKit Vuln Exploited; Scattered Spider Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday July 31st, 2025: Firebase Security; WebKit Vuln Exploited; Scattered Spider Update https://traffic.libsyn.com/securitypodcast/9550.mp3 https://isc.sans.edu/podcastdetail/9550 Thu, 31 Jul 2025 02:00:02 GMT Securing Firebase: Lessons Re-Learned from the Tea Breach
Inspried by the breach of the Tea app, Brendon Evans recorded a video to inform of Firebase security issues
https://isc.sans.edu/diary/Securing%20Firebase%3A%20Lessons%20Re-Learned%20from%20the%20Tea%20Breach/32158
WebKit Vulnerability Exploited before Apple Patch
A WebKit vulnerablity patched by Apple yesterday has already been exploited in Google Chrome. Google noted the exploit with its patch for the same vulnerability in Chrome.
https://nvd.nist.gov/vuln/detail/CVE-2025-6558
Scattered Spider Update
CISA released an update for its report on Scattered Spider, noting that the group also calls helpdesks impersonating users, not just the other way around.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
]]> 6:40 scattered spider, webkit, chrome, chromium, exploit, tea, firebase, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9548 SANS Stormcast Wednesday July 30th, 2025: Apple Updates; Python Triage; Papercut Vuln Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday July 30th, 2025: Apple Updates; Python Triage; Papercut Vuln Exploited https://traffic.libsyn.com/securitypodcast/9548.mp3 https://isc.sans.edu/podcastdetail/9548 Wed, 30 Jul 2025 02:00:02 GMT Apple Updates Everything: July 2025 Edition
Apple released updates for all of its operating systems patching 89 different vulnerabilities. Many vulnerabilities apply to multiple operating systems.
https://isc.sans.edu/diary/Apple%20Updates%20Everything%3A%20July%202025/32154
Python Triage
A quick python script by Xavier to efficiently search through files, even compressed once, for indicators of compromise.
https://isc.sans.edu/diary/Triage+is+Key+Python+to+the+Rescue/32152/
PaperCut Attacks
CISA added a 2024 Papercut vulnerability to the known exploited vulnerability list.
https://www.cisa.gov/news-events/alerts/2025/07/28/cisa-adds-three-known-exploited-vulnerabilities-catalog
]]> 6:44 papercut, python, triage, apple, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9546 SANS Stormcast Tuesday, July 29th, 2025:Parasitic Exploits; Cisco ISE Exploit; MyASUS Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, July 29th, 2025:Parasitic Exploits; Cisco ISE Exploit; MyASUS Vuln https://traffic.libsyn.com/securitypodcast/9546.mp3 https://isc.sans.edu/podcastdetail/9546 Tue, 29 Jul 2025 02:00:02 GMT Parasitic SharePoint Exploits
We are seeing attacks against SharePoint itself and attempts to exploit backdoors left behind by attackers.
https://isc.sans.edu/diary/Parasitic%20Sharepoint%20Exploits/32148
Cisco ISE Vulnerability Exploited
A recently patched vulnerability in Cisco ISE is now being exploited. The Zero Day Initiative has released a blog detailing the exploit chain to obtain code execution as an unauthenticated user.
https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability
MyAsus Vulnerablity
The MyAsus tool does not store its access tokens correctly, potentially providing an attacker with access to sensitive functions
https://www.asus.com/content/security-advisory/
]]> 5:35 SharePoint, Parasitic Attacks, Cisco, ISE, MyASUS, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9544 SANS Stormcast Monday, July 28th, 2025: Linux Namespaces; UI Automation Abuse; Autoswagger Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, July 28th, 2025: Linux Namespaces; UI Automation Abuse; Autoswagger https://traffic.libsyn.com/securitypodcast/9544.mp3 https://isc.sans.edu/podcastdetail/9544 Mon, 28 Jul 2025 02:00:02 GMT Linux Namespaces
Linux namespaces can be used to control networking features on a process-by-process basis. This is useful when trying to present a different network environment to a process being analysed.
https://isc.sans.edu/diary/Sinkholing%20Suspicious%20Scripts%20or%20Executables%20on%20Linux/32144
Coyote in the Wild: First-Ever Malware That Abuses UI Automation
Akamai identified malware that takes advantage of Microsoft s UI Automation Framework to programatically interact with the user s system and steal credentials.
https://www.akamai.com/blog/security-research/active-exploitation-coyote-malware-first-ui-automation-abuse-in-the-wild
Testing REST APIs with Autoswagger
The tool Autoswagger can be used to automate the testing of REST APIs following the OpenAPI/Swagger standard.
https://github.com/intruder-io/autoswagger/
]]> 5:39 Linux, namespace, coyote, UI Automation, rest, autoswagger, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9542 SANS Stormcast Friday, July 25th, 2025: ficheck.py; Mital and SonicWall Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, July 25th, 2025: ficheck.py; Mital and SonicWall Patches https://traffic.libsyn.com/securitypodcast/9542.mp3 https://isc.sans.edu/podcastdetail/9542 Fri, 25 Jul 2025 02:00:02 GMT New File Integrity Tool: ficheck.py
Jim created a new tool, ficheck.py, that can be used to verify file integrity. It is a drop-in replacement for an older tool, fcheck, which was written in Perl and no longer functions well on modern Linux distributions.
https://isc.sans.edu/diary/New%20Tool%3A%20ficheck.py/32136
Mitel Vulnerability
Mitel released a patch for a vulnerability in its MX-ONE product. The authentication bypass could provide an attacker with user or even admin privileges.
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0009
SonicWall SMA 100 Vulnerability
SonicWall fixed an arbitrary file upload issue in its SMA 100 series firewalls. But exploitation will require credentials.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0014
]]> 5:20 file integrity, ficheck.py, fcheck.pl, mitel, sonicwall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9540 SANS Stormcast Thursday, July 24th, 2025: Reversing SharePoint Exploit; NPM “is” Compromise; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, July 24th, 2025: Reversing SharePoint Exploit; NPM “is” Compromise; https://traffic.libsyn.com/securitypodcast/9540.mp3 https://isc.sans.edu/podcastdetail/9540 Thu, 24 Jul 2025 02:00:02 GMT Reversing SharePoint Toolshell Exploits CVE-2025-53770 and CVE-2025-53771
A quick walk-through showing how to decode the payload of recent SharePoint exploits
https://isc.sans.edu/diary/Analyzing%20Sharepoint%20Exploits%20%28CVE-2025-53770%2C%20CVE-2025-53771%29/32138
Compromised JavaScript NPM is Package
The popular npm package is was compromised by malware. Luckily, the malicious code was found quickly, and it was reversed after about five hours.
https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack
Microsoft Quick Machine Recovery
Microsoft added a new quick machine recovery feature to Windows 11. If the system is stuck in a reboot loop, it will boot to a rescue partition and attempt to find fixes from Microsoft.
https://learn.microsoft.com/en-gb/windows/configuration/quick-machine-recovery/?tabs=intune
]]> 6:53 sharepoint, reversing, payload, npm, microsoft, windows 11, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9538 SANS Stormcast Wednesday, July 23rd, 2025: Sharepoint 2016 Patch; MotW Privacy and WinZip; Interlock Ransomware; Sophos Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, July 23rd, 2025: Sharepoint 2016 Patch; MotW Privacy and WinZip; Interlock Ransomware; Sophos Patches https://traffic.libsyn.com/securitypodcast/9538.mp3 https://isc.sans.edu/podcastdetail/9538 Wed, 23 Jul 2025 02:00:02 GMT Microsoft Updates SharePoint Vulnerability Guidance CVE-2025-53770 and CVE-2025-53771
Microsoft released its update for SharePoint 2016, completing the updates across all currently supported versions.
https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
WinZip MotW Privacy
Starting with version 7.10, WinZip introduced an option to no longer include the download URL in zip files as part of the Mark of the Web (MotW).
https://isc.sans.edu/diary/WinRAR%20MoTW%20Propagation%20Privacy/32130
Interlock Ransomware
Several government agencies collaborated to create an informative and comprehensive overview of the Interlock ransomware. Just like prior writeups, this writeup is very informative, including many technical details useful to detect and block this ransomware.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a
Sophos Firewall Updates
Sophos patched five different vulnerabilities in its firewalls. Two of them are critical, but these only affect a small percentage of users.
https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce
]]> 6:17 sophos, interlock, winzip, motw, microsoft, sharepoint, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9536 SANS Stormcast Tuesday, July 22nd, 2025: SharePoint Emergency Patches; How Long Does Patching Take; HPE Wifi Vuln; Zoho WorkDrive Abused Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, July 22nd, 2025: SharePoint Emergency Patches; How Long Does Patching Take; HPE Wifi Vuln; Zoho WorkDrive Abused https://traffic.libsyn.com/securitypodcast/9536.mp3 https://isc.sans.edu/podcastdetail/9536 Tue, 22 Jul 2025 02:00:03 GMT Microsoft Released Patches for SharePoint Vulnerability CVE-2025-53770 CVE-2025-53771
Microsoft released a patch for the currently exploited SharePoint vulnerability. It also added a second CVE number identifying the authentication bypass vulnerability.
https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
How Quickly Are Systems Patched?
Jan took Shodan data to check how quickly recent vulnerabilities were patched. The quick answer: Not fast enough.
https://isc.sans.edu/diary/How%20quickly%20do%20we%20patch%3F%20A%20quick%20look%20from%20the%20global%20viewpoint/32126
HP Enterprise Instant On Access Points Vulnerability
HPE patched two vulnerabilities in its Instant On access points (aka Aruba). One allows for authentication bypass, while the second one enables arbitrary code execution as admin.
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us
Revealing the AppLocker Bypass Risks in The Suggested Block-list Policy
AppLocker sample policies suffer from a simple bug that may enable some rule bypass, but only if signatures are not enforced.
While reviewing Microsoft s suggested configuration, Varonis Threat Labs noticed a subtle but important issue: the MaximumFileVersion field was set to 65355 instead of the expected 65535.
https://www.varonis.com/blog/applocker-bypass-risks
Ghost Crypt Malware Leverages Zoho WorkDrive
The Ghost malware tricks users into downloading by sending links to Zoho WorkDrive locations.
https://www.esentire.com/blog/ghost-crypt-powers-purerat-with-hypnosis
]]> 6:00 SharePoint, patches, zoho, workdrive, applocker, hpe, aruba, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9534 SANS Stormcast Monday July 21st, 2025: Sharepoint Exploited; Veeam Fake Voicemail Phish; Passkey Phishing Attack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday July 21st, 2025: Sharepoint Exploited; Veeam Fake Voicemail Phish; Passkey Phishing Attack https://traffic.libsyn.com/securitypodcast/9534.mp3 https://isc.sans.edu/podcastdetail/9534 Mon, 21 Jul 2025 02:00:03 GMT SharePoint Servers Exploited via 0-day CVE-2025-53770
Late last week, CodeWhite found a new remote code execution exploit against SharePoint. This vulnerability is now actively exploited.
https://isc.sans.edu/diary/Critical+Sharepoint+0Day+Vulnerablity+Exploited+CVE202553770+ToolShell/32122/
Veeam Voicemail Phishing
Attackers appear to impersonate VEEAM in recent voicemail-themed phishing attempts.
https://isc.sans.edu/diary/Veeam%20Phishing%20via%20Wav%20File/32120
Passkey Phishing Attack
A currently active phishing attack takes advantage of the ability to use QR codes to complete the Passkey login procedure
https://expel.com/blog/poisonseed-downgrading-fido-key-authentications-to-fetch-user-accounts/
]]> 8:05 passkey, sharepoint, veeam, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9532 SANS Stormcast Friday, July 18th, 2025: Extended File Attributes; Critical Cisco ISE Patch; VMWare Patches; Quarterly Oracle Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, July 18th, 2025: Extended File Attributes; Critical Cisco ISE Patch; VMWare Patches; Quarterly Oracle Patches https://traffic.libsyn.com/securitypodcast/9532.mp3 https://isc.sans.edu/podcastdetail/9532 Fri, 18 Jul 2025 02:00:02 GMT Hiding Payloads in Linux Extended File Attributes
Xavier today looked at ways to hide payloads on Linux, similar to how alternate data streams are used on Windows. Turns out that extended file attributes do the trick, and he presents some scripts to either hide data or find hidden data.
https://isc.sans.edu/diary/Hiding%20Payloads%20in%20Linux%20Extended%20File%20Attributes/32116
Cisco Patches Critical Identity Services Engine Flaw CVE-2025-20281, CVE-2025-20337, CVE-2025-20282
An unauthenticated user may execute arbitrary code as root across the network due to improperly validated data in Cisco s Identity Services Engine.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
Oracle Critical Patch Update
Oracle patched 309 flaws across 111 products. 9 of these vulnerabilities have a critical CVSS score of 9.0 or higher.
https://www.oracle.com/security-alerts/cpujul2025.html
Broadcom releases VMware Updates
Broadcom fixed a number of vulnerabilities for ESXi, Workstation, Fusion, and Tools.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877
]]> 4:55 broadcom, oracle, cisco, linux, xattr, extended file attributes, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9530 SANS Stormcast Thursday, July 17th, 2025: catbox.moe abuse; Sonicwall Attacks; Rendering Issues Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, July 17th, 2025: catbox.moe abuse; Sonicwall Attacks; Rendering Issues https://traffic.libsyn.com/securitypodcast/9530.mp3 https://isc.sans.edu/podcastdetail/9530 Thu, 17 Jul 2025 02:40:13 GMT More Free File Sharing Services Abuse
The free file-sharing service catbox.moe is abused by malware. While it officially claims not to allow hosting of executables, it only checks extensions and is easily abused
https://isc.sans.edu/diary/More%20Free%20File%20Sharing%20Services%20Abuse/32112
Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor
A group Google identifies as UNC6148 is exploiting the Sonicwall SMA 100 series appliance. The devices are end of life, but even fully patched devices are exploited. Google assumes that these devices are compromised because credentials were leaked during prior attacks. The attacker installs the OVERSTEP backdoor after compromising the device.
https://cloud.google.com/blog/topics/threat-intelligence/sonicwall-secure-mobile-access-exploitation-overstep-backdoor
Weaponizing Trust in File Rendering Pipelines
RenderShock is a comprehensive zero-click attack strategy that targets passive file preview, indexing, and automation behaviours in modern operating systems and enterprise environments. It leverages built-in trust mechanisms and background processing in file systems, email clients, antivirus tools, and graphical user interfaces to deliver payloads without requiring any user interaction.
https://www.cyfirma.com/research/rendershock-weaponizing-trust-in-file-rendering-pipelines/
]]> 5:09 rendershock, unc6148, sonicwall, catbox, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9528 SANS Stormcast Wednesday, July 16th, 2025: ADS Keystroke Logger; Fake Homebrew; Broadcom Altiris RCE; Malicious Cursor AI Extensions Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, July 16th, 2025: ADS Keystroke Logger; Fake Homebrew; Broadcom Altiris RCE; Malicious Cursor AI Extensions https://traffic.libsyn.com/securitypodcast/9528.mp3 https://isc.sans.edu/podcastdetail/9528 Wed, 16 Jul 2025 02:00:02 GMT Keylogger Data Stored in an ADS
Xavier came across a keystroke logger that stores data in alternate data streams. The data includes keystroke logs as well as clipboard data
https://isc.sans.edu/diary/Keylogger%20Data%20Stored%20in%20an%20ADS/32108
Malvertising Homebrew
An attacker has been attempting to trick users into installing a malicious version of Homebrew. The fake software is advertised via paid Google ads and directs users to the attacker s GitHub repo.
https://medium.com/deriv-tech/brewing-trouble-dissecting-a-macos-malware-campaign-90c2c24de5dc
CVE-2025-5333: Remote Code Execution in Broadcom Altiris IRM
LRQA have discovered a critical unauthenticated remote code execution (RCE) vulnerability in the Broadcom Symantec Altiris Inventory Rule Management (IRM) component of Symantec Endpoint Management.
https://www.lrqa.com/en/cyber-labs/remote-code-execution-in-broadcom-altiris-irm/
Code highlighting with Cursor AI for $500,000
A syntax highlighting extension for Cursor AI was used to compromise a developer s workstation and steal $500,000 in cryptocurrency.
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/
]]> 5:45 cursor, extensions, broadcom, altiris, malvertising, homebrew, keylogger, ADS, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9526 SANS Stormcast Monday, July 14th, 2025: Web Honeypot Log Volume; Browser Extension Malware; RDP Forensics Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, July 14th, 2025: Web Honeypot Log Volume; Browser Extension Malware; RDP Forensics https://traffic.libsyn.com/securitypodcast/9526.mp3 https://isc.sans.edu/podcastdetail/9526 Tue, 15 Jul 2025 02:05:16 GMT DShield Honeypot Log Volume Increase
Within the last few months, there has been a dramatic increase in honeypot log volumes and how often these high volumes are seen. This has not just been from Jesse s residential honeypot, which has historically seen higher log volumes, but from all of the honeypots that Jesse runs.
https://isc.sans.edu/diary/DShield+Honeypot+Log+Volume+Increase/32100
Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware.
Koi Security s investigation of a single verified color picker exposed a coordinated campaign of 18 malicious extensions that infected a massive 2.3 million users across Chrome and Edge.
https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5
RDP Forensics
Comprehensive overview of Windows RDP Forensics
https://medium.com/@mathias.fuchs/chasing-ghosts-over-rdp-lateral-movement-in-tiny-bitmaps-328d2babd8ec
]]> 6:10 rdp, forensics, malware, browser extension, dshield, honeypot, sonicwall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9524 SANS Stormcast Monday, July 14th, 2025: Suspect Domain Feed; Wing FTP Exploited; FortiWeb Exploited; NVIDIA GPU Rowhammer Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, July 14th, 2025: Suspect Domain Feed; Wing FTP Exploited; FortiWeb Exploited; NVIDIA GPU Rowhammer https://traffic.libsyn.com/securitypodcast/9524.mp3 https://isc.sans.edu/podcastdetail/9524 Mon, 14 Jul 2025 02:00:02 GMT Experimental Suspicious Domain Feed
Our new experimental suspicious domain feed uses various criteria to identify domains that may be used for phishing or other malicious purposes.
https://isc.sans.edu/diary/Experimental%20Suspicious%20Domain%20Feed/32102
Wing FTP Server RCE Vulnerability Exploited CVE-2025-47812
Huntress saw active exploitation of Wing FTP Server remote code execution (CVE-2025-47812) on a customer on July 1, 2025. Organizations running Wing FTP Server should update to the fixed version, version 7.4.4, as soon as possible.
https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild
https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
FortiWeb Pre-Auth RCE (CVE-2025-25257)
An exploit for the FortiWeb RCE Vulnerability is now available and is being used in the wild.
https://pwner.gg/blog/2025-07-10-fortiweb-fabric-rce
NVIDIA Vulnerable to Rowhammer
NVIDIA has received new research related to the industry-wide DRAM issue known as Rowhammer . The research demonstrates a potential Rowhammer attack against an NVIDIA A6000 GPU with GDDR6 Memory. The purpose of this notice is to reinforce already known mitigations to Rowhammer attacks.
https://nvidia.custhelp.com/app/answers/detail/a_id/5671/~/security-notice%3A-rowhammer---july-2025
]]> 6:53 domain feed, nvidia, rowhammer, fortiweb, sql injection, wing ftp, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9522 SANS Stormcast Friday, July 11th, 2025: SSH Tunnel; FortiWeb SQL Injection; Ruckus Unpatched Vuln; Missing Motherboard Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, July 11th, 2025: SSH Tunnel; FortiWeb SQL Injection; Ruckus Unpatched Vuln; Missing Motherboard Patches; https://traffic.libsyn.com/securitypodcast/9522.mp3 https://isc.sans.edu/podcastdetail/9522 Fri, 11 Jul 2025 02:00:02 GMT SSH Tunneling in Action: direct-tcp requests
Attackers are compromising ssh servers to abuse them as relays. The attacker will configure port forwarding direct-tcp connections to forward traffic to a victim. In this particular case, the Yandex mail server was the primary victim of these attacks.
https://isc.sans.edu/diary/SSH%20Tunneling%20in%20Action%3A%20direct-tcp%20requests%20%5BGuest%20Diary%5D/32094
Fortiguard FortiWeb Unauthenticated SQL injection in GUI (CVE-2025-25257)
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
https://www.fortiguard.com/psirt/FG-IR-25-151
Ruckus Virtual SmartZone (vSZ) and Ruckus Network Director (RND) contain multiple vulnerabilities
Ruckus products suffer from a number of critical vulnerabilities. There is no patch available, and users are advised to restrict access to the vulnerable admin interface.
https://kb.cert.org/vuls/id/613753
]]> 5:48 ruckus, forgiguard, ssh, tunnel, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9520 SANS Stormcast Thursday, July 10th, 2025: Internal CA with ACME; TapJacking on Android; Adobe Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, July 10th, 2025: Internal CA with ACME; TapJacking on Android; Adobe Patches; https://traffic.libsyn.com/securitypodcast/9520.mp3 https://isc.sans.edu/podcastdetail/9520 Thu, 10 Jul 2025 02:00:02 GMT Setting up Your Own Certificate Authority for Development: Why and How.
Some tips on setting up your own internal certificate authority using the smallstep CA.
https://isc.sans.edu/diary/Setting%20up%20Your%20Own%20Certificate%20Authority%20for%20Development%3A%20Why%20and%20How./32092
Animation-Driven Tapjacking on Android
Attackers can use a click-jacking like trick to trick victims into clicking on animated transparent dialogs opened from other applications.
https://taptrap.click/usenix25_taptrap_paper.pdf
Adobe Patches
Adobe patched 13 different products yesterday. Most concerning are vulnerabilities in Coldfusion that include code execution and arbitrary file disclosure vulnerabilities.
https://helpx.adobe.com/security/security-bulletin.html
]]> 5:18 ca, smallstap, acme, tapjack, adobe, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9518 SANS Stormcast Wednesday, July 9th, 2025: Microsoft Patches; Opposum Attack; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, July 9th, 2025: Microsoft Patches; Opposum Attack; https://traffic.libsyn.com/securitypodcast/9518.mp3 https://isc.sans.edu/podcastdetail/9518 Wed, 09 Jul 2025 02:00:03 GMT Microsoft Patch Tuesday, July 2025
Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities was disclosed before being patched, and none of the vulnerabilities have so far been exploited.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%2C%20July%202025/32088
Opposum Attack
If a TLS server is configured to allow switching from HTTP to HTTPS on a specific port, an attacker may be able to inject a request into the data stream.
https://opossum-attack.com/
Ivanti Security Updates
Ivanty fixed vulnerabilities in Ivanty Connect Secure, EPMM, and EPM. In particular the password decryption vulnerabliity may be interesting.
https://www.ivanti.com/blog/july-security-update-2025
]]> 7:44 ivanti, opposum, tls, microsoft, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9516 SANS Stormcast Tuesday, July 8th, 2025: Detecting Filename (Windows); Atomic Stealer now with Backdoor; SEO Scams Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, July 8th, 2025: Detecting Filename (Windows); Atomic Stealer now with Backdoor; SEO Scams https://traffic.libsyn.com/securitypodcast/9516.mp3 https://isc.sans.edu/podcastdetail/9516 Tue, 08 Jul 2025 02:20:02 GMT What s My File Name
Malware may use the GetModuleFileName API to detect if it was renamed to a name typical for analysis, like sample.exe or malware.exe
https://isc.sans.edu/diary/What%27s%20My%20%28File%29Name%3F/32084
Atomic macOS infostealer adds backdoor for persistent attacks
Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems.
https://moonlock.com/amos-backdoor-persistent-access
HOUKEN SEEKING A PATH BY LIVING ON THE EDGE WITH ZERO-DAYS
At the beginning of September 2024, an attacker repeatedly exploited vulnerabilities CVE-2024- 8190, CVE-2024-8963, and CVE-2024-9380 vulnerabilities to remotely execute arbitrary code on vulnerable Ivanti Cloud Service Appliance devices.
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-CTI-009.pdf
SEO Scams Targeting Putty, WinSCP, and AI Tools
Paid Google ads are advertising trojaned versions of popuplar tools like ssh and winscp
https://arcticwolf.com/resources/blog-uk/malvertising-campaign-delivers-oyster-broomstick-backdoor-via-seo-poisoning-and-trojanized-tools/
]]> 5:29 malware, getmodulefilename, houken, seo, putty, winscp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9514 SANS Stormcast Monday, July 7th, 2025: interesting usernames; More sudo issues; CitrixBleed2 PoC; Short Lived Certs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, July 7th, 2025: interesting usernames; More sudo issues; CitrixBleed2 PoC; Short Lived Certs https://traffic.libsyn.com/securitypodcast/9514.mp3 https://isc.sans.edu/podcastdetail/9514 Mon, 07 Jul 2025 02:00:02 GMT Interesting ssh/telnet usernames
Some interesting usernames observed in our honeypots
https://isc.sans.edu/diary/A%20few%20interesting%20and%20notable%20ssh%20telnet%20usernames/32080
More sudo trouble
The host option in Sudo can be exploited to execute commands on unauthorized hosts.
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
CitrixBleed2 PoC Posted (CVE-2025-5777)
WatchTwer published additional details about the recently patched CitrixBleed vulnerability, including a PoC exploit.
https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/
Instagram Using Six Day Certificates
Instagram changes their TLS certificates daily and they use certificates that are just about to expire in a week.
https://hereket.com/posts/instagram-single-day-certificates/
]]> 5:48 usernames, scadaadmin, gpu001, gpu002, sudo, citrix, netscaler, citrixbleed, instagram, certificates, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9512 SANS Stormcast Thursday July 3rd, 2025: sudo problems; polymorphic zip files; cisco vulnerablity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday July 3rd, 2025: sudo problems; polymorphic zip files; cisco vulnerablity https://traffic.libsyn.com/securitypodcast/9512.mp3 https://isc.sans.edu/podcastdetail/9512 Thu, 03 Jul 2025 02:00:02 GMT Sudo chroot Elevation of Privilege
The sudo chroot option can be leveraged by any local user to elevate privileges to root, even if no sudo rules are defined for that user.
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
Polymorphic ZIP Files
A zip file with a corrupt End of Central Directory Record may extract different data depending on the tool used to extract the files.
https://hackarcana.com/article/yet-another-zip-trick
Cisco Unified Communications Manager Static SSH Credentials Vulnerability
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
]]> 5:20 sudo, cisco, ucm, ssh, zip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9510 SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative https://traffic.libsyn.com/securitypodcast/9510.mp3 https://isc.sans.edu/podcastdetail/9510 Mon, 30 Jun 2025 02:00:02 GMT Scattered Spider Update
The threat actor known as Scattered Spider is in the news again, this time focusing on airlines. But the techniques used by Scattered Spider, social engineering, are still some of the most dangerous techniques used by various threat actors.
https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations?e=48754805
AMI BIOS Vulnerability Exploited CVE-2024-54085
A vulnerability in the Redfish remote access software, including AMI s BIOS, is now being exploited.
https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf
https://eclypsium.com/blog/ami-megarac-vulnerabilities-bmc-part-3/
Act now: Secure Boot certificates expire in June 2026
The Microsoft certificates used in Secure Boot are the basis of trust for operating system security, and all will be expiring beginning June 2026.
https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856
The Windows Resiliency Initiative: Building resilience for a future-ready enterprise
Microsoft announced more details about its future security and resilience strategy for Windows. In particular, security tools will no longer have kernel access, which is supposed to prevent a repeat of the Cloudflare issue, but may also restrict security tools functionality.
https://blogs.windows.com/windowsexperience/2025/06/26/the-windows-resiliency-initiative-building-resilience-for-a-future-ready-enterprise/
]]> 7:29 windows, resiliency, cloudflare, secure boot, certificate, ami bios, redfish, scattered spider, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9508 SANS Stormcast Friday, June 27th, 2025: Open-VSX Flaw; Airoha Bluetooth Vulnerablity; Critical Cisco Identity Service Engine Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, June 27th, 2025: Open-VSX Flaw; Airoha Bluetooth Vulnerablity; Critical Cisco Identity Service Engine Vuln; https://traffic.libsyn.com/securitypodcast/9508.mp3 https://isc.sans.edu/podcastdetail/9508 Fri, 27 Jun 2025 02:00:02 GMT Open-VSX Flaw Puts Developers at Risk
A flaw in the open-vsx extension marketplace could have let to the compromise of any extension offered by the marketplace.
https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44
Bluetooth Vulnerability Could Allow Eavesdropping
A vulnerability in the widely used Airoha Bluetooth chipset can be used to compromise devices and use them for eavesdropping.
https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
Critical Cisco Identity Services Engine Vulnerability
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
]]> 6:47 cisco, ISE, bluetooth, airoha, open-vsx, vs-code, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9506 SANS Stormcast Thursday, June 26th, 2025: Another Netscaler Vuln; CentOS Web Panel Vuln; IP Based Certs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, June 26th, 2025: Another Netscaler Vuln; CentOS Web Panel Vuln; IP Based Certs https://traffic.libsyn.com/securitypodcast/9506.mp3 https://isc.sans.edu/podcastdetail/9506 Thu, 26 Jun 2025 02:00:02 GMT NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543
Citrix patched a memory overflow vulnerability leading to unintended control flow and denial of service.
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
Remote code execution in CentOS Web Panel - CVE-2025-48703
An arbitrary file upload vulnerability in the user (not admin) part of Web Panel can be used to execute arbitrary code
https://fenrisk.com/rce-centos-webpanel
Gogs Arbitrary File Deletion Vulnerability
Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution.
https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7
Let s Encrypt Will Soon Issue IP Address-Based Certs
Let s Encrypt is almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the short-lived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while.
https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777
]]> 5:53 netscaler, adc, citrix, dos, lets encrypt, certificates, gogs, centos, web panel, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9504 SANS Stormcast Tuesday, June 24th, 2025: Telnet/SSH Scan Evolution; Fake Sonicwall Software; File-Fix vs Click-Fix Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, June 24th, 2025: Telnet/SSH Scan Evolution; Fake Sonicwall Software; File-Fix vs Click-Fix https://traffic.libsyn.com/securitypodcast/9504.mp3 https://isc.sans.edu/podcastdetail/9504 Wed, 25 Jun 2025 02:00:03 GMT Quick Password Brute Forcing Evolution Statistics
After collecting usernames and passwords from our ssh and telnet honeypots for about a decade, I took a look back at how scans changed. Attackers are attempting more passwords in each scans than they used to, but the average length of passwords did not change.
https://isc.sans.edu/diary/Quick%20Password%20Brute%20Forcing%20Evolution%20Statistics/32068
Introducing FileFix A New Alternative to ClickFix Attacks
Attackers may trick the user into copy/pasting strings into file explorer, which will execute commands similar to the ClickFix attack that tricks users into copy pasting the command into the start menu s cmd feature.
https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/
Threat Actors Modify and Re-Create Commercial Software to Steal User s Information
A fake Sonicwall Netextender clone will steal user s credentials
https://www.sonicwall.com/blog/threat-actors-modify-and-re-create-commercial-software-to-steal-users-information
]]> 4:03 clickfix, filefix, password, brute forcing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9502 SANS Stormcast Tuesday, June 24th, 2025: Ichano ATHome IP Camera Scans; Netscaler Vulnerability; WinRar Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, June 24th, 2025: Ichano ATHome IP Camera Scans; Netscaler Vulnerability; WinRar Vulnerability https://traffic.libsyn.com/securitypodcast/9502.mp3 https://isc.sans.edu/podcastdetail/9502 Tue, 24 Jun 2025 02:00:02 GMT Scans for Ichano AtHome IP Cameras
A couple days ago, a few sources started scanning for the username super_yg and the password 123. This is associated with Ichano IP Camera software.
https://isc.sans.edu/diary/Scans%20for%20Ichano%20AtHome%20IP%20Cameras/32062
Critical Netscaler Security Update CVE-2025-5777
CVE 2025-5777 is a critical severity vulnerability impacting NetScaler Gateway, i.e. if NetScaler has been configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
https://www.netscaler.com/blog/news/critical-security-updates-for-netscaler-netscaler-gateway-and-netscaler-console/
WinRar Vulnerability CVE-2025-6218
WinRar may be tricked into extracting files into attacker-determined locations, possibly leading to remote code execution
https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9
]]> 5:04 ip cameras, winrar, netscaler, ichano, athome, ip camera, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9500 SANS Stormcast Monday, June 23rd, 2025: ADS and Python; More Secure Cloud PCs; Zend.to Path Traversal; Parser Differentials Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, June 23rd, 2025: ADS and Python; More Secure Cloud PCs; Zend.to Path Traversal; Parser Differentials https://traffic.libsyn.com/securitypodcast/9500.mp3 https://isc.sans.edu/podcastdetail/9500 Mon, 23 Jun 2025 02:00:02 GMT ADS & Python Tools
Didier explains how to use his tools cut-bytes.py and filescanner to extract information from alternate data streams.
https://isc.sans.edu/diary/ADS%20%26%20Python%20Tools/32058
Enhanced security defaults for Windows 365 Cloud PCs
Microsoft announced more secure default configurations for its Windows 365 Cloud PC offerings.
https://techcommunity.microsoft.com/blog/windows-itpro-blog/enhanced-security-defaults-for-windows-365-cloud-pcs/4424914
CVE-2025-34508: Another File Sharing Application, Another Path Traversal
Horizon3 reveals details of a recently patched directory traversal vulnerability in zend.to.
https://horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/
Unexpected security footguns in Go's parsers
Go parsers for JSON and XML are not always compatible and can parse data in unexpected ways. This blog by Trails of Bits goes over the various security implications of this behaviour.
https://blog.trailofbits.com/2025/06/17/unexpected-security-footguns-in-gos-parsers/
]]> 5:36 parsers, go, xml, json, zend.to, ads, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9498 SANS Stormcast Friday, June 20th, 2025: New Employee Phishing; Malicious Tech Support Links; Social Engineering App Sepecific Passwords Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, June 20th, 2025: New Employee Phishing; Malicious Tech Support Links; Social Engineering App Sepecific Passwords https://traffic.libsyn.com/securitypodcast/9498.mp3 https://isc.sans.edu/podcastdetail/9498 Fri, 20 Jun 2025 02:00:02 GMT How Long Until the Phishing Starts? About Two Weeks
After setting up a Google Workspace and adding a new user, it took only two weeks for the new employee to receive somewhat targeted phishing emails.
https://isc.sans.edu/diary/How%20Long%20Until%20the%20Phishing%20Starts%3F%20About%20Two%20Weeks/32052
Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone numbers
Scammers are placing Google ads that point to legitimate companies sites, but are injecting malicious text into the page advertising fake tech support numbers
https://www.malwarebytes.com/blog/news/2025/06/scammers-hijack-websites-of-bank-of-america-netflix-microsoft-and-more-to-insert-fake-phone-number
What s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia
Targeted attacks are tricking victims into creating app-specific passwords to Google resources.
https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia
]]> 5:46 asp, app specific, google, scammer, workspace, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9496 SANS Stormcast Monday, June 16th, 2025: Extracting Data from JPEG; Windows Recall Export; Anubis Wiper; Mitel Vuln and PoC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, June 16th, 2025: Extracting Data from JPEG; Windows Recall Export; Anubis Wiper; Mitel Vuln and PoC https://traffic.libsyn.com/securitypodcast/9496.mp3 https://isc.sans.edu/podcastdetail/9496 Tue, 17 Jun 2025 02:00:02 GMT Extracting Data From JPEGs
Didier shows how to efficiently extract data from JPEGs using his tool jpegdump.py
https://isc.sans.edu/diary/A%20JPEG%20With%20A%20Payload/32048
Windows Recall Export in Europe
In its latest insider build for Windows 11, Microsoft is testing an export feature for data stored by Recall. The feature is limited to European users and requires that you note an encryption key that will be displayed only once as Recall is enabled.
https://blogs.windows.com/windows-insider/2025/06/13/announcing-windows-11-insider-preview-build-26120-4441-beta-channel/
Anubis Ransomware Now Wipes Data
The Anubis ransomware, usually known for standard double extortion, is now also wiping data preventing any recovery even if you pay the ransom.
https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html
Mitel Vulnerabilities CVE-2025-47188
Mitel this week patched a critical path traversal vulnerability (sadly, no CVE), and Infoguard Labs published a PoC exploit for an older file upload vulnerability.
https://labs.infoguard.ch/posts/cve-2025-47188_mitel_phone_unauthenticated_rce/ https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0007
]]> 5:46 mitel, anubis, ringtone, wiper, ransomware, windows, recall, jpegdump, jpeg, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9494 SANS Stormcast Monday, June 16th, 2025: Katz Stealer in JPG; JavaScript Attacks; Reviving expired Discord Invites for Evil Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, June 16th, 2025: Katz Stealer in JPG; JavaScript Attacks; Reviving expired Discord Invites for Evil https://traffic.libsyn.com/securitypodcast/9494.mp3 https://isc.sans.edu/podcastdetail/9494 Mon, 16 Jun 2025 02:00:02 GMT Katz Stealer in JPG
Xavier found some multistage malware that uses an Excel Spreadsheet and an HTA file to load an image that includes embeded a copy of Katz stealer.
https://isc.sans.edu/diary/More+Steganography/32044
https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/
JavaScript obfuscated with JSF*CK is being used on over 200,000 websites to direct victims to malware
Expired Discord Invite Links Used for Malware Distribution
Expired discord invite links are revived as vanity links to direct victims to malware sites
https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/
]]> 6:44 discord, invite, malware, katz, jpg, jpeg, javascript, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9492 SANS Stormcast Friday, June 13th, 2025: Honeypot Scripts; EchoLeak MSFT Copilot Vuln; Thunderbolt mailbox URL Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, June 13th, 2025: Honeypot Scripts; EchoLeak MSFT Copilot Vuln; Thunderbolt mailbox URL Vuln; https://traffic.libsyn.com/securitypodcast/9492.mp3 https://isc.sans.edu/podcastdetail/9492 Fri, 13 Jun 2025 02:00:02 GMT Automated Tools to Assist with DShield Honeypot Investigations
https://isc.sans.edu/diary/Automated%20Tools%20to%20Assist%20with%20DShield%20Honeypot%20Investigations%20%5BGuest%20Diary%5D/32038
EchoLeak: Zero-Click Microsoft 365 Copilot Data Leak
Microsoft fixed a vulnerability in Copilot that could have been abused to exfiltrate data from Copilot users. Copilot mishandled instructions an attacker included in documents inspected by Copilot and executed them.
https://www.aim.security/lp/aim-labs-echoleak-blogpost
Thunderbolt Vulnerability
Thunderbolt users may be tricked into downloading arbitrary files if an email includes a mailbox:/// URL.
https://www.mozilla.org/en-US/security/advisories/mfsa2025-49/
]]> 5:43 honeypot tools, echoleak, copilot, thunderbolt, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9490 SANS Stormcast Thursday, June 12th, 2025: Quasar RAT; Windows 11 24H2 Delay; SMB Client Vuln PoC; Connectwise Signing Keys; KDE Telnet code exec Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, June 12th, 2025: Quasar RAT; Windows 11 24H2 Delay; SMB Client Vuln PoC; Connectwise Signing Keys; KDE Telnet code exec https://traffic.libsyn.com/securitypodcast/9490.mp3 https://isc.sans.edu/podcastdetail/9490 Thu, 12 Jun 2025 02:00:02 GMT Quasar RAT Delivered Through Bat Files
Xavier is walking you through a quick reverse analysis of a script that will injection code extracted from a PNG image to implement a Quasar RAT.
https://isc.sans.edu/diary/Quasar%20RAT%20Delivered%20Through%20Bat%20Files/32036
Delayed Windows 11 24H2 Rollout
Microsoft slightly throttled the rollout of windows 11 24H2 due to issues stemming from the patch Tuesday fixes.
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3570
An In-Depth Analysis of CVE-2025-33073
Patch Tuesday fixed an already exploited SMB client vulnerability. A blog by Synacktiv explains the nature of the issue and how to exploit it.
https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025
Connectwise Rotating Signing Certificates
Connectwise is rotating signing certificates after a recent compromise, and will release a new version of its Screen share software soon to harden its configuration.
https://www.connectwise.com/company/trust/advisories
KDE Telnet URL Vulnerablity
The Konsole delivered as part of KDE may be abused to execute arbitrary code via telnet URLs.
https://kde.org/info/security/advisory-20250609-1.txt
]]> 6:27 kde, telnet, konsole, conectwise, SMB, windows, RAT, BAT, Quasar, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9488 SANS Stormcast Wednesday, June 11th, 2025: Microsoft Patch Tuesday; Acrobat Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, June 11th, 2025: Microsoft Patch Tuesday; Acrobat Patches https://traffic.libsyn.com/securitypodcast/9488.mp3 https://isc.sans.edu/podcastdetail/9488 Wed, 11 Jun 2025 02:00:02 GMT Microsoft Patch Tuesday
Microsoft today released patches for 67 vulnerabilities. 10 of these vulnerabilities are rated critical. One vulnerability has already been exploited and another vulnerability has been publicly disclosed before today.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202025/32032
Adobe Vulnerabilities
Adobe released patches for 7 different applications. Two significant ones are Adobe Commerce and Adobe Acrobat Reader. All vulnerabilities patched for Adobe Commerce can only be exploited by an authenticated user. The Adobe Acrobat Reader vulnerabilities are exploited by a user opening a crafted PDF, and the exploit may execute arbitrary code.
https://helpx.adobe.com/security/Home.html
]]> 6:58 microsoft, patches, tuesday, adobe, commerce, pdf, acrobat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9486 SANS Stormcast June, Tuesday, June 10th, 2025: Octosql; Mirai vs. Wazuh DNS4EU; Wordpress Fair Package Manager Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast June, Tuesday, June 10th, 2025: Octosql; Mirai vs. Wazuh DNS4EU; Wordpress Fair Package Manager https://traffic.libsyn.com/securitypodcast/9486.mp3 https://isc.sans.edu/podcastdetail/9486 Tue, 10 Jun 2025 02:00:02 GMT OctoSQL & Vulnerability Data
OctoSQL is a neat tool to query files in different formats using SQL. This can, for example, be used to query the JSON vulnerability files from CISA or NVD and create interesting joins between different files.
https://isc.sans.edu/diary/OctoSQL+Vulnerability+Data/32026
Mirai vs. Wazuh
The Mirai botnet has now been observed exploiting a vulnerability in the open-source EDR tool Wazuh.
https://www.akamai.com/blog/security-research/botnets-flaw-mirai-spreads-through-wazuh-vulnerability
DNS4EU
The European Union created its own public recursive resolver to offer a public resolver compliant with European privacy laws. This resolver is currently operated by ENISA, but the intent is to have a commercial entity operate and support it by a commercial entity.
https://www.joindns4.eu/
WordPress FAIR Package Manager
Recent legal issues around different WordPress-related entities have made it more difficult to maintain diverse sources of WordPress plugins. With WordPress plugins usually being responsible for many of the security issues, the Linux Foundation has come forward to support the FAIR Package Manager, a tool intended to simplify the management of WordPress packages.
https://github.com/fairpm
]]> 6:09 Octosql, wazuh, mirai, dns4eu, dns, wordpress, fair, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9484 SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script https://traffic.libsyn.com/securitypodcast/9484.mp3 https://isc.sans.edu/podcastdetail/9484 Mon, 09 Jun 2025 02:00:03 GMT Extracting With pngdump.py
Didier extended his pngdump.py script to make it easier to extract additional data appended to the end of the image file.
https://isc.sans.edu/diary/Extracting%20With%20pngdump.py/32022
16 React Native Packages for GlueStack Backdoored Overnight
16 npm packages with over a million weekly downloads between them were compromised. The compromised packages include a remote admin tool that was seen before in similar attacks.
https://www.aikido.dev/blog/supply-chain-attack-on-react-native-aria-ecosystem
Atomic MacOS Stealer Exploits Clickfix
MacOS users are now also targeted by fake captchas, tricking users into running exploit code.
https://www.cloudsek.com/blog/amos-variant-distributed-via-clickfix-in-spectrum-themed-dynamic-delivery-campaign-by-russian-speaking-hackers
Microsoft INETPUB Script
Microsoft published a simple PowerShell script to restore the inetpub folder in case you removed it by mistake.
https://www.powershellgallery.com/packages/Set-InetpubFolderAcl/1.0
]]> 5:43 microsoft, inetpub, atomix, amos, stealer, clickfix, gluestack, backdoor, pngdump.py, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9482 SANS Stormcast Friday, June 6th, 2025: Fake Zoom Clients; Python tarfile vulnerability; HPE Insight Remote Support Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, June 6th, 2025: Fake Zoom Clients; Python tarfile vulnerability; HPE Insight Remote Support Patch https://traffic.libsyn.com/securitypodcast/9482.mp3 https://isc.sans.edu/podcastdetail/9482 Fri, 06 Jun 2025 02:00:02 GMT Be Careful With Fake Zoom Client Downloads
Miscreants are tricking victims into downloading fake Zoom clients (and likely other meeting software) by first sending them fake meeting invites that direct victims to a page that offers malware for download as an update to the Zoom client.
https://isc.sans.edu/diary/Be%20Careful%20With%20Fake%20Zoom%20Client%20Downloads/32014
Python tarfile Vulnerability
Recently, the Python tarfile module introduced a filter option to help mitigate some of the insecure behavior common to software unpacking archives. This filter is, however, not working quite as well as it should.
https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability
HP fixed, among other vulnerabilities, a critical remote code execution vulnerability in Insight Remote Support (IRS)
https://www.zerodayinitiative.com/advisories/ZDI-25-325/
]]> 5:01 hp, insight, remote, support, irs, python, tarfile, zoom, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9480 SANS Stormcast Thursday, June 5th, 2025: Phishing Comment Trick; AWS default logging mode change; Cisco Backdoor Fixed; Infoblox Vulnerability Details Released Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, June 5th, 2025: Phishing Comment Trick; AWS default logging mode change; Cisco Backdoor Fixed; Infoblox Vulnerability Details Released https://traffic.libsyn.com/securitypodcast/9480.mp3 https://isc.sans.edu/podcastdetail/9480 Thu, 05 Jun 2025 02:00:02 GMT Phishing e-mail that hides malicious links from Outlook users
Jan found a phishing email that hides the malicious link from Outlook users. The email uses specific HTML comment clauses Outlook interprets to render or not render specific parts of the email s HTML code. Jan suggests that the phishing email is intented to not expose users of
https://isc.sans.edu/diary/Phishing%20e-mail%20that%20hides%20malicious%20link%20from%20Outlook%20users/32010
Amazon changing default logging from blocking to non-blocking
Amazon will change the default logging mode from blocking to non-blocking. Non-blocking logging will not stop the application if logging fails, but may result in a loss of logs.
https://aws.amazon.com/blogs/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/
Cisco Removes Backdoor
Cisco fixed a Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7
Infoblox Vulnerability Details disclosed
Details regarding several vulnerabilities recently patched in Infoblox s NetMRI have been made public. In particular an unauthenticated remote code execution issue should be considered critical.
https://rhinosecuritylabs.com/research/infoblox-multiple-cves/
]]> 5:26 infoblox, netmri, Cisco, backdoor, amazon, logging, outlook, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9478 SANS Stormcast Wednesday, June 4th, 2025: vBulletin Exploited; Chrome 0-Day Patch; Roundcube RCE Patch; Multiple HP StoreOnce Vulns Patched Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, June 4th, 2025: vBulletin Exploited; Chrome 0-Day Patch; Roundcube RCE Patch; Multiple HP StoreOnce Vulns Patched https://traffic.libsyn.com/securitypodcast/9478.mp3 https://isc.sans.edu/podcastdetail/9478 Wed, 04 Jun 2025 02:00:02 GMT vBulletin Exploits CVE-2025-48827, CVE-2025-48828
We do see exploit attempts for the vBulletin flaw disclosed about a week ago. The flaw is only exploitable if vBulltin is run on PHP 8.1, and was patched over a year ago. However, vBulltin never disclosed the type of vulnerability that was patched.
https://isc.sans.edu/diary/vBulletin%20Exploits%20%28CVE-2025-48827%2C%20CVE-2025-48828%29/32006
Google Chrome 0-Day Patched
Google released a security update for Google Chrome patching three flaws. One of these is already being exploited.
https://chromereleases.googleblog.com/
Roundcube Update
Roundcube patched a vulnerability that allows any authenticated user to execute arbitrary code.
https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
HP Vulnerabilities in StoreOnce
HP patched multiple vulnerabilities in StoreOnce. These issues could lead to remote code execution
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US
]]> 7:25 HP, roundcube, storeonce, google, chrome, 0-day, vBulletin, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9476 SANS Stormcast Tuesday, June 3rd, 2025: Windows SSH C2; Google Removes CAs from trusted list; MSFT issues Emergency Patch to fix Crash issue; Qualcom Adreno GPU 0-day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, June 3rd, 2025: Windows SSH C2; Google Removes CAs from trusted list; MSFT issues Emergency Patch to fix Crash issue; Qualcom Adreno GPU 0-day https://traffic.libsyn.com/securitypodcast/9476.mp3 https://isc.sans.edu/podcastdetail/9476 Tue, 03 Jun 2025 02:00:02 GMT Simple SSH Backdoor
Xavier came across a simple SSH backdoor taking advantage of the ssh client preinstalled on recent Windows systems. The backdoor is implemented via an SSH configuration file that instructs the SSH client to connect to a remote system and forward a shell on a random port. This will make the shell accessible to anybody able to connect to the C2 host.
https://isc.sans.edu/diary/Simple%20SSH%20Backdoor/32000
Google Chrome to Distrust CAs
Google Chrome will remove the Chunghwa Telecom and Netlock certificate authorities from its list of trusted CAs. Any certificates issued after July 31st will not be trusted. Certificates issued before the deadline will be trusted until they expire.
https://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html
Microsoft Emergency Update to Fix Crashes Caused by May Patch
Microsoft released an emergency update for a bug caused by one of the patches released in May. Due to the bug, systems may not restart after the patch is applied. This affects, first of all, virtual systems running in Azure and HyperV but apparently has also affected some physical systems.
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23h2#kb5058405-might-fail-to-install-with-recovery-error-0xc0000098-in-acpi-sys
Qualcomm Adreno Graphics Processing Unit Patch (Exploited!)
Qualcomm released an update for the driver for its Adreno GPU. The patched vulnerability is already being exploited against Android devices.
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html
]]> 6:06 qualcom, adreno, netlock, chungwa, ssh, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9474 SANS Stormcast Monday, June 2nd, 2025: PNG with RAT; Cisco IOS XE WLC Exploit; vBulletin Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, June 2nd, 2025: PNG with RAT; Cisco IOS XE WLC Exploit; vBulletin Exploit https://traffic.libsyn.com/securitypodcast/9474.mp3 https://isc.sans.edu/podcastdetail/9474 Mon, 02 Jun 2025 09:53:08 GMT A PNG Image With an Embedded Gift
Xavier shows how Python code attached to a PNG image can be used to implement a command and control channel or a complete remote admin kit.
https://isc.sans.edu/diary/A+PNG+Image+With+an+Embedded+Gift/31998
Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis
Horizon3 analyzed a recently patched flaw in Cisco Wireless Controllers. This arbitrary file upload flaw can easily be used to execute arbitrary code.
https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/
Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE
A change in PHP 8.1 can expose methods previously expected to be safe . vBulletin fixed a related flaw about a year ago without explicitly highlighting the security impact of the fix. A blog post now exposed the flaw and provided exploit examples. We have seen exploit attempts against honeypots starting May 25th, two days after the blog was published.
https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce
]]> 5:42 vbulletin, php, exploit, cisco, wlc, png, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9472 SANS Stormcast Friday, May 30th 2025: Alternate Data Streams; Connectwise Breach; Google Calendar C2; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, May 30th 2025: Alternate Data Streams; Connectwise Breach; Google Calendar C2; https://traffic.libsyn.com/securitypodcast/9472.mp3 https://isc.sans.edu/podcastdetail/9472 Fri, 30 May 2025 02:00:02 GMT Alternate Data Streams: Adversary Defense Evasion and Detection
Good Primer of alternate data streams and how they are abused, as well as how to detect and defend against ADS abuse.
https://isc.sans.edu/diary/Alternate%20Data%20Streams%20%3F%20Adversary%20Defense%20Evasion%20and%20Detection%20%5BGuest%20Diary%5D/31990
Connectwise Breach Affects ScreenConnect Customers
Connectwise s ScreenConnect solution was compromised, leading to attacks against a small number of customers. This is yet another example of how attackers are taking advantage of remote access solutions.
https://www.connectwise.com/company/trust/advisories
Mark Your Calendar: APT41 Innovative Tactics
Google detected attacks leveraging Google s calendar solution as a command and control channel.
https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics
Webs of Deception: Using the SANS ICS Kill Chain to Flip the Advantage to the Defender
Defending a small Industrial Control System (ICS) against sophisticated threats can seem futile. The resource disparity between small ICS defenders and sophisticated attackers poses a significant security challenge.
https://www.sans.edu/cyber-research/webs-deception-using-sans-ics-kill-chain-flip-advantage-defender/
]]> 13:47 deceptoin, ics, apt41, google, calendar, connectwise, screenconnect, ads, alternate data streams, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9470 SANS Stormcast Thursday May 29th 2025: LLM Assisted Analysis; MSP Ransomware; Everetz Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday May 29th 2025: LLM Assisted Analysis; MSP Ransomware; Everetz Vulnerability https://traffic.libsyn.com/securitypodcast/9470.mp3 https://isc.sans.edu/podcastdetail/9470 Thu, 29 May 2025 02:00:02 GMT Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack
Jennifer Wilson took a weird string found in a recent honeypot sample and worked with ChatGPT to figure out what it is all about.
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Exploring%20a%20Use%20Case%20of%20Artificial%20Intelligence%20Assistance%20with%20Understanding%20an%20Attack/31980
Ransomware Deployed via SimpleHelp Vulnerabilities
Ransomware actors are using vulnerabilities in SimpleHelp to gain access to victim s networks via MSPs. The exploited vulnerabilities were patched in January.
https://news.sophos.com/en-us/2025/05/27/dragonforce-actors-target-simplehelp-vulnerabilities-to-attack-msp-customers/
OS Command Injection in Everetz Equipment
Broadcast equipment manufactured by Everetz is susceptible to an OS command injection vulnerability. Everetz has not responded to researchers reporting the vulnerability so far and there is no patch available.
https://www.onekey.com/resource/security-advisory-remote-code-execution-on-evertz-svdn-cve-2025-4009
]]> 6:10 llm, chatgpt, telegram, simplehelp, ransomware, everetz, os command injection, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9468 SANS Stormcast Wednesday May 28th 2025: Securing authorized_keys; ADAuditPlus SQL Injection; Dero Miner vs Docker API Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday May 28th 2025: Securing authorized_keys; ADAuditPlus SQL Injection; Dero Miner vs Docker API https://traffic.libsyn.com/securitypodcast/9468.mp3 https://isc.sans.edu/podcastdetail/9468 Wed, 28 May 2025 02:00:03 GMT SSH authorized_keys File
One of the most common techniques used by many bots is to add rogue keys to the authorized_keys file, implementing an SSH backdoor. Managing these files and detecting unauthorized changes is not hard and should be done if you operate Unix systems.
https://isc.sans.edu/diary/Securing%20Your%20SSH%20authorized_keys%20File/31986
REMOTE COMMAND EXECUTION ON SMARTBEDDED METEOBRIDGE (CVE-2025-4008)
Weatherstation software Meteobridge suffers from an easily exploitable unauthenticated remote code execution vulnerability
https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008
https://forum.meteohub.de/viewtopic.php?t=18687
Manageengine ADAuditPlus SQL Injection
Zoho patched two SQL Injection vulnerabilities in its ManageEngine ADAuditPlus product
https://www.manageengine.com/products/active-directory-audit/cve-2025-41407.html
https://www.manageengine.com/products/active-directory-audit/cve-2025-36527.html
Dero Miner Infects Containers through Docker API
Kaspersky found yet another botnet infecting docker containers to spread crypto coin miners. The initial access happens via exposed docker APIs.
https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/
]]> 6:37 dero, miner, docker, manageengine, adauditplus, sql injection, ssh, authorized_keys, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9466 SANS Stormcast Tuesday, May 27th 2025: SVG Steganography; Fortinet PoC; GitLab Duo Prompt Injection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, May 27th 2025: SVG Steganography; Fortinet PoC; GitLab Duo Prompt Injection https://traffic.libsyn.com/securitypodcast/9466.mp3 https://isc.sans.edu/podcastdetail/9466 Tue, 27 May 2025 02:00:03 GMT SVG Steganography
Steganography is not only limited to pixel-based images but can be used to embed messages into vector-based formats like SVG.
https://isc.sans.edu/diary/SVG%20Steganography/31978
Fortinet Vulnerability Details CVE-2025-32756
Horizon3.ai shows how it was able to find the vulnerability in Fortinet s products, and how to possibly exploit this issue. The vulnerability is already being exploited in the wild and was patched May 13th
https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/
Remote Prompt Injection in GitLab Duo Leads to Source Code Theft
An attacker may leave instructions (prompts) for GitLab Duo embedded in the source code. This could be used to exfiltrate source code and secrets or to inject malicious code into an application.
https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo
]]> 7:13 steganography, svg, fortinet, gitlab, duo, prompt injection, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9464 SANS Stormcast Friday, May 23rd 2025: Backup Connectivity; Windows 2025 dMSA Abuse; Samlify Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, May 23rd 2025: Backup Connectivity; Windows 2025 dMSA Abuse; Samlify Vulnerability https://traffic.libsyn.com/securitypodcast/9464.mp3 https://isc.sans.edu/podcastdetail/9464 Fri, 23 May 2025 02:00:02 GMT Resilient Secure Backup Connectivity for SMB/Home Users
Establishing resilient access to a home network via a second ISP may lead to unintended backdoors. Secure the access and make sure you have the visibility needed to detect abuse.
https://isc.sans.edu/diary/Resilient%20Secure%20Backup%20Connectivity%20for%20SMB%20Home%20Users/31972
BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory
An attacker with the ability to create service accounts may be able to manipulate these accounts to mark them as migrated accounts, inheriting all privileges the original account had access to.
https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory
Flaw in samlify That Opens Door to SAML Single Sign-On Bypass CVE-2025-47949
The samlify Node.js library does not verify SAML assertions correctly. It will consider the entire assertion valid, not just the original one. An attacker may use this to obtain additional privileges or authenticate as a different user
https://www.endorlabs.com/learn/cve-2025-47949-reveals-flaw-in-samlify-that-opens-door-to-saml-single-sign-on-bypass
]]> 7:54 pgp, openpgp, npm, javascript, dns, cname, researchers, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9462 SANS Stormcast Thursday, May 22nd 2025: Crypto Confidence Scams; Extension Mayhem for VS Code and Chrome Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, May 22nd 2025: Crypto Confidence Scams; Extension Mayhem for VS Code and Chrome https://traffic.libsyn.com/securitypodcast/9462.mp3 https://isc.sans.edu/podcastdetail/9462 Thu, 22 May 2025 02:00:02 GMT New Variant of Crypto Confidence Scam
Scammers are offering login credentials for what appears to be high value crypto coin accounts. However, the goal is to trick users into paying for expensive VIP memberships to withdraw the money.
https://isc.sans.edu/diary/New%20Variant%20of%20Crypto%20Confidence%20Scam/31968
Malicious Chrome Extensions
Malicious Chrome extensions mimick popular services like VPNs to trick users into installing them. Once installed, the extensions will exfiltrate browser secrets
https://dti.domaintools.com/dual-function-malware-chrome-extensions/
Malicious VS Code Extensions
Malicious Visual Studio Code extensions target crypto developers to trick them into installing them to exfiltrate developer secrets.
https://securitylabs.datadoghq.com/articles/mut-9332-malicious-solidity-vscode-extensions/#indicators-of-compromise
]]> 6:21 vs code, chrome, extensions, crypto, confidence scams, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9460 SANS Stormcast Wednesday, May 21st 2025: Researchers Scanning the Internet; Forgotten DNS Records; openpgp.js Vulneraiblity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, May 21st 2025: Researchers Scanning the Internet; Forgotten DNS Records; openpgp.js Vulneraiblity https://traffic.libsyn.com/securitypodcast/9460.mp3 https://isc.sans.edu/podcastdetail/9460 Wed, 21 May 2025 02:00:02 GMT Researchers Scanning the Internet
A newish RFC, RFC 9511, suggests researchers identify themselves by adding strings to the traffic they send, or by operating web servers on machines from which the scan originates. We do offer lists of researchers and just added three new groups today
https://isc.sans.edu/diary/Researchers%20Scanning%20the%20Internet/31964
Cloudy with a change of Hijacking: Forgotten DNS Records
Organizations do not always remove unused CNAME records. An attacker may take advantage of this if an attacker is able to take possession of the now unused public cloud resource the name pointed to.
https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/
Message signature verification can be spoofed CVE-2025-47934
A vulnerability in openpgp.js may be used to spoof message signatures. openpgp.js is a popular library in systems implementing end-to-end encrypted browser applications.
https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8
]]> 7:51 pgp, openpgp, npm, javascript, dns, cname, researchers, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9458 SANS Stormcast Tuesday, May 20th 2025: AutoIT Code RAT; Fake Keepass Download; Procolored Printer Software Compromise Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, May 20th 2025: AutoIT Code RAT; Fake Keepass Download; Procolored Printer Software Compromise https://traffic.libsyn.com/securitypodcast/9458.mp3 https://isc.sans.edu/podcastdetail/9458 Tue, 20 May 2025 02:00:02 GMT RAT Dropped By Two Layers of AutoIT Code
Xavier explains how AutoIT was used to install a remote admin tool (RAT) and how to analyse such a tool
https://isc.sans.edu/diary/RAT%20Dropped%20By%20Two%20Layers%20of%20AutoIT%20Code/31960
RVTools compromise confirmed
Robware.net, the site behind the popular tool RVTools now confirmed that it was compromised. The site is currently offline.
https://www.robware.net/readMore
Trojaned Version of Keepass used to install info stealer and Cobalt Strike beacon
A backdoored version of KeePass was used to trick victims into installing Cobalt Strike and other malware. In this case, Keepass itself was not compromised and the malicious version was advertised via search engine optimization tricks
https://labs.withsecure.com/publications/keepass-trojanised-in-advanced-malware-campaign
Procolored UV Printer Software Compromised
The official software offered by the makers of the Procolored UV printer has been compromised, and versions with malware were distributed for about half a year.
https://www.hackster.io/news/the-maker-s-toolbox-procolored-v11-pro-dto-uv-printer-review-680d491e17e3
https://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads
]]> 6:41 dynamic autoit, rvtools, keeppass, uv printer, procolored, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9456 SANS Stormcast Monday, May 18th 2025: xorsearch python functions; pwn2own Berlin; senior govt official impersonation; dynamic domain risk Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, May 18th 2025: xorsearch python functions; pwn2own Berlin; senior govt official impersonation; dynamic domain risk https://traffic.libsyn.com/securitypodcast/9456.mp3 https://isc.sans.edu/podcastdetail/9456 Mon, 19 May 2025 02:00:02 GMT xorsearch.py: Python Functions
Didier s xorsearch tool now supports python functions to filter output
https://isc.sans.edu/diary/xorsearch.py%3A%20Python%20Functions/31858
Pwn2Own Berlin 2025
Last weeks Pwn2Own contest in Berlin allowed researchers to demonstrate a number of new exploits with a large focus on privilege escalation and virtual machine escape.
https://www.zerodayinitiative.com/blog/2025/5/17/pwn2own-berlin-2025-day-three-results
Senior US Officials Impersonated in Malicious Messaging Campaign
The FBI warns of senior US officials being impersonated in text and voice messages.
https://www.ic3.gov/PSA/2025/PSA250515
Scattered Spider: TTP Evolution in 2025
Pushscurity provided an update on how Scattered Spider evolved. One thing they noted was that Scattered Spider takes advantage of legit dynamic domain name systems to make detection more difficult
https://pushsecurity.com/blog/scattered-spider-ttp-evolution-in-2025/
]]> 6:30 dynamic domains, it.com, vipshing, smishing, phishing, vmware, priviledge escalation, xorsearch, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9454 SANS Stormcast Friday, May 16th: Increase in Sonicwall Scans; RVTools Compromised?; RountPress Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, May 16th: Increase in Sonicwall Scans; RVTools Compromised?; RountPress https://traffic.libsyn.com/securitypodcast/9454.mp3 https://isc.sans.edu/podcastdetail/9454 Fri, 16 May 2025 02:00:03 GMT Web Scanning SonicWall for CVE-2021-20016 - Update
Scans for SonicWall increased by an order of magnitude over the last couple of weeks. Many of the attacks appear to originate from Global Host , a low-cost virtual hosting provider.
https://isc.sans.edu/diary/Web%20Scanning%20SonicWall%20for%20CVE-2021-20016%20-%20Update/31952
Google Update Patches Exploited Chrome Flaw
Google released an update for Chrome. The update fixes two specific flaws reported by external researchers, CVE-2025-4664 and CVE-2025-4609. The first flaw is already being exploited in the wild.
https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html
https://x.com/slonser_/status/1919439373986107814
RVTools Bumblebee Malware Attack
Zerodaylabs published its analysis of the RV-Tools Backdoor attack. It suggests that this may not be solely a search engine optimization campaign directing victims to the malicious installer, but that the RVTools distribution site was compromised.
https://zerodaylabs.net/rvtools-bumblebee-malware/
Operation RoundPress
ESET Security wrote up a report summarizing recent XSS attacks against open-source webmail systems
https://www.welivesecurity.com/en/eset-research/operation-roundpress/
]]> 6:26 Roundpress, xss, rvtools, google, chrome, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9452 SANS Stormcast Thursday, May 15th: Google Open Redirects; Adobe, Ivanti, and Samsung patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, May 15th: Google Open Redirects; Adobe, Ivanti, and Samsung patches https://traffic.libsyn.com/securitypodcast/9452.mp3 https://isc.sans.edu/podcastdetail/9452 Thu, 15 May 2025 02:00:02 GMT Another day, another phishing campaign abusing google.com open redirects
Google s links from it s maps page to hotel listings do suffer from an open redirect vulnerability that is actively exploited to direct users to phishing pages.
https://isc.sans.edu/diary/Another%20day%2C%20another%20phishing%20campaign%20abusing%20google.com%20open%20redirects/31950
Adobe Patches
Adobe patched 12 different applications. Of particular interest is the update to ColdFusion, which fixes several arbitrary code execution and arbitrary file read problems.
https://helpx.adobe.com/security/security-bulletin.html
Samsung Patches magicInfo 9 Again
Samsung released a new patch for the already exploited magicInfo 9 CMS vulnerability. While the description is identical to the patch released last August, a new CVE number is used.
https://security.samsungtv.com/securityUpdates#SVP-MAY-2025
Ivanti Patches Critical Ivanti Neurons Flaw
Ivanti released a patch for Ivanti Neurons for ITSM (on-prem only) fixing a critical authentication bypass vulnerability. Ivanti also points to its guidance to secure the underlying IIS server to make exploitation of flaws like this more difficult
]]> 6:16 adobe, ivanti, samsung, google, open redirect, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9450 SANS Stormcast Wednesday, May 14th: Microsoft Patch Tuesday; 0-Days patched for Ivanti Endpoint Manager and Fortinet Products Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, May 14th: Microsoft Patch Tuesday; 0-Days patched for Ivanti Endpoint Manager and Fortinet Products https://traffic.libsyn.com/securitypodcast/9450.mp3 https://isc.sans.edu/podcastdetail/9450 Wed, 14 May 2025 02:00:02 GMT Microsoft Patch Tuesday
Microsoft patched 70-78 vulnerabilities (depending on how you count them). Five of these vulnerabilities are already being exploited. In particular, a remote code execution vulnerability in the scripting engine should be taken seriously. It requires the Microsoft Edge browser to run in Internet Explorer mode.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20May%202025/31946
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)
Ivanti patched an authentication bypass vulnerability and a remote code execution vulnerability. The authentication bypass can exploit the remote code execution vulnerability without authenticating first.
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US
Fortinet Patches Exploited Vulnerability in API (CVE-2025-32756)
Fortinet patched an already exploited stack-based buffer overflow vulnerability in the API of multiple Fortinet products. The vulnerability is exploited via crafted HTTP requests.
https://fortiguard.fortinet.com/psirt/FG-IR-25-254
]]> 6:38 fortinet, ivanti, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9448 SANS Stormcast Tuesday, May 12th: Apple Patches; Unipi Technologies Scans; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, May 12th: Apple Patches; Unipi Technologies Scans; https://traffic.libsyn.com/securitypodcast/9448.mp3 https://isc.sans.edu/podcastdetail/9448 Tue, 13 May 2025 02:00:02 GMT Apple Updates Everything
Apple patched all of its operating systems. This update ports a patch for a recently exploited vulnerability to older versions of iOS and macOS.
https://isc.sans.edu/diary/31942
It Is 2025, And We Are Still Dealing With Default IoT Passwords And Stupid 2013 Router Vulnerabilities
Versions of the Mirai botnet are attacking devices made by Unipi Technology. These devices are using a specific username and password combination. In addition, this version of the Mirai botnet will also attempt exploits against an old Netgear vulnerability.
https://isc.sans.edu/diary/It%20Is%202025%2C%20And%20We%20Are%20Still%20Dealing%20With%20Default%20IoT%20Passwords%20And%20Stupid%202013%20Router%20Vulnerabilities/31940
Output Messenger Vulnerability
The internal messenger application Output Messenger is currently used in sophisticated attacks. Attackers are exploiting a path traversal vulnerability that has not been fixed.
https://www.outputmessenger.com/cve-2025-27920/
Commvault Correction
Commvault s patch indeed fixes the recent vulnerability. The Pioneer Release Will Dormann used to experiment will only offer patches after it has been registered, which leads to an error when assessing the patch s efficacy.
https://www.darkreading.com/application-security/commvault-patch-works-as-intended
]]> 6:29 commvault, output messenger, mirai, unipi, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9446 SANS Stormcast Monday, May 11th: Steganography Challenge; End-of-Life Routers; ASUS Driverhub; RV-Tools SEO Poisoning Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, May 11th: Steganography Challenge; End-of-Life Routers; ASUS Driverhub; RV-Tools SEO Poisoning https://traffic.libsyn.com/securitypodcast/9446.mp3 https://isc.sans.edu/podcastdetail/9446 Mon, 12 May 2025 01:42:54 GMT Steganography Challenge
Didier revealed the solution to last weekend s cryptography challenge. The image used the same encoding scheme as Didier described before, but the columns and rows were transposed.
https://isc.sans.edu/forums/diary/Steganography%20Challenge%3A%20My%20Solution/31912/
FBI Warns of End-of-life routers
The FBI is tracking larger botnets taking advantage of unpatched routers. Many of these routers are end-of-life, and no patches are available for the exploited vulnerabilities. The attackers are turning the devices into proxies, which are resold for various criminal activities.
https://www.ic3.gov/PSA/2025/PSA250507
ASUS Driverhub Vulnerability
ASUS Driverhub software does not properly check the origin of HTTP requests, allowing a CSRF attack from any website leading to arbitrary code execution.
https://mrbruh.com/asusdriverhub/
RV-Tools SEO Poisoning
Varonis Threat Labs observed SEO poisoning being used to trick system administrators into installing a malicious version of RV Tools. The malicious version includes a remote access tool leading to the theft of credentials
https://www.varonis.com/blog/seo-poisoning#initial-access-and-persistence
]]> 6:39 steganography, fbi, router, seq, rv-tools, asus, driverhub, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9444 SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch https://traffic.libsyn.com/securitypodcast/9444.mp3 https://isc.sans.edu/podcastdetail/9444 Fri, 09 May 2025 03:35:13 GMT No Internet Access: SSH to the Rescue
If faced with restrictive outbound network access policies, a single inbound SSH connection can quickly be turned into a tunnel or a full-blown VPN
https://isc.sans.edu/diary/No%20Internet%20Access%3F%20SSH%20to%20the%20Rescue!/31932
SAMSUNG magicINFO 9 Server Flaw Still exploitable
The SAMSUNG magicINFO 9 Server Vulnerability we found being exploited last week is apparently still not completely patched, and current versions are vulnerable to the exploit observed in the wild.
https://www.huntress.com/blog/rapid-response-samsung-magicinfo9-server-flaw
Bring Your Own Installer: Bypassing SentinelOne Through Agent Version Change Interruption
SentinelOne s installer is vulnerable to an exploit allowing attackers to shut down the end point protection software
https://www.aon.com/en/insights/cyber-labs/bring-your-own-installer-bypassing-sentinelone
Commvault Still Exploitable
A recent patch for Commvault is apparently ineffective and the PoC exploit published by watchTowr is still working against up to date patched systems
https://infosec.exchange/@wdormann/114458913006792356
]]> 4:57 commvault, patches, sentinelone, samung, magicinfo, ssh, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9442 SANS Stormcast Thursday, May 8th: Modular Malware; Sysaid Vuln; Cisco Wireless Controller Patch; Unifi Protect Camera Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, May 8th: Modular Malware; Sysaid Vuln; Cisco Wireless Controller Patch; Unifi Protect Camera Patch https://traffic.libsyn.com/securitypodcast/9442.mp3 https://isc.sans.edu/podcastdetail/9442 Thu, 08 May 2025 03:25:14 GMT Example of Modular Malware
Xavier analyzes modular malware that downloads DLLs from GitHub if specific features are required. In particular, the webcam module is inspected in detail.
https://isc.sans.edu/diary/Example%20of%20%22Modular%22%20Malware/31928
Sysaid XXE Vulnerabilities
IT Service Management Software Sysaid patched a number of XXE vulnerabilities. Without authentication, an attacker is able to obtain confidential data and completely compromise the system. watchTowr published a detailed analysis of the flaws including exploit code.
https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability
Cisco Patched a vulnerability in its wireless controller software that may be used to not only upload files but also execute code as root without authentication.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
Unifi Protect Camera Vulnerability
Ubiquity patched a vulnerability in its Protect camera firmware fixing a buffer overflow flaw.
https://community.ui.com/releases/Security-Advisory-Bulletin-047-047/cef86c37-7421-44fd-b251-84e76475a5bc
]]> 5:41 unifi, protect, camera, ubiquity, cisco, wireless, sysaid, xxe, modular, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9440 SANS Stormcast Wednesday, May 7th: Infostealer with Webserver; Android Update; CISA Warning Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, May 7th: Infostealer with Webserver; Android Update; CISA Warning https://traffic.libsyn.com/securitypodcast/9440.mp3 https://isc.sans.edu/podcastdetail/9440 Wed, 07 May 2025 03:35:15 GMT Python InfoStealer with Embedded Phishing Webserver
Didier found an interesting infostealer that, in addition to implementing typical infostealer functionality, includes a web server suitable to create local phishing sites.
https://isc.sans.edu/diary/Python%20InfoStealer%20with%20Embedded%20Phishing%20Webserver/31924
Android Update Fixes Freetype 0-Day
Google released its monthly Android update. As part of the update, it patched a vulnerability in Freetype that is already being exploited. Android is not alone in using Freetype. Freetype is a very commonly used library to parse fonts like Truetype fonts.
https://source.android.com/docs/security/bulletin/2025-05-01
CISA Warns of Unsophistacted Cyber Actors
CISA released an interesting title report warning operators of operational technology networks of ubiquitous attacks by unsophisticated actors. It emphasizes how important it is to not forget basic security measures to defend against these attacks.
https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology
]]> 6:44 python, infostealer, phishing, webserver, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9438 SANS Stormcast Tuesday, May 6th: Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, May 6th: Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost; https://traffic.libsyn.com/securitypodcast/9438.mp3 https://isc.sans.edu/podcastdetail/9438 Tue, 06 May 2025 03:20:14 GMT Mirai Now Exploits Samsung MagicINFO CMS CVE-2024-7399
The Mirai botnet added a new vulnerability to its arsenal. This vulnerability, a file upload and remote code execution vulnerability in Samsung s MagicInfo 9 CMS, was patched last August but attracted new attention last week after being mostly ignored so far.
https://isc.sans.edu/diary/Mirai+Now+Exploits+Samsung+MagicINFO+CMS+CVE20247399/31920
New Kali Linux Signing Key
The Kali Linux maintainers lost access to the secret key used to sign packages. Users must install a new key that will be used going forward.
https://www.kali.org/blog/new-kali-archive-signing-key/
The Risk of Default Configuration: How Out-of-the-Box Helm Charts Can Breach Your Cluster
Many out-of-the-box Helm charts for Kubernetes applications deploy vulnerable configurations with exposed ports and no authentication
https://techcommunity.microsoft.com/blog/microsoftdefendercloudblog/the-risk-of-default-configuration-how-out-of-the-box-helm-charts-can-breach-your/4409560
]]> 6:57 kali, linux, mirai, helm, kubernetes, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9436 SANS Stormcast Monday, May 5th: Steganography Challenge; Microsoft Makes Passkeys Default and Moves Away from Authenticator as Password Manager; Magento Components Backdoored. Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, May 5th: Steganography Challenge; Microsoft Makes Passkeys Default and Moves Away from Authenticator as Password Manager; Magento Components Backdoored. https://traffic.libsyn.com/securitypodcast/9436.mp3 https://isc.sans.edu/podcastdetail/9436 Mon, 05 May 2025 03:50:16 GMT Steganography Challenge
Didier published a fun steganography challenge. A solution will be offered on Saturday.
https://isc.sans.edu/diary/Steganography+Challenge/31910
Microsoft Makes Passkeys Default Authentication Method
Microsoft is now encouraging new users to use Passkeys as the default and only login method, further moving away from passwords
https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/
Microsoft Authenticator Autofill Changes
Microsoft will no longer support the use of Microsoft authenticator as a password safe. Instead, it will move users to the password prefill feature built into Microsoft Edge. This change will start in June and should be completed in August at which point you must have moved your credentials out of Microsoft Authenticator
https://support.microsoft.com/en-gb/account-billing/changes-to-microsoft-authenticator-autofill-09fd75df-dc04-4477-9619-811510805ab6
Backdoor found in popular e-commerce components
SANSEC identified several backdoored Magento e-commerce components. These backdoors were installed as far back as 2019 but only recently activated, at which point they became known. Affected vendors dispute any compromise at this point.
https://sansec.io/research/license-backdoor
]]> 5:57 backdoor, magento, msft, authenticator, passkeys, stegaonography, challenge, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9434 SANS Stormcast Friday, May 2nd: More Steganography; Malicious Python Packages GMail C2; BEC to Steal Rent Payments Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, May 2nd: More Steganography; Malicious Python Packages GMail C2; BEC to Steal Rent Payments https://traffic.libsyn.com/securitypodcast/9434.mp3 https://isc.sans.edu/podcastdetail/9434 Fri, 02 May 2025 02:00:02 GMT Steganography Analysis With pngdump.py: Bitstreams
More details from Didiear as to how to extract binary content hidden inside images
https://isc.sans.edu/diary/Steganography%20Analysis%20With%20pngdump.py%3A%20Bitstreams/31904
Using Trusted Protocols Against You: Gmail as a C2 Mechanism
Attackers are using typosquatting to trick developers into installing malicious python packages. These python packages will use GMail as a command and control channel by sending email to hard coded GMail accounts
https://socket.dev/blog/using-trusted-protocols-against-you-gmail-as-a-c2-mechanism
Security Brief: French BEC Threat Actor Targets Property Payments
A French business email compromise threat actor is targeting property management firms to send emails to tenents tricking them into sending rent payments to fake bank accounts
https://www.proofpoint.com/us/blog/threat-insight/security-brief-french-bec-threat-actor-targets-property-payments
SANS.edu Research Journal
https://isc.sans.edu/j/research
]]> 7:16 Steganograpy, Research Journal, bec, tenants, rent, gmail, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9432 SANS Stormcast Thursday, May 1st: Sonicwall Attacks; Cached Windows RDP Credentials Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, May 1st: Sonicwall Attacks; Cached Windows RDP Credentials https://traffic.libsyn.com/securitypodcast/9432.mp3 https://isc.sans.edu/podcastdetail/9432 Thu, 01 May 2025 02:00:02 GMT Web Scanning for Sonicwall Vulnerabilities CVE-2021-20016
For the last week, scans for Sonicwall API login and domain endpoints have skyrocketed. These attacks may be exploiting an older vulnerability or just attempting to brute force credentials.
https://isc.sans.edu/diary/Web%20Scanning%20Sonicwall%20for%20CVE-2021-20016/31906
The Wizards APT Group SLAAC Spoofing Adversary in the Middle Attacks
ESET published an article with details regarding an IPv6-linked attack they have observed. Attackers use router advertisements to inject fake recursive DNS servers that are used to inject IP addresses for hostnames used to update software. This leads to the victim downloading malware instead of legitimate updates.
https://www.welivesecurity.com/en/eset-research/thewizards-apt-group-slaac-spoofing-adversary-in-the-middle-attacks/
Windows RDP Access is Possible with Old Credentials
Credential caching may lead to Windows allowing RDP logins with old credentials.
https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that/?comments-page=1#comments
]]> 6:28 Sonicwall, Windows, RDP, SLAAC, IPv6, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9430 SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities https://traffic.libsyn.com/securitypodcast/9430.mp3 https://isc.sans.edu/podcastdetail/9430 Wed, 30 Apr 2025 02:00:02 GMT More Scans for SMS Gateways and APIs
Attackers are not just looking for SMS Gateways like the scans we reported on last week, but they are also actively scanning for other ways to use APIs and add on tools to send messages using other people s credentials.
https://isc.sans.edu/diary/More%20Scans%20for%20SMS%20Gateways%20and%20APIs/31902
AirBorne: AirPlay Vulnerabilities
Researchers at Oligo revealed over 20 weaknesses they found in Apple s implementation of the AirPlay protocol. These vulnerabilities can be abused to execute code or launch denial-of-service attacks against affected devices. Apple patched the vulnerabilities in recent updates.
https://www.oligo.security/blog/airborne
]]> 8:51 SMS, Airplay, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9428 SANS Stormcast Tuesday, April 29th: SRUM-DUMP 3; Policy Puppetry; Choice Jacking; @sansinstitute at #RSAC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, April 29th: SRUM-DUMP 3; Policy Puppetry; Choice Jacking; @sansinstitute at #RSAC https://traffic.libsyn.com/securitypodcast/9428.mp3 https://isc.sans.edu/podcastdetail/9428 Tue, 29 Apr 2025 02:00:03 GMT SRUM-DUMP Version 3: Uncovering Malware Activity in Forensics
Mark Baggett released SRUM-DUMP Version 3. The tool simplifies data extraction from Widnows System Resource Usage Monitor (SRUM). This database logs how much resources software used for 30 days, and is invaluable to find out what software was executed when and if it sent or received network data.
https://isc.sans.edu/diary/SRUM-DUMP%20Version%203%3A%20Uncovering%20Malware%20Activity%20in%20Forensics/31896
Novel Universal Bypass For All Major LLMS
Hidden Layer discovered a new prompt injection technique that bypasses security constraints in large language models.
The technique uses an XML formatted prequel for a prompt, which appears to the LLM as a policy file. This Policy Puppetry can be used to rewrite some of the security policies configured for LLMs. Unlike other techniques, this technique works across multiple LLMs without changing the policy.
https://hiddenlayer.com/innovation-hub/novel-universal-bypass-for-all-major-llms/
CHOICEJACKING: Compromising Mobile Devices through Malicious Chargers like a Decade ago
The old Juice Jacking is back, at least if you do not run the latest version of Android or iOS. This issue may allow a malicious USB device, particularly a USB charger, to take control of a device connected to it.
https://pure.tugraz.at/ws/portalfiles/portal/89650227/Final_Paper_Usenix.pdf
SANS @RSA: https://www.sans.org/mlp/rsac/
]]> 7:37 SRUM, windows, forensics, llms, policy, puppetry, choice jacking, usb, chargers, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9426 SANS Stormcast Monday, April 28th: Image Steganography; SAP Netweaver Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, April 28th: Image Steganography; SAP Netweaver Exploited https://traffic.libsyn.com/securitypodcast/9426.mp3 https://isc.sans.edu/podcastdetail/9426 Mon, 28 Apr 2025 02:00:02 GMT Example of a Payload Delivered Through Steganography
Xavier and Didier published two diaries this weekend, building on each other. First, Xavier showed an example of an image being used to smuggle an executable past network defenses, and second, Didier showed how to use his tools to extract the binary.
https://isc.sans.edu/diary/Example%20of%20a%20Payload%20Delivered%20Through%20Steganography/31892
SAP Netweaver Exploited CVE-2025-31324
An arbitrary file upload vulnerability in SAP s Netweaver product is actively exploited to upload webshells. Reliaquest discovered the issue. Reliaquest reports that they saw it being abused to upload the Brute Ratel C2 framework. Users of Netweaver must turn off the developmentserver alias and disable visual composer, and the application was deprecated for about 10 years. SAP has released an emergency update for the issue.
https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/
https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Any.Run Reports False Positive Uploads
Due to false positives caused by MS Defender XDR flagging Adobe Acrobat Cloud links as malicious, many users of Any.Run s free tier uploaded confidential documents to Any.Run. Anyrun blocked these uploads for now but reminded users to be cautious about what documents are being uploaded.
https://x.com/anyrun_app/status/1915429758516560190
]]> 7:55 any.run, adobe, xdr, microsoft, sap, netweaver, steganography, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9424 SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues; https://traffic.libsyn.com/securitypodcast/9424.mp3 https://isc.sans.edu/podcastdetail/9424 Fri, 25 Apr 2025 02:00:02 GMT Attacks against Teltonika Networks SMS Gateways
Attackers are actively scanning for SMS Gateways. These attacks take advantage of default passwords and other commonly used passwords.
https://isc.sans.edu/diary/Attacks%20against%20Teltonika%20Networks%20SMS%20Gateways/31888
Commvault Vulnerability CVE-2205-34028
Commvault, about a week ago, published an advisory and a fix for a vulnerability in its backup software. watchTowr now released a detailed writeup and exploit for the vulnerability
https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/
Exploitation Trends Q1 2025
Vulncheck published a summary of exploitation trends, pointing out that about a quarter of vulnerabilities are exploited a day after a patch is made available.
https://vulncheck.com/blog/exploitation-trends-q1-2025
inetpub directory issues
The inetpub directory introduced by Microsoft in its April patch may lead to a denial of service against applying patches on Windows if an attacker can create a junction for that location pointing to an existing system binary like Notepad.
https://doublepulsar.com/microsofts-patch-for-cve-2025-21204-symlink-vulnerability-introduces-another-symlink-vulnerability-9ea085537741
]]> 6:38 inetpub, vulncheck, patches, watchTowr, teltonika, sms, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9422 SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco https://traffic.libsyn.com/securitypodcast/9422.mp3 https://isc.sans.edu/podcastdetail/9422 Thu, 24 Apr 2025 02:00:02 GMT Honeypot Iptables Maintenance and DShield-SIEM Logging
In this diary, Jesse is talking about some of the tasks to maintain a honeypot, like keeping filebeats up to date and adjusting configurations in case your dynamic IP address changes
https://isc.sans.edu/diary/Honeypot%20Iptables%20Maintenance%20and%20DShield-SIEM%20Logging/31876
XRPL.js Compromised
An unknown actor was able to push malicious updates of the XRPL.js library to NPM. The library is officially recommended for writing Riple (RPL) cryptocurrency code. The malicious library exfiltrated secret keys to the attacker
https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor
https://github.com/XRPLF/xrpl.js/security/advisories/GHSA-33qr-m49q-rxfx
Cisco Equipment Affected by Erlang/OTP SSH Vulnerability
Cisco published an advisory explaining which of its products are affected by the critical Erlang/OTP SSH library vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy
]]> 5:44 SIEM, filebeats, iptables, honeypot, ripl, xrp, supply chain, npm, erlang/otp, erlang, ssh, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9420 SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed https://traffic.libsyn.com/securitypodcast/9420.mp3 https://isc.sans.edu/podcastdetail/9420 Wed, 23 Apr 2025 02:00:02 GMT xorsearch.py: Ad Hoc YARA Rules
Adhoc YARA rules allow for easy searches using command line arguments without having to write complete YARA rules for simple use cases like string and regex searches
https://isc.sans.edu/diary/xorsearch.py%3A%20%22Ad%20Hoc%20YARA%20Rules%22/31856
Google Spoofed via DKIM Replay Attack
DKIM replay attacks are a known issue where the attacker re-uses a prior DKIM signature. This will work as long as the headers signed by the signature are unchanged. Recently, this attack has been successful against Google.
https://easydmarc.com/blog/google-spoofed-via-dkim-replay-attack-a-technical-breakdown/
SSL.com E-Mail Validation Bug
SSL.com did not properly verify which domain a particular email address is authorized to receive certificates for. This could have been exploited against webmail providers.
https://bugzilla.mozilla.org/show_bug.cgi?id=1961406
]]> 6:18 dmarc, dkim, google, replay, ad-hoc, yara, xorsearch, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9418 SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE https://traffic.libsyn.com/securitypodcast/9418.mp3 https://isc.sans.edu/podcastdetail/9418 Tue, 22 Apr 2025 02:00:03 GMT It's 2025, so why are malicious advertising URLs still going strong?
Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL.
https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%20advertising%20URLs%20still%20going%20strong%3F/31880
ChatGPT Fingerprinting Documents via Unicode
ChatGPT apparently started leaving fingerprints in texts, which it creates by adding invisible Unicode characters like non-breaking spaces.
https://www.rumidocs.com/newsroom/new-chatgpt-models-seem-to-leave-watermarks-on-text
Asus AI Cloud Security Advisory
Asus warns of a remote code execution vulnerability in its routers. The vulnerability is related to the AI Cloud feature. If your router is EoL, disabling the feature will mitigate the vulnerability
https://www.asus.com/content/asus-product-security-advisory/
PyTorch Vulnerability
PyTorch fixed a remote code execution vulnerability exploitable if a malicious model was loaded. This issue was exploitable even with the weight_only=True" setting selected
https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
]]> 5:35 pytorch, ai cloud, asus, phishing, google, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9416 SANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug https://traffic.libsyn.com/securitypodcast/9416.mp3 https://isc.sans.edu/podcastdetail/9416 Mon, 21 Apr 2025 02:00:03 GMT Microsoft Entra User Lockout
Multiple organizations reported widespread alerts and account lockouts this weekend from Microsoft Entra. The issue is caused by a new feature Microsoft enabled. This feature will lock accounts if Microsoft believes that the password for the account was compromised.
https://www.bleepingcomputer.com/news/microsoft/widespread-microsoft-entra-lockouts-tied-to-new-security-feature-rollout/
https://learn.microsoft.com/en-us/entra/identity/authentication/feature-availability
Erlang/OTP SSH Exploit
An exploit was published for the Erlang/OTP SSH vulnerability. The vulnerability is easy to exploit, and the exploit and a Metasploit module allow for easy remote code execution.
https://github.com/exa-offsec/ssh_erlangotp_rce/blob/main/ssh_erlangotp_rce.rb
Sonicwall Exploited
An older command injection vulnerability is now exploited on Sonicwall devices after initially gaining access by brute-forcing credentials.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022
Unpatched Vulnerability in Bubble.io
An unpatched vulnerability in the no-code platform bubble.io can be used to access any project hosted on the site.
https://github.com/demon-i386/pop_n_bubble
]]> 7:31 bubble, no-code, bubble.io, sonicwall, ssh, erlang, microsoft, entra, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9414 SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy https://traffic.libsyn.com/securitypodcast/9414.mp3 https://isc.sans.edu/podcastdetail/9414 Fri, 18 Apr 2025 02:00:02 GMT RedTail: Remnux and Malware Management
A description showing how to set up a malware analysis in the cloud with Remnux and Kasm. RedTail is a sample to illustrate how the environment can be used.
https://isc.sans.edu/diary/RedTail%2C%20Remnux%20and%20Malware%20Management%20%5BGuest%20Diary%5D/31868
Critical Erlang/OTP SSH Vulnerability
Researchers identified a critical vulnerability in the Erlang/OTP SSH library. Due to this vulnerability, SSH servers written in Erlang/OTP allow arbitrary remote code execution without prior authentication
https://www.openwall.com/lists/oss-security/2025/04/16/2
Brickstorm Analysis
An analysis of a recent instance of the Brickstorm backdoor. This backdoor used to be more known for infecting Linux systems, but now it also infects Windows.
https://www.nviso.eu/blog/nviso-analyzes-brickstorm-espionage-backdoor
https://blog.nviso.eu/wp-content/uploads/2025/04/NVISO-BRICKSTORM-Report.pdf
OpenAI GPT 4.1 Controversy
OpenAI released its latest model, GPT 4.1, without a safety report and guardrails to prevent malware creation.
https://opentools.ai/news/openai-stirs-controversy-with-gpt-41-release-lacking-safety-report
]]> 6:18 openai, safety, malware, brickstorm, erlang, ssh, redtail, kasm, docker, container, aws, remnux, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9412 SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News; https://traffic.libsyn.com/securitypodcast/9412.mp3 https://isc.sans.edu/podcastdetail/9412 Thu, 17 Apr 2025 02:00:02 GMT Apple Updates
Apple released updates for iOS, iPadOS, macOS, and VisionOS. The updates fix two vulnerabilities which had already been exploited against iOS.
https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/31866
Oracle Updates
Oracle released it quarterly critical patch update. The update addresses 378 security vulnerabilities. Many of the critical updates are already known vulnerabilities in open-source software like Apache and Nginx ingress.
https://www.oracle.com/security-alerts/cpuapr2025.html
Oracle Breach Guidance
CISA released guidance for users affected by the recent Oracle cloud breach. The guidance focuses on the likely loss of passwords.
https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise
Google Chrome Update
A Google Chrome update released today fixes two security vulnerabilities. One of the vulnerabilities is rated as critical.
https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html
CVE Updates
CISA extended MITRE s funding to operate the CVE numbering scheme. However, a number of other organizations announced that they may start alternative vulnerability registers.
https://euvd.enisa.europa.eu/
https://gcve.eu/
https://www.thecvefoundation.org/
]]> 6:04 cve, cisa, mitre, chrome, google, oracle, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9410 SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes https://traffic.libsyn.com/securitypodcast/9410.mp3 https://isc.sans.edu/podcastdetail/9410 Wed, 16 Apr 2025 00:48:11 GMT Online Services Again Abused to Exfiltrate Data
Attackers like to abuse free online services that can be used to exfiltrate data. From the originals , like pastebin,
to past favorites like anonfiles.com. The latest example is gofile.io. As a defender, it is important to track these services to detect exfiltration early
https://isc.sans.edu/diary/Online%20Services%20Again%20Abused%20to%20Exfiltrate%20Data/31862
OpenSSH 10.0 Released
OpenSSH 10.0 was released. This release adds quantum-safe ciphers and the separation of authentication services into a separate binary to reduce the authentication attack surface.
https://www.openssh.com/releasenotes.html#10.0p1
Apache Roller Vulnerability
Apache Roller addressed a vulnerability. Its CVSS score of 10.0 appears inflated, but it is still a vulnerability you probably want to address.
https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f
CVE Funding Changes
Mitre s government contract to operate the CVE system may run out tomorrow. This could lead to a temporary disruption of services, but the system is backed by a diverse board of directors representing many large companies. It is possible that non-government funding sources may keep the system afloat for now.
https://www.cve.org/
]]> 5:54 cve, mitre, apache, roller, openssh, gofile, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9408 SANS Stormcast Tuesday April 15th: xorsearch Update; Short Lived Certificates; New USB Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday April 15th: xorsearch Update; Short Lived Certificates; New USB Malware https://traffic.libsyn.com/securitypodcast/9408.mp3 https://isc.sans.edu/podcastdetail/9408 Tue, 15 Apr 2025 02:00:03 GMT xorsearch Update
Diedier updated his "xorsearch" tool. It is now a python script, not a compiled binary, and supports Yara signatures. With Yara support also comes support for regular expressions.
https://isc.sans.edu/diary/xorsearch.py%3A%20Searching%20With%20Regexes/31854
Shorter Lived Certificates
The CA/Brower Forum passed an update to reduce the maximum livetime of
certificates. The reduction will be implemented over the next four years. EFF also released an update to certbot introducing profiles that can be used to request shorter lived certificates.
https://www.eff.org/deeplinks/2025/04/certbot-40-long-live-short-lived-certs
https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/bvWh5RN6tYI
New Malware Harvesting Data from USB drives and infecting them.
Kaspersky is reporting that they identified new malware that not only harvests data from USB drives, but also spread via USB drives by replacing existing documents with malicious files.
https://securelist.com/goffee-apt-new-attacks/116139/
]]> 5:35 goffee, usb, malware, russia, kaspersky, certificates, certbot, eff, xorsearch, yara, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9406 SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub; https://traffic.libsyn.com/securitypodcast/9406.mp3 https://isc.sans.edu/podcastdetail/9406 Mon, 14 Apr 2025 02:00:02 GMT Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248)
After spotting individaul attempts to exploit the recent Langflow vulnerability late last weeks, we now see more systematic internet wide scans attempting to verify the vulnerability.
https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Recent+Langflow+AI+Vulnerability+CVE20253248/31850/
Fortinet Analysis of Threat Actor Activity
Fortinet oberved recent vulnerablities in its devices being used to add a symlink to ease future compromise. The symlink is not removed by prior patches, and Fortinet released additional updates to detect and remove this attack artifact.
https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity
MSFT Inetpub
Microsoft clarrified that its April patches created the inetpub directory on purpose. Users should not remove it.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204#exploitability
SANSFIRE
https://isc.sans.edu/j/sansfire
]]> 7:07 sansfire, inetpub, fortinet, langflow, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9404 SANS Stormcast Friday April 11th: Network Infraxploit; Windows Hello Broken; Dell Update; Langflow Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday April 11th: Network Infraxploit; Windows Hello Broken; Dell Update; Langflow Exploit https://traffic.libsyn.com/securitypodcast/9404.mp3 https://isc.sans.edu/podcastdetail/9404 Fri, 11 Apr 2025 09:48:22 GMT Network Infraxploit
Our undergraduate intern, Matthew Gorman, wrote up a walk through of
CVE-2018-0171, an older Cisco vulnerability, that is still actively being
exploited. For example, VOLT TYPHOON recently exploited this problem.
https://isc.sans.edu/diary/Network+Infraxploit+Guest+Diary/31844
Windows Update Issues / Windows 10 Update
Microsoft updated its "Release Health" notes with details regarding issues
users experiences with Windows Hello, Citrix, and Roblox. Microsoft also released an emergency update for Office 2016 which has stability problems after applying the most recent update.
https://support.microsoft.com/en-us/topic/april-8-2025-kb5055523-os-build-26100-3775-277a9d11-6ebf-410c-99f7-8c61957461eb
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3521
https://support.microsoft.com/en-us/topic/april-10-2025-update-for-office-2016-kb5002623-d60c1f31-bb7c-4426-b8f4-69186d7fc1e5
Dell Updates
Dell releases critical updates for it's Powerscale One FS product. In particular, it fixes a default password problem.
https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
Langflow Vulnerablity (possible exploit scans sighted) CVE-2025-3248
Langflow addressed a critical vulnerability end of March. This writeup by Horizon3 demonstrates how the issue is possibly exploited. We have so far seen one "hit" in our honeypot logs for the vulnerable API endpoint URL.
https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
]]> 5:34 langfow, dell, windows, updates, infraxploit, cisco, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9402 SANS Stormcast ThursdayApril 10th: Getting Past PyArmor; CenterStack RCE; Android 0-Day Patch; VMware Tanzu Patches; Odd Win11 Directory; WhatsApp File Confusion; SANS AI Guide; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast ThursdayApril 10th: Getting Past PyArmor; CenterStack RCE; Android 0-Day Patch; VMware Tanzu Patches; Odd Win11 Directory; WhatsApp File Confusion; SANS AI Guide; https://traffic.libsyn.com/securitypodcast/9402.mp3 https://isc.sans.edu/podcastdetail/9402 Thu, 10 Apr 2025 02:00:03 GMT Getting Past PyArmor
PyArmor is a python obfuscation tool used for malicious and non-malicious software. Xavier is taking a look at a sample to show what can be learned from these obfuscated samples with not too much work.
https://isc.sans.edu/diary/Obfuscated%20Malicious%20Python%20Scripts%20with%20PyArmor/31840
CenterStack RCE CVE-2025-30406
Gladinet s CenterStack secure file-sharing software suffers from an inadequately protected machine key vulnerability that can be used to modify ViewState data. This vulnerability may lead to remote code execution, which is already exploited.
https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf
Google Patches two zero-day vulnerabilities CVE-2024-53150 CVE-2024-53197
Google released its monthly patches for Android. Two of the patched vulnerabilities are already exploited. One of them was used by Serbian law enforcement.
https://www.malwarebytes.com/blog/news/2025/04/google-fixes-two-actively-exploited-zero-day-vulnerabilities-in-android
Broadcom VMWare Tenzu Updates
Broadcom released updates for VMWare Tenzu. Many vulnerabilities affect the backup component and allow for arbitrary command execution.
https://support.broadcom.com/web/ecx/security-advisory?
Windows 11 April Update ads inetpub directory
The April Windows 11 update appears to create a new /inetpub directory. It is unclear why, and removing it appears to have no bad effects.
https://www.bleepingcomputer.com/news/microsoft/windows-11-april-update-unexpectedly-creates-new-inetpub-folder/
WhatsApp File Type Confusion/Spoofing
WhatsApp patched a file type confusion vulnerability. A victim may be tricked into downloading n
https://www.whatsapp.com/security/advisories/2025/
SANS Critical AI Security Guidelines
https://www.sans.org/mlp/critical-ai-security-guidelines
]]> 6:35 sans, ai, guidelines, whatsapp, inetpub, vmware, tenzu, google, android, 0-day, centerstrack, pyarmor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9400 SANS Stormcast Wednesday, April 10th: Microsoft Patch Tuesday; Adobe Patches; OpenSSL 3.5 with PQC; Fortinet Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, April 10th: Microsoft Patch Tuesday; Adobe Patches; OpenSSL 3.5 with PQC; Fortinet https://traffic.libsyn.com/securitypodcast/9400.mp3 https://isc.sans.edu/podcastdetail/9400 Wed, 09 Apr 2025 10:11:11 GMT Microsoft Patch Tuesday
Microsoft patched over 120 vulnerabilities this month. 11 of these were rated critical, and one vulnerability is already being exploited.
https://isc.sans.edu/diary/Microsoft%20April%202025%20Patch%20Tuesday/31838
Adobe Updates
Adobe released patches for 12 different products. In particular important are patches for Coldfusion addressing several remote code execution vulnerabilities. Adobe Commercse got patches as well, but none of the vulnerabilities are rated critical.
https://helpx.adobe.com/security/security-bulletin.html
OpenSSL 3.5 Released
OpenSSL 3.5 was released with support to post quantum ciphers. This is a long term support release.
https://groups.google.com/a/openssl.org/g/openssl-project/c/9ZYdIaExmIA
Fortiswitch Update
Fortinet released an update for Fortiswitch addressing a vulnerability that may be used to reset a password without verification.
https://fortiguard.fortinet.com/psirt/FG-IR-24-435
]]> 7:19 fortinet, fortiswitch, adobe, commerce, coldfusion, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9398 SANS Stormcast Tuesday, April 8th: Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, April 8th: https://traffic.libsyn.com/securitypodcast/9398.mp3 https://isc.sans.edu/podcastdetail/9398 Tue, 08 Apr 2025 02:40:16 GMT XORsearch: Searching With Regexes
Didier explains a workaround to use his tool XORsearch to search for regular expressions instead of simple strings.
https://isc.sans.edu/diary/XORsearch%3A%20Searching%20With%20Regexes/31834
MCP Security Notification: Tool Poisoning Attacks
Invariant labs summarized a critical weakness in the Model Context Protocol (MCP) that allows for "Tool Poisoning Attacks." Many major providers such as Anthropic and OpenAI, workflow automation systems like Zapier, and MCP clients like Cursor are susceptible to this attack
https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks
Making :visited more private
Google Chrome changed how links are marked as visited . This new partitioning scheme was introduced to improve privacy. Instead of marking a link as visited on any page where it is displayed, it is only marked as visited if the user clicks on the link while visiting the particular site where the link is displayed.
https://developer.chrome.com/blog/visited-links
]]> 6:18 xorsearch, regular expression, regex, mcp, agentic, model context protocol, vistied, chrome, privacy, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9396 SANS Stormcast Monday April 7th 2025: New Username Report; Quickshell Vulnerability; Apache Traffic Director Request Smuggeling Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday April 7th 2025: New Username Report; Quickshell Vulnerability; Apache Traffic Director Request Smuggeling https://traffic.libsyn.com/securitypodcast/9396.mp3 https://isc.sans.edu/podcastdetail/9396 Mon, 07 Apr 2025 01:20:47 GMT New SSH Username Report
A new ssh/telnet username reports makes it easier to identify new usernames attackers are using against our telnet and ssh honeypots
https://isc.sans.edu/diary/New%20SSH%20Username%20Report/31830
Quickshell Sharing is Caring: About an RCE Attack Chain on Quick Share
The Google Quick Share protocol is susceptible to several vulnerabilities that have not yet been fully patched, allowing for some file overwrite issues that could lead to the accidental execution of malicious code.
https://www.blackhat.com/asia-25/briefings/schedule/index.html#quickshell-sharing-is-caring-about-an-rce-attack-chain-on-quick-share-43874
Apache Traffic Director Request Smuggling Vulnerability
https://www.openwall.com/lists/oss-security/2025/04/02/4
]]> 6:14 apache, request smuggling, quickshell, quick share, ssh, usernames, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9394 SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update https://traffic.libsyn.com/securitypodcast/9394.mp3 https://isc.sans.edu/podcastdetail/9394 Fri, 04 Apr 2025 02:00:02 GMT Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive
Using frequency analysis, and training the model with honeypot data as well as log data from legitimate websites allows for a fairly simple and reliable triage of web server logs to identify possible malicious activity.
https://isc.sans.edu/diary/Exploring%20Statistical%20Measures%20to%20Predict%20URLs%20as%20Legitimate%20or%20Intrusive%20%5BGuest%20Diary%5D/31822
Critical Unexploitable Ivanti Vulnerability Exploited CVE-2025-22457
In February, Ivanti patched CVE-2025-22457. At the time, the vulnerability was not considered to be exploitable. Mandiant now published a blog disclosing that the vulnerability was exploited as soon as mid-march
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/
WinRAR MotW Vulnerability CVE-2025-31334
WinRAR patched a vulnerability that would not apply the Mark of the Web correctly if a compressed file included symlinks. This may make it easier to trick a victim into executing code downloaded from a website.
https://nvd.nist.gov/vuln/detail/CVE-2025-31334
Microsoft Warns of Tax-Related Scam
With the US personal income tax filing deadline only about a week out, Microsoft warns of commonly deployed scams that they are observing related to income tax filings
https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/
Oracle Breach Update
https://www.bloomberg.com/news/articles/2025-04-02/oracle-tells-clients-of-second-recent-hack-log-in-data-stolen
]]> 6:16 oracle, microsoft, tax, irs, winrar, motw, ivanti, frequency analysis, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9392 SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail https://traffic.libsyn.com/securitypodcast/9392.mp3 https://isc.sans.edu/podcastdetail/9392 Thu, 03 Apr 2025 02:00:02 GMT Surge in Scans for Juniper t128 Default User
Lasst week, we dedtect a significant surge in ssh scans for the username t128 . This user is used by Juniper s Session Smart Routing, a product they acquired from 128 Technologies which is the reason for the somewhat unusual username.
https://isc.sans.edu/diary/Surge%20in%20Scans%20for%20Juniper%20%22t128%22%20Default%20User/31824
Vulnerable Verizon API Allowed for Access to Call Logs
An API Verizon offered to users of its call filtering application suffered from an authentication bypass vulnerability allowing users to access any Verizon user s call history. While using a JWT to authenticate the user, the phone number used to retrieve the call history logs was passed in a not-authenticated header.
https://evanconnelly.github.io/post/hacking-call-records/
Google Offering End-to-End Encryption to G-Mail Business Users
Google will add an end-to-end encryption feature to commercial GMail users. However, for non GMail users to read the emails they first must click on a link and log in to Google.
https://workspace.google.com/blog/identity-and-security/gmail-easy-end-to-end-encryption-all-businesses
]]> 9:23 gmail, google, verizon, t128, juniper, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9390 SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything; https://traffic.libsyn.com/securitypodcast/9390.mp3 https://isc.sans.edu/podcastdetail/9390 Wed, 02 Apr 2025 02:00:02 GMT Apple Patches Everything
Apple released updates for all of its operating systems. Most were released on Monday with WatchOS patches released today on Tuesday. Two already exploited vulnerabilities, which were already patched in the latest iOS and macOS versions, are now patched for older operating systems as well. A total of 145 vulnerabilities were patched.
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20March%2031st%202025%20Edition/31816
VMWare Workstation and Fusion update check broken
VMWare s automatic update check in its Workstation and Fusion products is currently broken due to a redirect added as part of the Broadcom transition
https://community.broadcom.com/vmware-cloud-foundation/question/certificate-error-is-occured-during-connecting-update-server
NIM Postgres Vulnerability
NIM Developers using prepared statements to send SQL queries to Postgres may expose themselves to a SQL injection vulnerability. NIM s Postgres library does not appear to use actual prepared statements; instead, it assembles the code and the user data as a string and passes them on to the database. This may lead to a SQL injection vulnerability
https://blog.nns.ee/2025/03/28/nim-postgres-vulnerability/
]]> 7:16 apple, ios, macos, vmware, nim, postres, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9388 SANS Stormcast Tuesday Apr 1st: Apache Camel Exploits; New Cert Authorities Requirements; Possible Oracle Breach Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday Apr 1st: Apache Camel Exploits; New Cert Authorities Requirements; Possible Oracle Breach https://traffic.libsyn.com/securitypodcast/9388.mp3 https://isc.sans.edu/podcastdetail/9388 Tue, 01 Apr 2025 02:00:02 GMT Apache Camel Exploit Attempt by Vulnerability Scans
A recently patched vulnerability in Apache Camel has been integrated into some vulnerability scanners, like for example OpenVAS. We do see some exploit attempts in our honeypots, but they appear to be part of internal vulnerablity scans
https://isc.sans.edu/diary/Apache%20Camel%20Exploit%20Attempt%20by%20Vulnerability%20Scan%20%28CVE-2025-27636%2C%20CVE-2025-29891%29/31814
New Security Requirements for Certificate Authorities
Starting in July, certificate authorities need to verify domain ownership data from multiple viewpoints around the internet. They will also have to use linters to verify certificate requests.
https://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Possible Oracle Breach
Oracle still denies being the victim of a data berach as leaked data may show different.
https://doublepulsar.com/oracle-attempt-to-hide-serious-cybersecurity-incident-from-customers-in-oracle-saas-service-9231c8daff4a
https://www.theregister.com/2025/03/30/infosec_news_in_brief/
https://www.darkreading.com/cyberattacks-data-breaches/oracle-still-denies-breach-researchers-persist
]]> 7:36 oracle, breach, tls, certificates, camel, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9386 SANS Stormcast Monday, March 31st: Comparing Phishing Sites; DOH and MX Abuse Phishing; opkssh Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, March 31st: Comparing Phishing Sites; DOH and MX Abuse Phishing; opkssh https://traffic.libsyn.com/securitypodcast/9386.mp3 https://isc.sans.edu/podcastdetail/9386 Mon, 31 Mar 2025 01:18:33 GMT A Tale of Two Phishing Sties
Two phishing sites may use very different backends, even if the site itself appears to be visually very similar. Phishing kits are often copied and modified, leading to sites using similar visual tricks on the user facing site, but very different backends to host the sites and reporting data to the miscreant.
https://isc.sans.edu/diary/A%20Tale%20of%20Two%20Phishing%20Sites/31810
A Phihsing Tale of DOH and DNS MX Abuse
Infoblox discovered a new variant of the Meerkat phishing kit that uses DoH in Javascript to discover MX records, and generate better customized phishing pages.
https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/
Using OpenID Connect for SSH
Cloudflare opensourced it's OPKSSH too. It integrates SSO systems supporting OpenID connect with SSH.
https://github.com/openpubkey/opkssh/
]]> 7:15 openid, ssh, cloudflare, phishing, dns, doh, phishing kits, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9384 SANS Stormcast Friday, March 27th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, March 27th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities https://traffic.libsyn.com/securitypodcast/9384.mp3 https://isc.sans.edu/podcastdetail/9384 Fri, 28 Mar 2025 02:00:03 GMT Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218
Our honeypots detected a deserialization attack against the CMS Sitecore using a thumnailaccesstoken header. The underlying vulnerability was patched in January, and security firm Searchlight Cyber revealed details about this vulnerability a couple of weeks ago.
https://isc.sans.edu/diary/Sitecore%20%22thumbnailsaccesstoken%22%20Deserialization%20Scans%20%28and%20some%20new%20reports%29%20CVE-2025-27218/31806
Blasting Past Webp
Google s Project Zero revealed details how the NSO BLASTPASS exploit took advantage of a Webp image parsing vulnerability in iOS. This zero-click attack was employed in targeted attack back in 2023 and Apple patched the underlying vulnerability in September 2023. But this is the first byte by byte description showing how the attack worked.
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
Splunk Vulnerabilities
Splunk patched about a dozen of vulnerabilities. None of them are rated critical, but a vulnerability rated High allows authenticated users to execute arbitrary code.
https://advisory.splunk.com/
Firefox 0-day Patched
Mozilla patched a sandbox escape vulnerability that is already being exploited.
https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/
]]> 6:15 firefox, mozilla, splunk, webp, sitecore, deserialization, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9382 SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day https://traffic.libsyn.com/securitypodcast/9382.mp3 https://isc.sans.edu/podcastdetail/9382 Thu, 27 Mar 2025 02:00:02 GMT Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest
This diary explores a novel methodology for classifying malware by integrating entropy-driven feature selection with a specialized Convolutional Neural Network (CNN). Motivated by the increasing obfuscation tactics used by modern malware authors, we will focus on capturing high-entropy segments within files, regions most likely to harbor malicious functionality, and feeding these distinct byte patterns into our model.
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Leveraging%20CNNs%20and%20Entropy-Based%20Feature%20Selection%20to%20Identify%20Potential%20Malware%20Artifacts%20of%20Interest/31790

Malware found on npm infecting local package with reverse shell
Researchers at Reversinglabs found two malicious NPM packages, ethers-provider2, and ethers-providerz that patch the well known (and not malicious) ethers package to add a reverse shell and downloader.
https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell
Google Patched Google Chrome 0-day
Google patched a vulnerability in Chrome that was already exploited in attacks against media and educational organizations in Russia
https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
]]> 4:50 google, chrome, npm, ethers, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9380 SANS Stormcast Wednesday Mar 26th: XWiki Exploit; File Converter Correction; VMWare Vulnerability; Draytek Router Reboots; MMC Exploit Details; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday Mar 26th: XWiki Exploit; File Converter Correction; VMWare Vulnerability; Draytek Router Reboots; MMC Exploit Details; https://traffic.libsyn.com/securitypodcast/9380.mp3 https://isc.sans.edu/podcastdetail/9380 Wed, 26 Mar 2025 02:05:03 GMT XWiki Search Vulnerablity Exploit Attempts (CVE-2024-3721)
Our honeypot detected an increase in exploit attempts for an XWiki command injection vulnerablity. The vulnerability was patched last April, but appears to be exploited more these last couple days. The vulnerability affects the search feature and allows the attacker to inject Groovy code templates.
https://isc.sans.edu/diary/X-Wiki%20Search%20Vulnerability%20exploit%20attempts%20%28CVE-2024-3721%29/31800
Correction: FBI Image Converter Warning
The FBI's Denver office warned of online file converters, not downloadable conversion tools
https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam
VMWare Vulnerability
Broadcom released a fix for a VMWare Tools vulnerability. The vulnerability allows users of a Windows virtual machine to escalate privileges within the machine.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518
Draytek Reboots
Over the weekend, users started reporting Draytek routers rebooting and getting stuck in a reboot loop. Draytek now published advise as to how to fix the problem.
https://faq.draytek.com.au/docs/draytek-routers-rebooting-how-to-solve-this-issue/
Microsoft Managemnt Console Exploit CVE-2025-26633
TrendMicro released details showing how the MMC vulnerability Microsoft patched as part of its patch tuesday this month was exploited.
https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html
]]> 6:14 microsoft, draytek, trendmicro, mmc, vmware, fbi, image conversion, denver, xwiki, groovy, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9378 SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware https://traffic.libsyn.com/securitypodcast/9378.mp3 https://isc.sans.edu/podcastdetail/9378 Tue, 25 Mar 2025 02:00:02 GMT Privacy Aware Bots
A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them.
https://isc.sans.edu/diary/Privacy%20Aware%20Bots/31796
Critical Ingress Nightmare Vulnerability
ingress-nginx fixed four new vulnerabilities, one of which may lead to a Kubernetes cluster compromise. Note that at the time I am making this live, not all of the URLs below are available yet, but I hope they will be available shortly after publishing this podcast
https://www.darkreading.com/application-security/critical-ingressnightmare-vulns-kubernetes-environments
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
https://kubernetes.io/blog/
FBI Warns of File Converter Scams
File converters may include malicious ad ons. Be careful where you get your software from.
https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam
VSCode Extension Includes Ransomware
https://x.com/ReversingLabs/status/1902355043065500145
]]> 5:55 vscode, ransomware, fbi, file converter, scam, malware, ingress, nightmare, kubernetes, bots, privacy, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9376 SANS Stormcast Monday Mar 24th: Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday Mar 24th: Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse https://traffic.libsyn.com/securitypodcast/9376.mp3 https://isc.sans.edu/podcastdetail/9376 Mon, 24 Mar 2025 02:00:02 GMT Critical Next.js Vulnerability CVE-2025-29927
A critical vulnerability in how the x-middleware-subrequest header is verified may lead to bypassing authorization in Next.js applications.
https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
https://www.runzero.com/blog/next-js/
Microsoft Trust Signing Service Abused
Attackers abut the Microsoft Trust Signing Service, a service meant to help developers create signed software, to obtain short lived signatures for malware.
https://www.bleepingcomputer.com/news/security/microsoft-trust-signing-service-abused-to-code-sign-malware/
]]> 7:10 microsoft, trust, signing, digital signature, next.js, authorization, middleware, proxies, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9374 SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE; https://traffic.libsyn.com/securitypodcast/9374.mp3 https://isc.sans.edu/podcastdetail/9374 Fri, 21 Mar 2025 02:00:02 GMT Some New Data Feeds and Little Incident
We started offering additional data feeds, and an SEO spamer attempted to make us change a link from an old podcast episode.
https://isc.sans.edu/diary/Some%20new%20Data%20Feeds%2C%20and%20a%20little%20%22incident%22./31786
Veeam Deserialization Vulnerability
Veeam released details regarding the latest vulnerablity in Veeam, pointing out the insufficient patch applied to a prior deserialization vulnerability.
https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/
IBM AIX Vulnerablity
The AIX NIM service is vulnerable to an unauthenticated remote code execution vulnerability
https://www.ibm.com/support/pages/node/7186621
thanks Chris Mosby for Spotify comment
]]> 8:24 ibm, aix, veeam, data feeds, seo spam, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9372 SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated https://traffic.libsyn.com/securitypodcast/9372.mp3 https://isc.sans.edu/podcastdetail/9372 Thu, 20 Mar 2025 02:00:02 GMT Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440
Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the same attackers are scanning for a wide range of additional vulnerabilities. The vulnerability is a static credential issue and trivial to exploit after the credentials were published last fall.
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Cisco%20Smart%20Licensing%20Utility%20CVE-2024-20439%20and%20CVE-2024-20440/31782
Legacy Driver Exploitation Through Bypassing Certificate Verification
Ahnlab documented a new type of "bring your own vulnerable driver" vulnerability. In this case, an old driver used by an anit-malware and anti-rootkit system can be used to shut down arbitrary processeses, including security related processeses.
https://asec.ahnlab.com/en/86881/
Synology Vulnerability Updates
Synology updates some security advisories it release last year adding addition details and vulnerable systems.
https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
https://www.synology.com/en-global/security/advisory/Synology_SA_24_24
]]> 7:09 synology, driver, cisco, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9370 SANS Stormcast Wednesday Mar 19th 2025: Python DLL Side Loading; Tomcast RCE Correction; SAML Roulette; Windows Shortcut 0-Day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday Mar 19th 2025: Python DLL Side Loading; Tomcast RCE Correction; SAML Roulette; Windows Shortcut 0-Day https://traffic.libsyn.com/securitypodcast/9370.mp3 https://isc.sans.edu/podcastdetail/9370 Wed, 19 Mar 2025 02:00:02 GMT Python Bot Delivered Through DLL Side-Loading
A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code
https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778
Tomcat RCE Correction
To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options must be selected by the victim.
https://x.com/dkx02668274/status/1901893656316969308
SAML Roulette: The Hacker Always Wins
This Portswigger blog explains in detail how to exploit the ruby-saml vulnerablity against GitLab.
https://portswigger.net/research/saml-roulette-the-hacker-always-wins
Windows Shortcut Zero Day Exploit
Attackers are currently taking advantage of an unpatched vulnerability in how Windows displays Shortcut (.lnk file) details. Trendmicro explains how the attack works and provides PoC code. Microsoft is not planning to fix this issue
https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html
]]> 7:18 windows, shortcut, link, lnk, saml, ruby, xml, tomcat, rce, python, dll, sideloading, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9368 SANS Stormcast Monday Mar 17th 2025: Analyzing GUID Encoded Shellcode; Node.js SAML Vuln; Tomcat RCE in the Wild; CSS e-mail obfuscation Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday Mar 17th 2025: Analyzing GUID Encoded Shellcode; Node.js SAML Vuln; Tomcat RCE in the Wild; CSS e-mail obfuscation https://traffic.libsyn.com/securitypodcast/9368.mp3 https://isc.sans.edu/podcastdetail/9368 Tue, 18 Mar 2025 02:00:02 GMT Static Analysis of GUID Encoded Shellcode
Didier explains how to decode shell code embeded as GUIDs in malware, and how to feed the result to his tool 1768.py which will extract Cobal Strike configuration information from the code.
https://isc.sans.edu/diary/Static%20Analysis%20of%20GUID%20Encoded%20Shellcode/31774
SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries
xml-crypto, a library use in Node.js applications to decode XML and support SAML, has found to parse comments incorrectly leading to several SAML vulnerabilities.
https://workos.com/blog/samlstorm
One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild
A just made public deserialization vulnerablity in Tomcat is already being exploited. Contributing to the rapid exploit release is the similarity of this vulnerability to other Java deserializtion vulnerabilities.
https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/ CVE-2025-24813
CSS Abuse for Evasion and Tracking
Attackers are using cascading stylesheets to evade detection and enable more stealthy tracking of users
https://blog.talosintelligence.com/css-abuse-for-evasion-and-tracking/
]]> 7:03 css, tracking, abuse, put, tomcat, saml, node.js, xml-crypto, guid, cobalt strike, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9366 SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing https://traffic.libsyn.com/securitypodcast/9366.mp3 https://isc.sans.edu/podcastdetail/9366 Mon, 17 Mar 2025 01:35:10 GMT Mirai Bot Now Incorporating Malformed DrayTek Vigor Router Exploits
One of the many versions of the Mirai botnet added some new exploit strings attempting to take advantage of an old DrayTek Vigor Router vulnerability, but they got the URL wrong.
https://isc.sans.edu/diary/Mirai%20Bot%20now%20incroporating%20%28malformed%3F%29%20DrayTek%20Vigor%20Router%20Exploits/31770
Compromised GitHub Action
The popular GitHub action tj-actions/changed-files was compromised and leaks credentials via the action logs
https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
ruby-saml authentication bypass
A confusion in how to parse SAML messages between two XML parsers used by Ruby leads to an authentication bypass in saml-ruby.
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
GitHub Fake Security Alerts
Fake GitHub security alerts are used to trick package maintainers into adding OAUTH privileges to malicious apps.
https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/
]]> 6:38 github, oauth, saml, ruby, phishing, actions, mirai, draytek, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9364 SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln https://traffic.libsyn.com/securitypodcast/9364.mp3 https://isc.sans.edu/podcastdetail/9364 Fri, 14 Mar 2025 02:00:02 GMT File Hashes Analysis with Power BI
Guy explains in this diary how to analyze Cowrie honeypot file hashes using Microsoft's BI tool and what you may be able to discover using this tool.
https://isc.sans.edu/diary/File%20Hashes%20Analysis%20with%20Power%20BI%20from%20Data%20Stored%20in%20DShield%20SIEM/31764
Apache Camel Vulnerability
Apache released two patches for Camel in close succession. Initially, the vulnerability was only addressed for headers, but as Akamai discovered, it can also be exploited via query parameters. This vulnerability is trivial to exploit and leads to arbitrary code execution.
https://www.akamai.com/blog/security-research/march-apache-camel-vulnerability-detections-and-mitigations
Juniper Patches Junos Vulnerability
Juniper patches an already exploited vulnerability in JunOS. However, to exploit the vulnerability, and attacker already needs privileged access. By exploiting the vulnerability, an attacker may completely compromised the device.
https://supportportal.juniper.net/s/article/2025-03-Out-of-Cycle-Security-Bulletin-Junos-OS-A-local-attacker-with-shell-access-can-execute-arbitrary-code-CVE-2025-21590?language=en_US
AMI Security Advisory
AMI patched three vulnerabilities. One of the, an authentication bypass in Redfish, allows for a complete system compromise without authentication and is rated with a CVSS score of 10.0.
https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf
]]> 6:07 AMI, BIOS, Redfish, Juniper, JunOS, apache, camel, power bi, cowrie, honeypot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9362 SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates; https://traffic.libsyn.com/securitypodcast/9362.mp3 https://isc.sans.edu/podcastdetail/9362 Thu, 13 Mar 2025 02:00:02 GMT Log4J Scans for VMWare Hyhbrid Cloud Extensions
An attacker is scanning various login pages, including the authentication feature in the VMWare HCX REST API for Log4j vulnerabilities. The attack submits the exploit string as username, hoping to trigger the vulnerability as Log4j logs the username
https://isc.sans.edu/diary/Scans%20for%20VMWare%20Hybrid%20Cloud%20Extension%20%28HCX%29%20API%20(Log4j%20-%20not%20brute%20forcing)/31762
Patch Tuesday Fallout
Yesterday's Apple patch may re-activate Apple Intelligence for users who earlier disabled it. Microsoft is offering support for users whos USB printers started printing giberish after a January patch was applies.
https://www.macrumors.com/2025/03/11/ios-18-3-2-apple-intelligence-auto-on/
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22h2#usb-printers-might-print-random-text-with-the-january-2025-preview-update
Adobe Updates
Adobe updated seven different products, including Adobe Acrobat. The Acrobat vulnerability may lead to remote code execution and Adobe considers the vulnerablities critical.
https://helpx.adobe.com/security/security-bulletin.html
Medusa Ransomware
CISA and partner agencies released details about the Medusa Ransomware. The document includes many details useful to defenders.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a
Zoom Update
Zoom released a critical update fixing a number of remote code execution vulnerabilities.
https://www.zoom.com/en/trust/security-bulletin/
FreeType Library Vulnerability
https://www.facebook.com/security/advisories/cve-2025-27363
]]> 5:56 freetype, zoom, medusa, ransomware, adobe, patch tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9360 SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement https://traffic.libsyn.com/securitypodcast/9360.mp3 https://isc.sans.edu/podcastdetail/9360 Wed, 12 Mar 2025 02:00:02 GMT Microsoft Patch Tuesday
Microsoft Patched six already exploited vulnerabilities today. In addition, the patches included a critical patch for Microsoft's DNS server and about 50 additional patches.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20March%202025/31756
Apple Updates iOS/macOS
Apple released an update to address a single, already exploited, vulnerability in WebKit. This vulnerability affects iOS, macOS and VisionOS.
https://support.apple.com/en-us/100100
Expressif Response to ESP32 Debug Commands
Expressif released a statement commenting on the recent release of a paper alledging "Backdoors" in ESP32 chipsets. According to Expressif, these commands are debug commands and not reachable directly via Bluetooth.
https://www.espressif.com/en/news/Response_ESP32_Bluetooth
]]> 7:54 apple, expressif, esp32, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9358 SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln; https://traffic.libsyn.com/securitypodcast/9358.mp3 https://isc.sans.edu/podcastdetail/9358 Tue, 11 Mar 2025 02:00:02 GMT Shellcode Encoded in UUIDs
Attackers are using UUIDs to encode Shellcode. The 128 Bit (or 16 Bytes) encoded in each UUID are converted to shell code to implement a cobalt strike beacon
https://isc.sans.edu/diary/Shellcode%20Encoded%20in%20UUIDs/31752
Moxa CVE-2024-12297 Expanded to PT Switches
Moxa in January first releast an update to address a fronted authorizaation logic disclosure vulnerability. It now updated the advisory and included the PT series switches as vulenrable.
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches
Opentext Insufficently Protected Credentials
https://portal.microfocus.com/s/article/KM000037455?language=en_US
Livewire Volt API vulnerability
https://github.com/livewire/volt/security/advisories/GHSA-v69f-5jxm-hwvv
]]> 4:59 livewire, volt, api, opentest, moxa, switches, pt, shellcode uuid, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9356 SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution https://traffic.libsyn.com/securitypodcast/9356.mp3 https://isc.sans.edu/podcastdetail/9356 Mon, 10 Mar 2025 02:00:02 GMT Commonly Probed Webshell URLs
Many attackers deploy web shells to gain a foothold on vulnerable web servers. These webshells can also be taken over by parasitic exploits.
https://isc.sans.edu/diary/Commonly%20Probed%20Webshell%20URLs/31748
Undocumented ESP32 Commands
A recent conference presentation by Tarlogic revealed several "backdoors" or undocumented features in the commonly used ESP32 Chipsets. Tarlogic also released a toolkit to make it easier to audit chipsets and find these hiddent commands.
https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
Camera Off: Akira deploys ransomware via Webcam
The Akira ransomware group was recently observed infecting a network with Ransomware by taking advantage of a webcam.
https://www.s-rminform.com/latest-thinking/camera-off-akira-deploys-ransomware-via-webcam
]]> 6:45 webcam, akira, esp32, expressif, webshell, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9354 SANS Stormcast Friday Mar 7th: Chrome vs Extensions; Kibana Update; PrePw0n3d Android TV Sticks; Identifying APTs (@sans_edu, Eric LeBlanc) Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday Mar 7th: Chrome vs Extensions; Kibana Update; PrePw0n3d Android TV Sticks; Identifying APTs (@sans_edu, Eric LeBlanc) https://traffic.libsyn.com/securitypodcast/9354.mp3 https://isc.sans.edu/podcastdetail/9354 Fri, 07 Mar 2025 02:45:24 GMT Latest Google Chrome Update Encourages UBlock Origin Removal
The latest update to Google Chrome not only disabled the UBlock Origin ad blocker, but also guides users to uninstall the extension instead of re-enabling it.
https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html
https://www.reddit.com/r/youtube/comments/1j2ec76/ublock_origin_is_gone/
Critical Kibana Update
Elastic published a critical Kibana update patching a prototype polution vulnerability that would allow arbitrary code execution for users with the "Viewer" role.
https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441
Certified PrePw0n3d Android TV Sticks
Wired is reporting of over a million Android TV sticks that were found to be pre-infected with adware
https://www.wired.com/story/android-tv-streaming-boxes-china-backdoor/
SANS.edu Research Paper
Advanced Persistent Threats (APTs) are among the most challenging to detect in enterprise environments, often mimicking authorized privileged access prior to their actions on objectives.
https://www.sans.edu/cyber-research/identifying-advanced-persistent-threat-activity-through-threat-informed-detection-engineering-enhancing-alert-visibility-enterprises/
]]> 13:53 sans.edu, research, apt, android, kibana, elastic, ublock, origin, chrome, extensions, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9352 SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware https://traffic.libsyn.com/securitypodcast/9352.mp3 https://isc.sans.edu/podcastdetail/9352 Thu, 06 Mar 2025 02:45:34 GMT DShield Traffic Analysis using ELK
The "DShield SIEM" includes an ELK dashboard as part of the Honeypot. Learn how to find traffic of interest with this tool.
https://isc.sans.edu/diary/DShield%20Traffic%20Analysis%20using%20ELK/31742
Zen and the Art of Microcode Hacking
Google released details, including a proof of concept exploit, showing how to take advantage of the recently patched AMD microcode vulnerability
https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking CVE-2024-56161
VIM Vulnerability
An attacker may execute arbitrary code by tricking a user to open a crafted tar file in VIM
https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3
Snil Mail Fake Ransom Note
A copy cat group is impersonating ransomware actors. The group sends snail mail to company executives claiming to have stolen company data and threatening to leak it unless a payment is made.
https://www.guidepointsecurity.com/blog/snail-mail-fail-fake-ransom-note-campaign-preys-on-fear/
]]> 6:45 snail mail, ransomware, vim, zen, microcode, elk, dshield, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9350 SANS Stormcast Wednesday Mar 5th: SMTP Credential Hunt; mac-robber.py update; ADSelfService Plus Account Takeover; Android Patch Day; PayPal Scams; VMWare Escape Fix Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday Mar 5th: SMTP Credential Hunt; mac-robber.py update; ADSelfService Plus Account Takeover; Android Patch Day; PayPal Scams; VMWare Escape Fix https://traffic.libsyn.com/securitypodcast/9350.mp3 https://isc.sans.edu/podcastdetail/9350 Wed, 05 Mar 2025 02:00:02 GMT Romanian Distillery Scanning for SMTP Credentials
A particular attacker expanded the scope of their leaked credential file scans. In addition to the usual ".env" style files, it is not looking for specific SMTP related credential files.
https://isc.sans.edu/diary/Romanian%20Distillery%20Scanning%20for%20SMTP%20Credentials/31736
Tool Updates: mac-robber.py
This update of mac-robber.py fixes issues with symlinks.
https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py/31738
CVE-2025-1723 Account takeover vulnerability in ADSelfService Plus
CVE-2025-1723 describes a vulnerability caused by session mishandling in ADSelfService Plus that could allow unauthorized access to user enrollment data when MFA was not enabled for ADSelfService Plus login.
https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html
Android March Update
Google released an update for Android addressing two already exploited vulnerabilities and several critical issues.
https://source.android.com/docs/security/bulletin/2025-03-01
PayPal's no-code-checkout Abuse
Attackers are using PayPal's no-code-checkout feature is being abused by scammers to host PayPal tech support scam pages right within the PayPal.com domain.
https://www.malwarebytes.com/blog/scams/2025/02/paypals-no-code-checkout-abused-by-scammers
Broadcom Fixes three VMWare VCenter Vulnerabilities
https://github.com/vmware/vcf-security-and-compliance-guidelines/tree/main/security-advisories/vmsa-2025-0004
]]> 6:11 vmware, broadcom, paypal, android, adselfservice, zoho, mac-robber, smtp, credentials, json, jennsen, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9348 SANS Stormcast Tuesday Mar 4th: Mark of the Web Details; Sharepint and Click-Fix Phishing; Paragon Partionmanager BYOVD Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday Mar 4th: Mark of the Web Details; Sharepint and Click-Fix Phishing; Paragon Partionmanager BYOVD Exploit https://traffic.libsyn.com/securitypodcast/9348.mp3 https://isc.sans.edu/podcastdetail/9348 Tue, 04 Mar 2025 02:03:34 GMT Mark of the Web: Some Technical Details
Windows implements the "Mark of the Web" (MotW) as an alternate data stream that contains not just the "zoneid" of where the file came from, but may include other data like the exact URL and referrer.
https://isc.sans.edu/diary/Mark%20of%20the%20Web%3A%20Some%20Technical%20Details/31732
Havoc Sharepoint with Microsoft Graph API
A recent phishing attack observed by Fortinet uses a simple HTML email to trick a user into copy pasting powershell into their system to execute additional code. Most of the malware interaction uses a Sharepoint site via Microsoft's Graph API futher hiding the malicious traffic
https://www.fortinet.com/blog/threat-research/havoc-sharepoint-with-microsoft-graph-api-turns-into-fud-c2
Paragon Partition Manager Exploit
A vulnerable Paragon Partition Manager has been user recently to escalate privileges for ransomware deployment. Even if you to not have PAragon installed: An attacker may just "bring the vulnerable driver" to your system.
https://kb.cert.org/vuls/id/726882
]]> 6:17 paragon, partition, manager, sharepoint, clickfix, click-fix, phishing, motw, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9346 SANS Stormcast Monday Mar 3rd: AI Training Data Leaks; MITRE Caldera Vuln; modsecurity bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday Mar 3rd: AI Training Data Leaks; MITRE Caldera Vuln; modsecurity bypass https://traffic.libsyn.com/securitypodcast/9346.mp3 https://isc.sans.edu/podcastdetail/9346 Mon, 03 Mar 2025 02:00:02 GMT Common Crawl includes Common Leaks
The "Common Crawl" dataset, a large dataset created by spidering website, contains as expected many API keys and other secrets. This data is often used to train large language models
https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data
Github Repositories Exposed by Copilot
As it is well known, Github's Copilot is using data from public GitHub repositories to train it's model. However, it appears that repositories who were briefly left open and later made private have been included as well, allowing Copilot users to retrieve files from these repositories.
https://www.lasso.security/blog/lasso-major-vulnerability-in-microsoft-copilot
MITRE Caldera Framework Allows Unauthenticated Code Execution
The MITRE Caldera adversary emulation framework allows for unauthenticted code execution by allowing attackers to specify compiler options
https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e
modsecurity Rule Bypass
Attackers may bypass the modsecurity web application firewall by prepending encoded characters with 0.
https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j
]]> 7:08 ai, copilot, api keys, mitre, caldera, common crawl, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9344 SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware https://traffic.libsyn.com/securitypodcast/9344.mp3 https://isc.sans.edu/podcastdetail/9344 Fri, 28 Feb 2025 02:00:02 GMT Njrat Compaign Using Microsoft dev Tunnels:
A recent version of the Njrat remote admin tool is taking advantage of Microsoft's developer tunnels (devtunnels.ms) as a command and control channel.
https://isc.sans.edu/diary/Njrat%20Campaign%20Using%20Microsoft%20Dev%20Tunnels/31724
NrootTag Apple FindMy Abuse
Malware could use a weakness in the keys used for Apple FindMy to abuse it to track victims. Updates were released with iOS 18.2, but to solve the issue the vast majority of Apple users must update.
https://nroottag.github.io/
360XSS: Mass Website Exploitation via Virtual Tour Framework
The Krpano VR library which is often used to implement 3D virtual tours on real estate websites, is currently being abused to inject spam messages. The XSS vulnerabilty could allow attackers to inject even more malicious JavaScript.
https://olegzay.com/360xss/
SANS.edu Research: Proof is in the Pudding: EDR Configuration Versus Ransomware. Benjamin Powell
https://www.sans.edu/cyber-research/proof-pudding-edr-configuration-versus-ransomware/
]]> 14:27 sans.edu, ben power, krpano, vr, 360, xss, findmy, ios, njrat, microsoft, devtunnels, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9342 SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln; https://traffic.libsyn.com/securitypodcast/9342.mp3 https://isc.sans.edu/podcastdetail/9342 Thu, 27 Feb 2025 02:00:02 GMT Attacker of of Ephemeral Ports
Attackers often use ephermeral ports to reach out to download additional resources or exfiltrate data. This can be used, with care, to detect possible compromises.
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Malware%20Source%20Servers%3A%20The%20Threat%20of%20Attackers%20Using%20Ephemeral%20Ports%20as%20Service%20Ports%20to%20Upload%20Data/31710
Compromised Visal Studio Code Extension downloaded by Millions
Amit Assaraf identified a likely compromised Visual Studio Code theme that was installed by millions of potential victims. Amit did not disclose the exact malicious behaviour, but is asking for victims to contact them for details.
https://medium.com/@amitassaraf/a-wolf-in-dark-mode-the-malicious-vs-code-theme-that-fooled-millions-85ed92b4bd26
ByBit Theft Due to Compromised Developer Workstation
ByBit and Safe{Wallet} disclosed that the record breaking ethereum theft was due to a compromised Safe{Wallet} developer workstation. A replaced JavaScript file targeted ByBit and altered a transaction signed by ByBit.
https://x.com/benbybit/status/1894768736084885929
https://x.com/safe/status/1894768522720350673
PoC for NAKIVO Backup Replication Vulnerability
This vulnerability allows the compromise of NAKIVO backup systems. The vulnerability was patched silently in November, and never disclosed by NAKIVO. Instead, WatchTowr now disloses details including a proof of concept exploit.
https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/
OpenH264 Vulnerability
https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x
rsync vulnerability exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
]]> 6:45 rsync, openh254, nakivo, bybit, safewallet, visual studio code, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9340 SANS Stormcast Wednesday Feb 26th: M365 Infostealer Botnet; Mixing OpenID Keys; Malicious Medical Image Apps Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday Feb 26th: M365 Infostealer Botnet; Mixing OpenID Keys; Malicious Medical Image Apps https://traffic.libsyn.com/securitypodcast/9340.mp3 https://isc.sans.edu/podcastdetail/9340 Wed, 26 Feb 2025 02:00:02 GMT Massive Botnet Targets M365 with Password Spraying
A large botnet is targeting service accounts in M365 with credentials stolen by infostealer malware.
https://securityscorecard.com/wp-content/uploads/2025/02/MassiveBotnet-Report_022125_03.pdf
Mixing up Public and Private Keys in OpenID
The complex OpenID specificiation and the flexibility it supports enables careless administrators to publich private keys instead or in addition to public keys
https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html
Healthcare Malware Hunt Part 1:
Medial images are often encoded in the DICOM format, an image format unique to medical imaging. Patients looking for viewers for DICOM images are tricked into downloading malware.
https://www.forescout.com/blog/healthcare-malware-hunt-part-1-silver-fox-apt-targets-philips-dicom-viewers/
]]> 5:59 dicom, medical, malware, openid, m365, infostealer, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9338 SANS Stormcast Tuesday Feb 25th: Unfurl Updates; Google Ditches SMS; Paypal Phish; Exim, libXML, Parallels Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday Feb 25th: Unfurl Updates; Google Ditches SMS; Paypal Phish; Exim, libXML, Parallels Vuln https://traffic.libsyn.com/securitypodcast/9338.mp3 https://isc.sans.edu/podcastdetail/9338 Tue, 25 Feb 2025 02:00:02 GMT Unfurl Update Released
Unfurl released an Update fixing a few bugs and adding support to decode BlueSky URLs.
https://isc.sans.edu/diary/Unfurl%20v2025.02%20released/31716
Google Confirms GMail To Ditch SMS Code Authentication
Google no longer considers SMS authentication save enough for GMail. Instead, it pushes users to use Passkeys, or QR code based app authentication
https://www.forbes.com/sites/daveywinder/2025/02/23/google-confirms-gmail-to-ditch-sms-code-authentication/
Beware of Paypal New Address Feature Abuse
Attackers are using "address change" e-mails to send links to phishing sites or trick users into calling fake tech support phone numbers. Attackers are just adding the malicious content as part of the address. The e-mail themselves are legitimate PayPal emails and will pass various spam and phishing filters.
https://www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails/
Exim SQL Injection Vulnerability
Exim, with sqlite support and ETRN enabled, is vulnerable to a simple SQL injection exploit. A PoC has been released
https://www.exim.org/static/doc/security/CVE-2025-26794.txt
https://github.com/OscarBataille/CVE-2025-26794?
XMLlib patches
https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
0-Day in Parallels
https://jhftss.github.io/Parallels-0-day/
]]> 6:10 0-day, parallels, exim, sql, injection, paypal, phishing, sms, google, qmail, unfurl, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9336 SANS Stormcast Monday Feb 24th: sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday Feb 24th: sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns; https://traffic.libsyn.com/securitypodcast/9336.mp3 https://isc.sans.edu/podcastdetail/9336 Mon, 24 Feb 2025 02:00:03 GMT Tool Update: Sigs.py
Jim updates sigs.py. The tool verifies hashes for files and automatically recognizes what hash is used.
https://isc.sans.edu/diary/Tool%20update%3A%20sigs.py%20-%20added%20check%20mode/31706
Google Announcing Quantum Safe Digital Signatures in Cloud KMS
Google announced the option to use quantum safe digital signatures for its
cloud key management system.
https://cloud.google.com/blog/products/identity-security/announcing-quantum-safe-digital-signatures-in-cloud-kms
Windows 11 Patch issues
The February Patch Tuesday appears to have caused issues with a number of Windows 11 systems. In particular the usability of the file manager appears to be affected.
https://www.windowslatest.com/2025/02/16/windows-11-kb5051987-breaks-file-explorer-install-fails-on-windows-11-24h2/
LTE/5G Vulnerabilities
Researchers at the university of Florida have identified a large number of vulnerabilities in 5G and LTE networks.
https://nathanielbennett.com/publications/ransacked.pdf
]]> 5:20 ransacked, lte, 5g, windows 11, microsoft, patches, quantum, google, kms, signatures, hashes, sigs.py, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9334 SANS Stormcast Friday Feb 21st: Kibana Queries; Mongoose Injection; U-Boot Flaws; Unifi Protect Camera Vulnerabilities; Protecting Network Devices as Endpoint (Austin Clark @sans_edu) Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday Feb 21st: Kibana Queries; Mongoose Injection; U-Boot Flaws; Unifi Protect Camera Vulnerabilities; Protecting Network Devices as Endpoint (Austin Clark @sans_edu) https://traffic.libsyn.com/securitypodcast/9334.mp3 https://isc.sans.edu/podcastdetail/9334 Fri, 21 Feb 2025 00:50:46 GMT Using ES|QL In Kibana to Query DShield Honeypot Logs
Using the "Elastic Search Piped Query Language" to query DShield honeypot logs
https://isc.sans.edu/diary/Using%20ES%7CQL%20in%20Kibana%20to%20Queries%20DShield%20Honeypot%20Logs/31704
Mongoose Flaws Put MongoDB at risk
The Object Direct Mapping library Mongoose suffers from an injection vulnerability leading to the potenitial of remote code exeuction in MongoDB
https://www.theregister.com/2025/02/20/mongoose_flaws_mongodb/
U-Boot Vulnerabilities
The open source boot loader U-Boot does suffer from a number of issues allowing the bypass of its integrity checks. This may lead to the execution of malicious code on boot.
https://www.openwall.com/lists/oss-security/2025/02/17/2
Unifi Protect Camera Update
https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f
]]> 12:29 unifi, protect, u-boot, honeypot, kibana, logs, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9332 SANS Stormcast Wednesday Feb 20th: XWorm Cocktail; Quantum Computing Breakthrough; Signal Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday Feb 20th: XWorm Cocktail; Quantum Computing Breakthrough; Signal Phishing https://traffic.libsyn.com/securitypodcast/9332.mp3 https://isc.sans.edu/podcastdetail/9332 Thu, 20 Feb 2025 01:38:40 GMT XWorm Cocktail: A Mix of PE data with PowerShell Code
Quick analysis of an interesting XWrom sample with powershell code embedded inside an executable
https://isc.sans.edu/diary/XWorm+Cocktail+A+Mix+of+PE+data+with+PowerShell+Code/31700
Microsoft's Majorana 1 Chip Carves New Path for Quantum Computing
Microsoft announced a breack through in Quantum computing. Its new prototype Majorana 1 chip takes advantage of exotic majorana particles to implement a scalable low error rate solution to building quantum computers
https://news.microsoft.com/source/features/ai/microsofts-majorana-1-chip-carves-new-path-for-quantum-computing/
Russia Targeting Signal Messenger
Signal is well regarded as a secure end to end encrypted messaging platform. However, a user may be tricked into providing access to their account by scanning a QR code masquerading as a group channel invitation.
https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/
]]> 7:01 russia, signal, ukraine, quantum, majorana, xworm, powershell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9330 SANS Stormcast Tuesday Feb 19th: ModelScan AI Model Security; OpenSSH Vuln; Juniper Patches; Dell BIOS Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday Feb 19th: ModelScan AI Model Security; OpenSSH Vuln; Juniper Patches; Dell BIOS Vulnerability https://traffic.libsyn.com/securitypodcast/9330.mp3 https://isc.sans.edu/podcastdetail/9330 Wed, 19 Feb 2025 00:31:58 GMT ModelScan: Protection Against Model Serialization Attacks
ModelScan is a tool to inspect AI models for deserialization attacks. The tool will detect suspect commands and warn the user.
https://isc.sans.edu/diary/ModelScan%20-%20Protection%20Against%20Model%20Serialization%20Attacks/31692
OpenSSH MitM and DoS Vulnerabilities
OpenSSH Patched two vulnerabilities discovered by Qualys. One may be used for MitM attack in specfic configurations of OpenSSH.
https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
Juniper Authentication Bypass
Juniper fixed an authentication bypass vulnerability that affects several prodcuts. The patch was released outside the normal patch schedule.
https://supportportal.juniper.net/s/article/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589?language=en_US
DELL BIOS Patches
DELL released BIOS updates fixing a privilege escalation issue. The update affects a large part of Dell's portfolio
https://www.dell.com/support/kbdoc/en-en/000258429/dsa-2025-021
]]> 6:55 dell, bios, juniper, openssh, modelscan, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9328 SANS Stormcast: Securing the Edge; PostgreSQL Exploit; Ivanti Exploit; WinZip Vulnerablity; Xerox Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast: Securing the Edge; PostgreSQL Exploit; Ivanti Exploit; WinZip Vulnerablity; Xerox Patch https://traffic.libsyn.com/securitypodcast/9328.mp3 https://isc.sans.edu/podcastdetail/9328 Tue, 18 Feb 2025 02:00:02 GMT My Very Personal Guidance and Strategies to Protect Network Edge Devices
A quick summary to help you secure edge devices. This may be a bit opinionated, but these are the strategies that I find work and are actionable.
https://isc.sans.edu/diary/My%20Very%20Personal%20Guidance%20and%20Strategies%20to%20Protect%20Network%20Edge%20Devices/31660
PostgreSQL SQL Injection
A followup to yesterday's segment about the PostgreSQL vulnerability. Rapid7 released a Metasploit module to exploit the vulnerability.
https://github.com/rapid7/metasploit-framework/pull/19877
Ivanti Connect Secure Exploited
The Japanese CERT observed exploitation of January's Connect Secure vulnerability
https://blogs.jpcert.or.jp/ja/2025/02/spawnchimera.html
WinZip Vulnerability
WinZip patched a buffer overflow vulenrability that may be triggered by malicious 7Z files
https://www.zerodayinitiative.com/advisories/ZDI-25-047/
Xerox Printer Patch
Xerox patched two vulnerabililites in its enterprise multifunction printers that may be exploited for lateral movement.
https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox-VersaLinkPhaser-and-WorkCentre.pdf
]]> 4:39 xerox, winzip, ivanti, connect secure, postgresql, sql, edge, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9326 SANS Stormcast Monday Feb 17th: Fake BSOD; Volatile IPs; Postgresql libpq SQL Injection; OAUTH Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday Feb 17th: Fake BSOD; Volatile IPs; Postgresql libpq SQL Injection; OAUTH Phishing https://traffic.libsyn.com/securitypodcast/9326.mp3 https://isc.sans.edu/podcastdetail/9326 Mon, 17 Feb 2025 01:22:04 GMT Fake BSOD Delivered by Malicious Python Script
Xavier found an odd malicious Python script that displays a blue screen of
death to users. The purpose isn't quite clear. It could be a teach support scam
tricking users into calling the 800 number displayed, or a simple
anti-reversing trick
https://isc.sans.edu/diary/Fake%20BSOD%20Delivered%20by%20Malicious%20Python%20Script/31686
The Danger of IP Volatility
Accounting for IP addresses is important, and if not done properly, may
lead to resources being exposed after IP addresses are released.
https://isc.sans.edu/diary/The%20Danger%20of%20IP%20Volatility/31688
PostgreSQL SQL Injection
Functions in PostgreSQL's libpq do not properly escape parameters which may
lead to SQL injection issues if the functions are used to create input for pqsql.
https://www.postgresql.org/support/security/CVE-2025-1094/
Multiple Russian Threat Actors Targeting Microsoft Device Code Auth
The OAUTH device code flow is used to attach devices with limited input capability to a user's account. However, this can be abused via phishing attacks.
https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/
]]> 8:32 oauth, postgresql, ip, volatility, bsod, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9324 SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch https://traffic.libsyn.com/securitypodcast/9324.mp3 https://isc.sans.edu/podcastdetail/9324 Fri, 14 Feb 2025 02:00:02 GMT DShield SIEM Docker Updates
Interested in learning more about the attacks hitting your honeypot?
Guy assembled a neat SIEM to create dashboards summarizing the attacks.
https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/31680
PANOS Path Confusion Auth Bypass
Palo Alto Networks fixed a path confusion vulnerability introduced by the
overly complex midle box chain in PANOS.
https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/
https://www.theregister.com/2025/02/13/palo_alto_firewall/
China's Volt Typhoon Continues to use Cisco Vulns
Recorded Future wrote up some recent attacks of the Red Mike / Volt Typhoon groups going after telecom providers by compromissing Cisco systems via an older vulnerabilty
https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/
Crowdstrike Patches Linux Client
https://www.crowdstrike.com/security-advisories/cve-2025-1146/
]]> 6:02 crowdstrike, falcon, china, volt typhoon, redmike, cisco, panos, nginx, apache, php, dshield, siem, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9322 SANS Stormcast Feb 13th 2025: Smart City Threats; Advanced Social Engineering Attacks; Wazuh Vulnerability; PAM Vulnerability; Ivanti Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Feb 13th 2025: Smart City Threats; Advanced Social Engineering Attacks; Wazuh Vulnerability; PAM Vulnerability; Ivanti Patches https://traffic.libsyn.com/securitypodcast/9322.mp3 https://isc.sans.edu/podcastdetail/9322 Thu, 13 Feb 2025 01:26:50 GMT An Ontology for Threats: Cybercrime and Digital Forensic Investigation on Smart City Infrastructure
Smart cities is a big topic for many local governments. With building these complex systems, attacks will follow.
https://isc.sans.edu/diary/An%20ontology%20for%20threats%2C%20cybercrime%20and%20digital%20forensic%20investigation%20on%20Smart%20City%20Infrastructure/31676
North Korean state actor tricking admins into executing PowerShell
North Korean state actors are spending quite a bit of effort setting up relationships with South Korean system administrators, culminating in them getting tricked into executing malicious PowerShell scripts.
https://x.com/MsftSecIntel/status/1889407814604296490
Wazuh Vulnerability
A deserialization vulnerability in Wazuh may lead to an unauthenticated remote code execution vulnerability
https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh
PAM PKCS11 Vulnerablity
Several vulnerabilities in the Linux PAM module processing smart card authentication can be used to bypass authentication
https://github.com/OpenSC/pam_pkcs11/releases/tag/pam_pkcs11-0.6.13
Ivanti Patches
Ivanti released its monhtly update, fixing a number of critical vulnerabilities in Connect Secure and other prodcuts
https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US
]]> 5:58 ivanti, pam, pkcs11, linux, wazuh, korea, powershell, ontology, smart city, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9320 SANS Stormcast Feb 12th 2025: MSFT Patch Tuesday; Adobe Patches; FortiNet Acknowledges Exploitation of FortiOS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Feb 12th 2025: MSFT Patch Tuesday; Adobe Patches; FortiNet Acknowledges Exploitation of FortiOS https://traffic.libsyn.com/securitypodcast/9320.mp3 https://isc.sans.edu/podcastdetail/9320 Wed, 12 Feb 2025 02:00:02 GMT Microsoft Patch Tuesday
Microsoft released patches for 55 vulnerabilities. Three of them are actagorized as critical, two are already exploited and another two have been publicly disclosed. The LDAP server vulnerability could become a huge deal, but it is not clear if an exploit will appear.
https://isc.sans.edu/diary/Microsoft%20February%202025%20Patch%20Tuesday/31674
Adobe Patches
Adobe released patches for seven products. Watch out in particular for the Adobe Commerce issues
https://helpx.adobe.com/security/security-bulletin.html
Fortinet Acknowledges Exploitation of Vulnerability
https://fortiguard.fortinet.com/psirt/FG-IR-24-535
]]> 5:53 fortinet, adobe, microsoft, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9318 SANS Stormcast Feb 11th 2025: 7zip and MoW; Apple 0-Day Fix; AMD Microcode Overwrite; Trimble CityWorks 0-Day; MageCart Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Feb 11th 2025: 7zip and MoW; Apple 0-Day Fix; AMD Microcode Overwrite; Trimble CityWorks 0-Day; MageCart Update https://traffic.libsyn.com/securitypodcast/9318.mp3 https://isc.sans.edu/podcastdetail/9318 Tue, 11 Feb 2025 02:00:02 GMT Reminder: 7-Zip MoW
The MoW must be added to any files extracted from ZIP or other compound file formats. 7-Zip does not do so by default unless you alter the default configuration.
https://isc.sans.edu/diary/Reminder%3A%207-Zip%20%26%20MoW/31668
Apple Fixes 0-Day
Apple released updates to iOS and iPadOS fixing a bypass for USB Restricted Mode. The vulnerability is already being exploited.
https://support.apple.com/en-us/122174
AMD ZEN CPU Microcode Update
An attacker is able to replace microcode on some AMD CPUs. This may alter how the CPUs function and Google released a PoC showing how it can be used to manipulate the random number generator.
https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w
Trimble Cityworks Exploited
CISA added a recent Trimble Cityworks vulnerabliity to its list of exploited vulnerabilities.
https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-06-docx/0?
Google Tag Manager Skimmer Steals Credit Card Info
Sucuri released a blog post with updates to the mage cart campaign. The latest version is injecting malicious code as part of the google tag manager / analytics code.
https://blog.sucuri.net/2025/02/google-tag-manager-skimmer-steals-credit-card-info-from-magento-site.html
]]> 7:15 google, sucuri, amd, trimble, cityworks, tag manager, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9316 SANS Internet Stormcast Feb 10th 2025: Podcast Anniversary; SSL 2.0; Exposed Deepseek Installs; Crypto Scam costs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Internet Stormcast Feb 10th 2025: Podcast Anniversary; SSL 2.0; Exposed Deepseek Installs; Crypto Scam costs https://traffic.libsyn.com/securitypodcast/9316.mp3 https://isc.sans.edu/podcastdetail/9316 Mon, 10 Feb 2025 02:00:02 GMT SSL 2.0 Turns 30 This Sunday
SSL was created in February 1995. However, back in 2005, only a year later, SSL 3.0 was released, and as of 2011, SSL 2.0 was deprecated, and support was removed from many crypto libraries. However, over 400k hosts are still exposed via SSL 2.0.
https://isc.sans.edu/diary/SSL%202.0%20turns%2030%20this%20Sunday...%20Perhaps%20the%20time%20has%20come%20to%20let%20it%20die%3F/31664
Deepseek News
Many articles cover various security shortcomings in the Chinese Deepseek AI model. Remember that some of these issues are not unique to Deepseek.
https://www.upguard.com/blog/deepseek-adoption
https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
https://www.nowsecure.com/blog/2025/02/06/nowsecure-uncovers-multiple-security-and-privacy-flaws-in-deepseek-ios-mobile-app/
Crypto Wallet Scam Not For Free
Didier looked closer at the recent dual signature crypto scams. These wallets are not free; attackers must spend money to set them up.
https://isc.sans.edu/diary/Crypto+Wallet+Scam+Not+For+Free/31666
]]> 6:52 crypto, deepseek, ssl, anniversary, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9314 SANS Internet Stormcast Feb 7th 2025: Unbreakable Anti-Debugging; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Internet Stormcast Feb 7th 2025: Unbreakable Anti-Debugging; https://traffic.libsyn.com/securitypodcast/9314.mp3 https://isc.sans.edu/podcastdetail/9314 Fri, 07 Feb 2025 01:28:34 GMT The Unbreakable Multi-Layer Anti-Debugging System
Xavier found a nice Python script that included what it calls the "Unbreakable Multi-Layer Anti-Debugging System". Leave it up to Xavier to tear it appart for you.
https://isc.sans.edu/diary/The%20Unbreakable%20Multi-Layer%20Anti-Debugging%20System/31658
Take my money: OCR crypto stealers in Google Play and App Store
Malware using OCR on screen shots was available not just via Google Play, but also the Apple App Store.
https://securelist.com/sparkcat-stealer-in-app-store-and-google-play-2/115385/
Threat Actors Still Leveraging Legit RMM Tool ScreenConnect
Unsurprisingly, threat actors still like to use legit remote admin tools, like ScreenConnect, as a command and control channel. Silent Push outlines the latest trends and IoCs they found
https://www.silentpush.com/blog/screenconnect/
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities
Java deserializing strikes again to allow arbitrary code execution. Cisco fixed this vulnerability and a authorization bypass issue in its Identity Services Engine
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF
F5 Update
F5 fixes an interesting authentication bypass problem affecting TLS client certificates
https://my.f5.com/manage/s/article/K000149173
]]> 6:22 f5, java, cisco, ise, ios, android, screenshots, screenconnect, python, anti-debugging, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9312 SANS Internet Stormcast Feb 6th 2025: com- prefix domain phishing; Win 10 ESU pricing; Firewall CT Policy; Veeam and Netgear patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Internet Stormcast Feb 6th 2025: com- prefix domain phishing; Win 10 ESU pricing; Firewall CT Policy; Veeam and Netgear patches https://traffic.libsyn.com/securitypodcast/9312.mp3 https://isc.sans.edu/podcastdetail/9312 Thu, 06 Feb 2025 01:30:25 GMT Phishing via com- prefix domains
Every day, attackers are registering a few hunder domain names starting with com-. These are used in phishing e-mails, like for example "toll fee scams", to create more convincing phishing links.
https://isc.sans.edu/diary/Phishing%20via%20%22com-%22%20prefix%20domains/31654
Microsoft Windows 10 Extended Security Updates
Microsoft released pricing and additional details for the Windows 10 extended security updates. For the first year after official free updates stopped, security updates will be available for $61 for the first year.
https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates
Mozilla Enforcing Certificate Transparency
Mozilla is following the lead from other browsers, and will require certificates to include a certificate signature timestamp as proof of compliance with certificate transparency requirements.
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/OagRKpVirsA/m/Q4c89XG-EAAJ
https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#Enterprise_Policies
Veeam Update
Veeam's internal backup process may be used to execute arbitrary code by an attacker with a machine in the middle position.
https://www.veeam.com/kb4712
Netgear Unauthenticated RCE
https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039
]]> 7:03 netgear, veeam, firefox, certificate transparency, ct, microsoft, windows 10, ESU, updates, phishing, sunpass, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9310 SANS Internet Stormcast Feb 5th 2025: Feed Updates and Rosti; Resurrecting Dead S3 Buckets; Let's Encrypt Changes; Edge Device Security Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Internet Stormcast Feb 5th 2025: Feed Updates and Rosti; Resurrecting Dead S3 Buckets; Let's Encrypt Changes; Edge Device Security https://traffic.libsyn.com/securitypodcast/9310.mp3 https://isc.sans.edu/podcastdetail/9310 Wed, 05 Feb 2025 01:53:31 GMT Some Updates to Our Data Feeds
We made some updates to the documentation for our data feeds, and added the neat Rosti Feed to our list as well as to our ipinfo page.
https://isc.sans.edu/diary/Some%20updates%20to%20our%20data%20feeds/31650
8 Million Request Later We Meade the Solarwindws Supply Chain Attack Look Amateur
While the title is a bit of watchTowr hyperbole, the problem of resurrecting dead S3 buckets back to live is real and needs to be addressed. Boring solutions will help not becoming an exciting headline.
https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/
Let's Encrypt Ending Expiration Emails
Let's Encrypt will no longer send emails for expiring certificates. They suggest other free services to send these emails for you
https://letsencrypt.org/2025/01/22/ending-expiration-emails/
Guidance and Strategies Protect Network Edge Edvices
CISA and other agencies created a guidance document outlining how to protect edge devices like firewalls, vpn concentrators and other similar devices.
https://www.cisa.gov/resources-tools/resources/guidance-and-strategies-protect-network-edge-devices
]]> 7:21 cisa, edge, devices, guidance, letsencrypt, email, s3, bucket, feeds, documentation, data, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9308 SANS ISC Stormcast Feb 4th 2025: Crypto Scam; Mediatek and D-Link Patches; Microsoft ends VPN Service Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast Feb 4th 2025: Crypto Scam; Mediatek and D-Link Patches; Microsoft ends VPN Service https://traffic.libsyn.com/securitypodcast/9308.mp3 https://isc.sans.edu/podcastdetail/9308 Tue, 04 Feb 2025 02:00:02 GMT Crypto Wallet Scam
YouTube spam messages leak private keys to crypto wallets. However, these keys can not be used to withdraw funds. Victims are scammed into depositing "gas fees" which are then collected by the scammer.
https://isc.sans.edu/diary/Crypto%20Wallet%20Scam/31646
Mediatek Patches
Mediatek patched numerous vulnerabilities in its WLAN products. Some allow for unauthenticated arbitrary code execution
https://corp.mediatek.com/product-security-bulletin/February-2025
D-Link Vulnerability
D-Link disclosed a vulnerability in older routers that as of May no longer receive any updates. Your only option is to upgrade hardare.
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415
Microsoft Discontinues VPN Service
Microsoft is shutting down the VPN service that was included as part of Microsoft Defender
https://support.microsoft.com/en-au/topic/end-of-support-privacy-protection-vpn-in-microsoft-defender-for-individuals-8b503da5-732a-4472-833a-e2ddca53036a
]]> 6:13 microsoft, dlink, mediatek, okx, crypto, scam, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9306 SANS ISC Stormcast Feb 3rd 2025: Automating Cyber Ranges; Deepseek Scams; PyPi Archived State; Medical Backdoors Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast Feb 3rd 2025: Automating Cyber Ranges; Deepseek Scams; PyPi Archived State; Medical Backdoors https://traffic.libsyn.com/securitypodcast/9306.mp3 https://isc.sans.edu/podcastdetail/9306 Mon, 03 Feb 2025 02:00:03 GMT To Simulate or Replicate: Crafting Cyber Ranges
Automating the creation of cyber ranges. This will be a multi part series and this part covers creating the DNS configuration in Windows
https://isc.sans.edu/diary/To%20Simulate%20or%20Replicate%3A%20Crafting%20Cyber%20Ranges/31642
Scammers Exploiting Deepseek Hype
Scammers are using the hype around Deepseek, and some of the confusion caused by it's site not being reachable, to scam users into installing malware. I am also including a link to a "jailbreak" of Deepseek (this part was not covered in the podcast).
https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/
https://lab.wallarm.com/jailbreaking-generative-ai/
PyPi Archived Status
PyPi introduced a new feature to mark repositories as archived. This implies that the author is no longer maintaining the particular package
https://blog.pypi.org/posts/2025-01-30-archival/
ICS Mecial Advisory: Comtec Patient Monitor Backdoor
And interested backdoor was found in a Comtech Patient Monitor.
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01
]]> 6:23 comtech, medical, backdoor, pypi, deepseek, dns, cyber range, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9304 SANS ISC Stormcast Jan 31st 2025: Old Netgear Vuln in Depth; Lightning AI RCE; Canon Printer RCE; Deepseek Leak; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast Jan 31st 2025: Old Netgear Vuln in Depth; Lightning AI RCE; Canon Printer RCE; Deepseek Leak; https://traffic.libsyn.com/securitypodcast/9304.mp3 https://isc.sans.edu/podcastdetail/9304 Fri, 31 Jan 2025 02:00:02 GMT PCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary]
https://isc.sans.edu/diary/PCAPs%20or%20It%20Didn%27t%20Happen%3A%20Exposing%20an%20Old%20Netgear%20Vulnerability%20Still%20Active%20in%202025%20%5BGuest%20Diary%5D/31638
RCE Vulnerablity in AI Development Platform Lightning AI
Noma Security discovered a neat remote code execution vulnerability in Lightning AI. This vulnerability is exploitable by tricking a logged in user into clicking a simple link.
https://noma.security/noma-research-discovers-rce-vulnerability-in-ai-development-platform-lightning-ai/
Canon Laser Printers and Small Office Multifunctional Printer Vulnerabilities
Canon fixed three different vulnerablities affecting various laser and small office multifunctional printers. These vulnerabilities may lead to remote code execution, and there are some interesting exploit opportunities
https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers
Deepseek ClickHouse Database Leak
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
]]> 5:40 deepseek, clickhouse, canon, ai, lightning, netgear, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9302 SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch https://traffic.libsyn.com/securitypodcast/9302.mp3 https://isc.sans.edu/podcastdetail/9302 Thu, 30 Jan 2025 02:00:12 GMT From PowerShell to a Python Obfuscation Race!
This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows
https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634
Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices
An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release
https://x.com/MonThreat/status/1884577840185643345
https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376
The Tainted Voyage: Uncovering Voyager's Vulnerabilities
Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads.
https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
Hackers exploit critical unpatched flaw in Zyxel CPE devices
A currently unpatches vulnerablity in Zyxel devices is actively exploited.
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/
VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346
]]> 5:33 vmware, avi load balancer, sql injection, voyager, laravel, php, zyxel, fortinet, python, powershell, garmin, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9300 SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code https://traffic.libsyn.com/securitypodcast/9300.mp3 https://isc.sans.edu/podcastdetail/9300 Wed, 29 Jan 2025 02:00:01 GMT Learn about fileless crypto stealers written in Python, the ongoing exploitation of recent SimpleHelp vulnerablities, new Apple Silicon Sidechannel attacks a Team Viewer Vulnerablity and an odd QR Code
Fileless Python InfoStealer Targeting Exodus
This Python script targets Exodus crypto wallet and password managers to steal crypto currencies. It does not save exfiltrated data in files, but keeps it in memory for exfiltration
https://isc.sans.edu/diary/Fileless%20Python%20InfoStealer%20Targeting%20Exodus/31630
Campaign Exploiting SimpleHelp Vulnerablity
Arcticwolf observed attacks exploiting SimpleHelp for initial access to networks. It has not been verified, but is assumed that vulnerabilities made public about a week ago are being exploited.
https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-campaign-exploiting-simplehelp-rmm-software-initial-access/
Two new Side Channel Vulnerabilities in Apple Silicon
SLAP (Data Speculation Attacks via Load Address Prediction): This attack exploits the Load Address Predictor in Apple CPUs starting with the M2/A15, allowing unauthorized access to sensitive data by mispredicting memory addresses. FLOP (Breaking the Apple M3 CPU via False Load Output Predictions): This attack targets the Load Value Predictor in Apple's M3/A17 CPUs, enabling attackers to execute arbitrary computations on incorrect data, potentially leaking sensitive information.
https://predictors.fail/
Teamviewer Security Bulletin
Teamviewer patched a privilege escalation vulnerability CVE-2025-0065
https://www.teamviewer.com/en-us/resources/trust-center/security-bulletins/tv-2025-1001/
Odd QR Code
A QR code may resolve to a different URL if looked at at an angle.
https://mstdn.social/@isziaui/113874436953157913
Limited Discount for SANS Baltimore
https://sans.org/u/1zQd
]]> 6:07 qr code, teamviewer, apple silicon, sidechannel, python, exodus, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9298 SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches https://traffic.libsyn.com/securitypodcast/9298.mp3 https://isc.sans.edu/podcastdetail/9298 Tue, 28 Jan 2025 02:00:02 GMT This episode shows how attackers are bypassing phishing filter by abusing the "shy" softhyphen HTML entitiy. We got an update from Apple fixing a 0-day vulnerability in addition to a number of other issues. watchTowr show how to exploit an interesting FortiOS vulnerability and we have patches for Github Desktop and Apache Solr
An unusal shy z-wasp phish
https://isc.sans.edu/diary/An%20unusual%20%22shy%20z-wasp%22%20phishing/31626
How the soft hyphen "shy" HTML entity can be abused to bypass e-mail filters
Apple Patches
https://support.apple.com/en-us/100100
Apple released patches for all of its operating systems, fixing a 0-day vulnerability among many others issues
Get Fortirekt I am the Super_admin now
https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/
Details about a recent FortiOS Vulnerability
GitHub Desktop Vulnerability
https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html
Apache Solr Vulnerability
https://solr.apache.org/security.html#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access
]]> 6:14 solr, github, desktop, fortinet, fortios, apple, shy, html, z-wasp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9296 SANS ISC Stormcast, Jan 27, 2025: Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subary StarLeak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 27, 2025: Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subary StarLeak https://traffic.libsyn.com/securitypodcast/9296.mp3 https://isc.sans.edu/podcastdetail/9296 Mon, 27 Jan 2025 00:20:09 GMT Guest Diary: How Access Brokers Maintain Persistence
Explore how cybercriminals utilize access brokers to persist within networks and the impact this has on organizational security.
https://isc.sans.edu/forums/diary/Guest+Diary+How+Access+Brokers+Maintain+Persistence/31600/
Critical Vulnerability in Meta's Llama Stack (CVE-2024-50050)
A deep dive into CVE-2024-50050, a critical vulnerability affecting Meta's Llama Stack, with exploitation details and mitigation strategies.
https://www.oligo.security/blog/cve-2024-50050-critical-vulnerability-in-meta-llama-llama-stack
ESXi Ransomware and SSH Tunneling Defense Strategies
Learn how to fortify your infrastructure against ransomware targeting ESXi environments, focusing on SSH tunneling and proactive measures.
https://www.sygnia.co/blog/esxi-ransomware-ssh-tunneling-defense-strategies/
Zyxel USG FLEX/ATP Series Application Signature Recovery Steps
Addressing issues with Zyxel s USG FLEX/ATP Series application signatures as of January 24, 2025, with a detailed recovery guide.
https://support.zyxel.eu/hc/en-us/articles/24159250192658-USG-FLEX-ATP-Series-Recovery-Steps-for-Application-Signature-Issue-on-January-24th-2025
Subaru Starlink Vulnerability Exposed Cars to Remote Hacking
Discussing how a vulnerability in Subaru s Starlink system left vehicles susceptible to remote exploitation and the steps taken to resolve it.
https://www.securityweek.com/subaru-starlink-vulnerability-exposed-cars-to-remote-hacking/
]]> 6:28 subaru, starlink, zyxel, usg flex, atp, esci, meta, llama, access broker, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9294 SANS ISC Stormcast, Jan 24, 2025: XSS in Email, SonicWall Exploited; Cisco Vulnerablities; AI and SOAR (@sans_edu research paper by Anthony Russo) Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 24, 2025: XSS in Email, SonicWall Exploited; Cisco Vulnerablities; AI and SOAR (@sans_edu research paper by Anthony Russo) https://traffic.libsyn.com/securitypodcast/9294.mp3 https://isc.sans.edu/podcastdetail/9294 Fri, 24 Jan 2025 00:13:40 GMT In today's episode, learn how an attacker attempted to exploit webmail XSS vulnerablities against us. Sonicwall released a critical patch fixing an already exploited vulnerability in its SMA 1000 appliance. Cisco fixed vulnerabilities in ClamAV and its Meeting Manager REST API. Learn from SANS.edu student Anthony Russo how to take advantage of AI for SOAR.
XSS Attempts via E-Mail
https://isc.sans.edu/diary/XSS%20Attempts%20via%20E-Mail/31620
An analysis of a recent surge in email-based XSS attack attempts targeting users and organizations. Learn the implications and mitigation techniques.
SonicWall PSIRT Advisory: CVE-2025-23006
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 CVE-2025-23006
Details of a critical vulnerability in SonicWall appliances (SNWLID-2025-0002) and what you need to do to secure your systems.
Cisco ClamAV Advisory: OLE2 Parsing Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA
A DoS vulnerability in the popular open source anti virus engine ClamAV
Cisco CMM Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc
A patch of a privilege escalation flaw in Cisco s CMM module.
]]> 14:45 cisco, cmm, clamav, ole2, sonicwall, sma 1000, xss, email, webmail, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9292 SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance https://traffic.libsyn.com/securitypodcast/9292.mp3 https://isc.sans.edu/podcastdetail/9292 Wed, 22 Jan 2025 23:45:03 GMT Catching CARP: Fishing for Firewall States in PFSync Traffic
https://isc.sans.edu/diary/Catching%20CARP%3A%20Fishing%20for%20Firewall%20Stat%20es%20in%20PFSync%20Traffic/31616)**
Discover how attackers exploit PFSync traffic to manipulate firewall states. This deep dive explores vulnerabilities and mitigation strategies in network defense.
Oracle Critical Patch Update January 2025
https://www.oracle.com/security-alerts/cpujan2025.html)**
Oracle's January 2025 patch release addresses numerous critical vulnerabilities across their product suite. Learn about key updates and how to secure your systems.
PlushDaemon: Compromising the Supply Chain of a Korean VPN Service
https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/
ESET Research uncovers PlushDaemon, a sophisticated supply chain attack targeting a Korean VPN provider. Understand the implications for supply chain security.
CISA Cybersecurity Advisory: AA25-022A
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a
The latest advisory highlights active threats and mitigation strategies for critical infrastructure. Stay ahead with CISA s guidance on emerging cyber risks.
]]> 7:49 cisa, ivanti, vpn, korea, oracle, carp, pfsync, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9290 SANS ISC Stormcast, Jan 22, 2025: Geolocation via Starlink and Cloudflare; AI Prompt Risks; Homebrew Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 22, 2025: Geolocation via Starlink and Cloudflare; AI Prompt Risks; Homebrew Phishing https://traffic.libsyn.com/securitypodcast/9290.mp3 https://isc.sans.edu/podcastdetail/9290 Wed, 22 Jan 2025 02:15:02 GMT Geolocation and Starlink
https://isc.sans.edu/diary/Geolocation%20and%20Starlink/31612
Discover the potential geolocation risks associated with Starlink and how they might be exploited. This diary entry dives into new concerns for satellite internet users.
Deanonymizing Users via Cloudflare
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
Deanonymizing users by identifying which cloudflare server cashed particular content
Sage's AI Assistant and Customer Data Concerns
https://www.theregister.com/2025/01/20/sage_copilot_data_issue/
Examine how a Sage AI tool inadvertently exposed sensitive customer data, raising questions about AI governance and trust in business applications.
The Threat of Sensitive Data in Generative AI Prompts
https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts
Analyze how employees careless prompts to generative AI tools can lead to sensitive data breaches and the importance of awareness training.
Homebrew Phishing
https://x.com/ryanchenkie/status/1880730173634699393
]]> 9:16 phishing, homebrew, ai, prompts, leakage, gelocation, starlink, cloudflare, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9288 SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF https://traffic.libsyn.com/securitypodcast/9288.mp3 https://isc.sans.edu/podcastdetail/9288 Tue, 21 Jan 2025 01:47:05 GMT Partial ZIP File Downloads
A closer look at how attackers are leveraging partial ZIP file downloads to bypass file verification systems and plant malicious content.
https://isc.sans.edu/diary/Partial%20ZIP%20File%20Downloads/31608
Ukrainian CERT Advisory on AnyDesk Threat
The Ukrainian CERT provides detailed guidance on identifying and mitigating recent cyber threats exploiting AnyDesk for unauthorized access.
https://cert.gov.ua/article/6282069
Finding SSRFs in Azure DevOps
An in-depth analysis of how server-side request forgery (SSRF) vulnerabilities are discovered and exploited in Azure DevOps pipelines.
https://binarysecurity.no/posts/2025/01/finding-ssrfs-in-devops
]]> 6:20 devops, azure, ssrf, ukraine, cert, anydesk, zip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9286 SANS ISC Stormcast, Jan 20, 2025: Honeypots for Offense; SimpleHelp and UEFI Secure Boot Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 20, 2025: Honeypots for Offense; SimpleHelp and UEFI Secure Boot Vulnerabilities https://traffic.libsyn.com/securitypodcast/9286.mp3 https://isc.sans.edu/podcastdetail/9286 Mon, 20 Jan 2025 00:48:15 GMT Leveraging Honeypot Data for Offensive Security Operations [Guest Diary] A recent guest diary on the SANS Internet Storm Center discusses how offensive security professionals can utilize honeypot data to enhance their operations. The diary highlights the detection of scans from multiple IP addresses, emphasizing the importance of monitoring non-standard user-agent strings in web requests.
https://isc.sans.edu/diary/Leveraging%20Honeypot%20Data%20for%20Offensive%20Security%20Operations%20%5BGuest%20Diary%5D/31596
Security Vulnerabilities in SimpleHelp 5.5.7 and Earlier SimpleHelp has released version 5.5.8 to address critical security vulnerabilities present in versions 5.5.7 and earlier. Users are strongly advised to upgrade to the latest version to prevent potential exploits. Detailed information and upgrade instructions are available on SimpleHelp's official website.
https://simple-help.com/kb---security-vulnerabilities-01-2025#send-us-your-questions
Under the Cloak of UEFI Secure Boot: Introducing CVE-2024-7344 ESET researchers have identified a new vulnerability, CVE-2024-7344, that allows attackers to bypass UEFI Secure Boot on most UEFI-based systems. This flaw enables the execution of untrusted code during system boot, potentially leading to the deployment of malicious UEFI bootkits. Affected users should apply available patches to mitigate this risk.
https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/
]]> 3:24 uefi, simplehelp, honeypots, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9284 SANS ISC Stormcast, Jan 17, 2025: Analyzing Complex Datasets, Citrix Update Issues, Ivanti's Security Advisory, and the Future of Passkeys (@sans_edu) Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 17, 2025: Analyzing Complex Datasets, Citrix Update Issues, Ivanti's Security Advisory, and the Future of Passkeys (@sans_edu) https://traffic.libsyn.com/securitypodcast/9284.mp3 https://isc.sans.edu/podcastdetail/9284 Fri, 17 Jan 2025 00:39:29 GMT Extracting Practical Observations from Impractical Datasets: A SANS Internet Storm Center diary entry discusses strategies for analyzing complex datasets to derive actionable insights.
https://isc.sans.edu/diary/Extracting%20Practical%20Observations%20from%20Impractical%20Datasets/31582
Citrix Session Recording Agent Update Issue: Citrix reports that Microsoft's January security update fails or reverts on machines with the 2411 Session Recording Agent installed, providing guidance on addressing this issue.
https://support.citrix.com/s/article/CTX692505-microsofts-january-security-update-failsreverts-on-a-machine-with-2411-session-recording-agent?language=en_US
Ivanti Endpoint Manager Security Advisory: Ivanti releases a security advisory for Endpoint Manager versions 2024 and 2022 SU6, detailing vulnerabilities and recommended actions.
https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US
Revolutionizing Enterprise Security: The Exciting Future of Passkeys Beyond Passwords: A SANS.edu research paper explores the shift from traditional passwords to passkeys, highlighting the benefits and challenges of adopting passwordless authentication methods.
https://www.sans.edu/cyber-research/revolutionizing-enterprise-security-exciting-future-passkeys-beyond-passwords/
]]> 12:50 passkeys, citrix, ivanti, honeypot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9282 SANS ISC Stormcast, Jan 16, 2025: Critical Vulnerabilities and Cybersecurity Updates You Need to Know Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 16, 2025: Critical Vulnerabilities and Cybersecurity Updates You Need to Know https://traffic.libsyn.com/securitypodcast/9282.mp3 https://isc.sans.edu/podcastdetail/9282 Thu, 16 Jan 2025 00:48:36 GMT The Curious Case of a 12-Year-Old Netgear Router Vulnerability
Outdated Netgear routers remain a security risk, with attackers actively exploiting a 2013 vulnerability to deploy crypto miners. Learn how to protect your network by updating or replacing legacy hardware.
URL: https://isc.sans.edu/diary/The%20Curious%20Case%20of%20a%2012-Year-Old%20Netgear%20Router%20Vulnerability/31592
Millions at Risk Due to Google s OAuth Flaw
A flaw in Google s OAuth implementation enables attackers to exploit defunct domain accounts, exposing sensitive data. Tips on implementing MFA and domain monitoring to reduce risks.
URL: https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw
Rsync 3.4.0 Security Release
The latest rsync update fixes critical vulnerabilities, including buffer overflows and symbolic link issues. Upgrade immediately to protect your file synchronization processes.
URL: https://download.samba.org/pub/rsync/NEWS#3.4.0
Fortinet PSIRT Advisories: Stay Secure
Fortinet's latest advisories address vulnerabilities in FortiOS, FortiProxy, and more. Review and apply patches promptly to secure your perimeter defenses.
URL: https://www.fortiguard.com/psirt
]]> 9:02 fortinet, rsync, google, oauth, openid connect, netgear, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9280 SANS ISC Stormcast, Jan 14 2025: Microsoft Patch Tuesday, FortiOS and FortiProxy Patches; Paessler PRTG Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 14 2025: Microsoft Patch Tuesday, FortiOS and FortiProxy Patches; Paessler PRTG Patches https://traffic.libsyn.com/securitypodcast/9280.mp3 https://isc.sans.edu/podcastdetail/9280 Wed, 15 Jan 2025 00:33:59 GMT of which have already been exploited. Fortinet suspects a so far unpatched Node.js authentication
bypass to be behind some recent exploits of FortiOS and FortiProxy devices.
Microsoft January 2025 Patch Tuesday
This month's Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days.
https://isc.sans.edu/diary/rss/31590
Fortinet Security Advisory FG-IR-24-535 CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
https://fortiguard.fortinet.com/psirt/FG-IR-24-535
PRTG Network Monitor Update:
Update for an already exploited XSS vulnerability in Paesler PRTG Network Monitor CVE-2024-12833
https://www.paessler.com/prtg/history/stable
]]> 7:48 prtg, fortinet, network monitor, paessler, access, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9278 SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics https://traffic.libsyn.com/securitypodcast/9278.mp3 https://isc.sans.edu/podcastdetail/9278 Mon, 13 Jan 2025 22:59:28 GMT This episode covers brute-force attacks on the password reset functionality of Hikvision devices, a macOS SIP bypass vulnerability, Linux rootkit malware, and a novel ransomware campaign targeting AWS S3 buckets.
Topics Covered:
Hikvision Password Reset Brute Forcing
URL: https://isc.sans.edu/diary/Hikvision%20Password%20Reset%20Brute%20Forcing/31586
Hikvision devices are being targeted using old brute-force attacks exploiting predictable password reset codes.
Analyzing CVE-2024-44243: A macOS System Integrity Protection Bypass
URL: https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/
Microsoft details a macOS vulnerability allowing attackers to bypass SIP using kernel extensions.
Rootkit Malware Controls Linux Systems Remotely
URL: https://cybersecuritynews.com/rootkit-malware-controls-linux-systems-remotely/
A sophisticated rootkit targeting Linux systems uses zero-day vulnerabilities for remote control.
Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C
URL: https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c
Attackers are using AWS s SSE-C encryption to lock S3 buckets during ransomware campaigns. We cover how the attack works and how to protect your AWS environment.
]]> 7:51 aws, sse-c, rootkit, malware, linux, macos, sip, hikvision, password reset, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9276 SANS ISC Stormcast, Jan 13, 2025: Defender Updates, Ivanti RCE, Apple USB-C Hack and more Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 13, 2025: Defender Updates, Ivanti RCE, Apple USB-C Hack and more https://traffic.libsyn.com/securitypodcast/9276.mp3 https://isc.sans.edu/podcastdetail/9276 Mon, 13 Jan 2025 01:42:35 GMT Windows Defender Enhances Chrome Extension Detection
Microsoft's Defender now catalogs Chrome extensions to identify malicious ones. Learn how this improves enterprise security.
https://isc.sans.edu/diary/Windows%20Defender%20Chrome%20Extension%20Detection/31574
Multi-OLE Analysis in Malicious Documents
A look at how attackers embed OLE files in Office documents to evade detection and the tools to combat it.
https://isc.sans.edu/diary/Multi-OLE/31580
Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282)
Details of a critical vulnerability affecting Ivanti products and the patching timelines.
https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/
Apple USB-C Controller Compromised
Researchers hacked Apple s ACE3 USB-C controller, highlighting hardware security challenges.
https://cybersecuritynews.com/apples-new-usb-c-controller-hacked/
IRS Pushes for IP PIN Enrollment
Protect yourself from tax-related identity theft by securing your IP PIN for the 2025 tax season.
https://www.irs.gov/newsroom/irs-encourages-all-taxpayers-to-sign-up-for-an-ip-pin-for-the-2025-tax-season
]]> 6:43 irs, ip, pin, apple, usb-c, ivanty, rce, ole, ooxml, extensions, chrome, defender, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9274 Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities https://traffic.libsyn.com/securitypodcast/9274.mp3 https://isc.sans.edu/podcastdetail/9274 Fri, 10 Jan 2025 01:26:17 GMT "Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics"
Overview of Redtail's multi-architecture cryptomining malware exploiting vulnerabilities and deploying persistence techniques.
URL: Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics
"Information Stealer Masquerades as LDAPNightmare PoC Exploit"
A malware disguised as a PoC exploit targets users seeking to test vulnerabilities like LDAPNightmare.
URL: Information Stealer Masquerades as LDAPNightmare PoC Exploit
"How Extensions Trick CWS Search"
Research reveals how malicious browser extensions manipulate Chrome Web Store search to appear legitimate.
URL: How Extensions Trick CWS Search
"Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)"
Multiple vulnerabilities in the deprecated Expedition tool can expose credentials and lead to unauthorized file and command execution.
URL: Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)
]]> 7:19 palo alto, chrome web store, extensions, chrome, google, fake exploits, ldap, cryptomining, redtail, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9272 SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised Systems Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised Systems https://traffic.libsyn.com/securitypodcast/9272.mp3 https://isc.sans.edu/podcastdetail/9272 Thu, 09 Jan 2025 01:32:18 GMT Episode Links and Topics:
More Governments Backdoors in Your Backdoors
https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/
Researchers reveal how expired domains linked to abandoned backdoors can be hijacked, exposing systems to further compromise.
Security Update: Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways
https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways
Ivanti addresses critical vulnerabilities (CVE-2025-0282, CVE-2025-0283) in their secure gateway products, with active exploitation in the wild.
CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
A command injection vulnerability in Aviatrix Network Controllers allows unauthenticated code execution, posing severe risks to network environments.
]]> 6:04 aviatrix, ivanti, backdoors, domains, dumpster diving, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9270 SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark https://traffic.libsyn.com/securitypodcast/9270.mp3 https://isc.sans.edu/podcastdetail/9270 Wed, 08 Jan 2025 01:31:58 GMT Episode Links and Topics:
PacketCrypt Classic Cryptocurrency Miner on PHP Servers
https://isc.sans.edu/diary/PacketCrypt%20Classic%20Cryptocurrency%20Miner%20on%20PHP%20Servers/31564
Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency.
SonicOS Affected By Multiple Vulnerabilities
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack.
Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo
Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection.
White House Launches U.S. Cyber Trust Mark
https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/
A new cybersecurity labeling program for connected devices aims to help consumers choose secure products.
Windows BitLocker: Screwed without a Screwdriver
https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761
(video in English)
A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption.
]]> 6:39 bitlocker, windows, cyber trust mark, moxa, sonicos, packetcrypt, php, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9268 SANS ISC Stormcast Jan 7th 2025: Make Malware Happy and Critical Vulnerabilities in OpenSSH, BeyondTrust, and Nuclei Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS ISC Stormcast Jan 7th 2025: Make Malware Happy and Critical Vulnerabilities in OpenSSH, BeyondTrust, and Nuclei https://traffic.libsyn.com/securitypodcast/9268.mp3 https://isc.sans.edu/podcastdetail/9268 Tue, 07 Jan 2025 01:26:19 GMT Topics Covered:
Make Malware Happy
https://isc.sans.edu/diary/Make%20Malware%20Happy/31560
A look at how malware adapts and detects analysis environments, and why replicating operational settings is critical during malware analysis.
Nuclei Signature Verification Bypass (CVE-2024-43405)
https://www.wiz.io/blog/nuclei-signature-verification-bypass
A critical vulnerability in Nuclei allows malicious templates to bypass signature verification, risking arbitrary code execution.
Critical Vulnerability in BeyondTrust (CVE-2024-12356)
https://censys.com/cve-2024-12356/
A high-risk flaw in BeyondTrust products allows unauthenticated OS command execution, posing a significant threat to privileged access systems.
RegreSSHion Code Execution Vulnerability (CVE-2024-6387)
https://cybersecuritynews.com/regresshion-code-execution-vulnerability/
OpenSSH vulnerability "RegreSSHion" enables remote code execution, and fake exploits targeting security researchers are in circulation.
]]> 4:52 openssh, regresshion, beyondtrust, nuclei, malware, evasion, rce, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9266 Stormcast for Jan 6th 2024: Python SweatRAT, Goodware Hash Sets, SSL/TLS Updates and more. Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Stormcast for Jan 6th 2024: Python SweatRAT, Goodware Hash Sets, SSL/TLS Updates and more. https://traffic.libsyn.com/securitypodcast/9266.mp3 https://isc.sans.edu/podcastdetail/9266 Mon, 06 Jan 2025 02:37:57 GMT Full details and links to all stories:
SwaetRAT via Python: https://isc.sans.edu/diary/SwaetRAT%20Delivery%20Through%20Python/31554
Goodware Hash Sets: https://isc.sans.edu/diary/Goodware%20Hash%20Sets/31556
SSL/TLS Updates: https://isc.sans.edu/diary/Changes%20in%20SSL%20and%20TLS%20support%20in%202024/31550
Cyberhaven Extension Compromise: https://secureannex.com/blog/cyberhaven-extension-compromise/
PRTG Vulnerability: https://www.zerodayinitiative.com/advisories/ZDI-24-1736/
ASUS Router Vulnerabilities: https://cybersecuritynews.com/asus-router-vulnerabilities/
]]> 8:17 cyberhaven, chrome, extensions, asus, prtg, goodware, swaetrat, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9264 PPUnit and Androxgh0st; Session Smart Router Attack; FortiWLM Patch; BadBox Update; Beyond Trust Advisory Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PPUnit and Androxgh0st; Session Smart Router Attack; FortiWLM Patch; BadBox Update; Beyond Trust Advisory https://traffic.libsyn.com/securitypodcast/9264.mp3 https://isc.sans.edu/podcastdetail/9264 Fri, 20 Dec 2024 02:00:02 GMT https://isc.sans.edu/diary/Command%20Injection%20Exploit%20For%20PHPUnit%20before%204.8.28%20and%205.x%20before%205.6.3%20%5BGuest%20Diary%5D/31528
Mirai Attacks Session Smart Routers
https://supportportal.juniper.net/s/article/2024-12-Reference-Advisory-Session-Smart-Router-Mirai-malware-found-on-systems-when-the-default-password-remains-unchanged?language=en_US
FortiWLM Unauthenticated limited file read vulnerability
https://fortiguard.fortinet.com/psirt/FG-IR-23-144
https://securityonline.info/kaspersky-uncovers-active-exploitation-of-fortinet-vulnerability-cve-2023-48788/
Beyond Trust Security Advisory
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10
BadBox Update
https://www.bitsight.com/blog/badbox-botnet-back
]]> 5:59 badbox, beyond trust, fortiwlm, fortinet, mirai, phpunit, androxgh0st, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9262 TeamTNT Deep Diver; Complex RDP Attacks; Okta Social Engineering; TP-Link Ban Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TeamTNT Deep Diver; Complex RDP Attacks; Okta Social Engineering; TP-Link Ban https://traffic.libsyn.com/securitypodcast/9262.mp3 https://isc.sans.edu/podcastdetail/9262 Thu, 19 Dec 2024 02:00:02 GMT https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20A%20Deep%20Dive%20into%20TeamTNT%20and%20Spinning%20YARN/31530
Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks
https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html
Okta Social Engineering Impersonation Report
https://sec.okta.com/articles/2024/okta-social-engineering-report-response-and-recommendation
US considers banning TP-Link routers over cybersecurity risks
https://www.bleepingcomputer.com/news/security/us-considers-banning-tp-link-routers-over-cybersecurity-risks/
CISA Releases Best Practice Guidance for Mobile Communications
https://www.cisa.gov/news-events/alerts/2024/12/18/cisa-releases-best-practice-guidance-mobile-communications
]]> 7:05 cisa, mobile, tp-link, okta, koshchei, rdp, teamtnt, yarn, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9260 Python Installs Anydesk; Vishing, Teams and Anydesk; SS7 Attacks; CrushFTP Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python Installs Anydesk; Vishing, Teams and Anydesk; SS7 Attacks; CrushFTP Vuln; https://traffic.libsyn.com/securitypodcast/9260.mp3 https://isc.sans.edu/podcastdetail/9260 Wed, 18 Dec 2024 02:00:02 GMT https://isc.sans.edu/diary/Python+Delivering+AnyDesk+Client+as+RAT/31524/
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion
https://www.trendmicro.com/en_us/research/24/l/darkgate-malware.html
SS7 Attacks
https://www.404media.co/email/ac709882-1e4b-42fc-bcca-cf7ce4793716/
CrushFTP Vulnerability
https://crushftp.com/crush11wiki/Wiki.jsp?page=Update
]]> 5:15 crushftp, ss7, vishing, teams, python, anydesk, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9258 MUT-1244 Targeting Offensive Actors; Golang SSH Issue; Meeten Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MUT-1244 Targeting Offensive Actors; Golang SSH Issue; Meeten Malware https://traffic.libsyn.com/securitypodcast/9258.mp3 https://isc.sans.edu/podcastdetail/9258 Tue, 17 Dec 2024 02:00:01 GMT https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/
Golang Crypto Vulnerability
https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909
Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows
https://www.cadosecurity.com/blog/meeten-malware-threat
]]> 6:16 meeten, malware, voip, video conference, golang, crypto, mut-1244, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9256 Struts 2 Exploited; Citrix Password Spraying; 6 Day Certs; Certified Pre-Pw0n3d Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Struts 2 Exploited; Citrix Password Spraying; 6 Day Certs; Certified Pre-Pw0n3d https://traffic.libsyn.com/securitypodcast/9256.mp3 https://isc.sans.edu/podcastdetail/9256 Mon, 16 Dec 2024 02:00:02 GMT https://isc.sans.edu/diary/Exploit%20attempts%20inspired%20by%20recent%20Struts2%20File%20Upload%20Vulnerability%20%28CVE-2024-53677%2C%20CVE-2023-50164%29/31520
Citrix Netscaler Password Spraying Mitigation
https://www.citrix.com/blogs/2024/12/13/password-spraying-attacks-netscaler-december-2024/
Let's Encrypt Six Day Certifiates
https://letsencrypt.org/2024/12/11/eoy-letter-2024/
Devices in Germany Arrived Pre-Pw0n3d
https://cybersecuritynews.com/30000-devices-in-germany-discovered-with-pre-installed-malware-badbox/
]]> 5:29 germany, badbox, lets encrypt, citrix, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9254 Windows 11 and TPM; Azure MFA Bypass; Struts 2 Vuln; Secret Blizzard vs Ukraine Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows 11 and TPM; Azure MFA Bypass; Struts 2 Vuln; Secret Blizzard vs Ukraine https://traffic.libsyn.com/securitypodcast/9254.mp3 https://isc.sans.edu/podcastdetail/9254 Fri, 13 Dec 2024 02:00:02 GMT https://techcommunity.microsoft.com/blog/windows-itpro-blog/tpm-2-0-%E2%80%93-a-necessity-for-a-secure-and-future-proof-windows-11/4339066
https://www.forbes.com/sites/zakdoffman/2024/12/12/microsoft-warns-400-million-windows-users-do-not-update-your-pc/
Microsoft Azure MFA Bypass
https://www.oasis.security/resources/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass
Struts 2 Arbitrary File Upload CVE-2024-53677
https://cwiki.apache.org/confluence/display/WW/S2-067
Russian actor Secret Blizzard using tools of other groups to attack Ukraine
https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/
]]> 6:18 secret blizzard, ukraine, struts, azure, mfa, windows 11, tpm, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9252 vSphere Scans; Apple Updates; Cleo Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. vSphere Scans; Apple Updates; Cleo Vuln; https://traffic.libsyn.com/securitypodcast/9252.mp3 https://isc.sans.edu/podcastdetail/9252 Thu, 12 Dec 2024 02:00:02 GMT https://isc.sans.edu/diary/Vulnerability%20Symbiosis%3A%20vSphere%3Fs%20CVE-2024-38812%20and%20CVE-2024-38813%20%5BGuest%20Diary%5D/31510
Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS)
https://isc.sans.edu/diary/Apple+Updates+Everything+iOS+iPadOS+macOS+watchOS+tvOS+visionOS/31514/
Widespread exploitation of Cleo file transfer software (CVE-2024-50623)
https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
https://labs.watchtowr.com/cleo-cve-2024-50623/
]]> 5:46 cleo, apple, vsphere, vmware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9250 MSFT Patch Tuesday; Ivanti Vuln; Visual Studio Code Tunnels; Mitigating NTLM Relay Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Tuesday; Ivanti Vuln; Visual Studio Code Tunnels; Mitigating NTLM Relay Attacks https://traffic.libsyn.com/securitypodcast/9250.mp3 https://isc.sans.edu/podcastdetail/9250 Wed, 11 Dec 2024 02:00:01 GMT https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20December%202024/31508
Ivanty Security Advisory
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US
Visual Studio Code Tunnels
https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/
Mitigating NTLM Relay Attacks
https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/
]]> 5:29 ntlm, ivanti, visual studio code, microsoft, patch, tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9248 CURLing DDoS; OpenWRT Vuln; Android Update; RCS Not Always Encrypted Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CURLing DDoS; OpenWRT Vuln; Android Update; RCS Not Always Encrypted https://traffic.libsyn.com/securitypodcast/9248.mp3 https://isc.sans.edu/podcastdetail/9248 Tue, 10 Dec 2024 02:00:02 GMT https://isc.sans.edu/diary/CURLing%20for%20Crypto%20on%20Honeypots/31502
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
Android Monthly Update
https://source.android.com/docs/security/bulletin/pixel/2024-12-01
RCS Not Always Encrypted
https://daringfireball.net/linked/2024/12/04/shame-on-google-messages
]]> 6:17 rcs, android, openwrt, curl, ddos, crypto, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9246 Version Cookies; URL File NTLM Leak; Ultralytics Miner; DaMAgeCard Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Version Cookies; URL File NTLM Leak; Ultralytics Miner; DaMAgeCard https://traffic.libsyn.com/securitypodcast/9246.mp3 https://isc.sans.edu/podcastdetail/9246 Mon, 09 Dec 2024 02:00:02 GMT https://portswigger.net/research/bypassing-wafs-with-the-phantom-version-cookie
URL File NTLM Hash Disclosure
https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html
Ultralytics Library Infected with Miner
https://github.com/ultralytics/ultralytics/issues/18027#issuecomment-2521578169
DaMAgeCard attack targets memory directly thru SD card reader
https://swarm.ptsecurity.com/new-dog-old-tricks-damagecard-attack-targets-memory-directly-thru-sd-card-reader/
]]> 5:38 damagecard, ultralytics, miner, ntml, url file, waf, version, cookie, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9244 BEC Step by Step; Mital MiCollab PoC; Lorex Camera, HPE Aruba Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BEC Step by Step; Mital MiCollab PoC; Lorex Camera, HPE Aruba Vuln; https://traffic.libsyn.com/securitypodcast/9244.mp3 https://isc.sans.edu/podcastdetail/9244 Fri, 06 Dec 2024 02:00:01 GMT https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Business%20Email%20Compromise/31474
Where There s Smoke, There s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day
https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029
Lorex 2K Indoor Wi-Fi Security Camera
https://www.rapid7.com/globalassets/_pdfs/research/pwn2own-iot-2024-lorex-2k-indoor-wi-fi-security-camera-research.pdf
https://www.lorex.com/products/2k-indoor-wi-fi-security-camera
HPE Aruba Vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US
Alan Paller Inducted into the Cybersecurity Hall of Fame
https://cybersecurityhalloffame.org/
]]> 5:27 alan paller, lorex, hp, aruba, hpe, mitel, micollab, bec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9242 Importance of Data Analysis; Stop using SMS; Identity IQ vuln; Solana web3.js Backdoor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Importance of Data Analysis; Stop using SMS; Identity IQ vuln; Solana web3.js Backdoor https://traffic.libsyn.com/securitypodcast/9242.mp3 https://isc.sans.edu/podcastdetail/9242 Thu, 05 Dec 2024 02:00:02 GMT https://isc.sans.edu/diary/Data%20Analysis%3A%20The%20Unsung%20Hero%20of%20Cybersecurity%20Expertise%20%5BGuest%20Diary%5D/31494
FBI Warns iPhone and Android Users Stop Sending Texts
https://www.forbes.com/sites/zakdoffman/2024/12/03/fbi-warns-iphone-and-android-users-stop-sending-texts/
IdentityIQ Improper Access Control Vulnerability CVE-2024-10905
https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905
Solana web3.js Backdoor
https://socket.dev/blog/supply-chain-attack-solana-web3-js-library
]]> 4:50 data analysis, fbi, sms, rcs, identityiq, solana, web3.js, encryption, backdoor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9240 Files in Word; Sat Receiver DDoS Agent; Veeam Vuln; CVE-2024-49039 PoC; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Files in Word; Sat Receiver DDoS Agent; Veeam Vuln; CVE-2024-49039 PoC; https://traffic.libsyn.com/securitypodcast/9240.mp3 https://isc.sans.edu/podcastdetail/9240 Wed, 04 Dec 2024 02:00:02 GMT https://isc.sans.edu/diary/Extracting%20Files%20Embedded%20Inside%20Word%20Documents/31486
Korea arrests CEO for adding DDoS feature to satellite receivers
https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers/
Veeam Vulnerabilities
https://www.veeam.com/kb4679
WPTaskScheduler Presistence and CVE-2024-49039 PoC
https://github.com/je5442804/WPTaskScheduler_CVE-2024-49039
]]> 5:15 word, satteliter, korea, receiver, ddoc, veeam, wptaksscheduler, scheduler, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9238 Credential Guard; AWS Key Rotation; Corrupt Document Phishing; IBM Security Verify Access Appliance vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Credential Guard; AWS Key Rotation; Corrupt Document Phishing; IBM Security Verify Access Appliance vuln; https://traffic.libsyn.com/securitypodcast/9238.mp3 https://isc.sans.edu/podcastdetail/9238 Tue, 03 Dec 2024 02:00:02 GMT https://isc.sans.edu/diary/Credential%20Guard%20and%20Kerberos%20delegation/31488
The Day We Unveiled the Secret Rotation Illusion
https://www.clutch.security/blog/the-day-we-unveiled-the-secret-rotation-illusion
Corrupt Word Documents used in Phshing
https://x.com/anyrun_app/status/1861024182210900357
IBM Security Verify Access Appliance Vulnerabilities
https://www.ibm.com/support/pages/security-bulletin-multiple-security-vulnerabilities-were-found-ibm-security-verify-access-appliance-cve-2024-49803-cve-2024-49804-cve-2024-49805-cve-2024-49806
]]> 6:13 ibm, credentials, static, word, corrupt, aws, keys, apis, credential guard, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9236 AWS Honeypot+SIEM; Obfuscated Infostealer; Magento Skimmer; LogoFAIL Exploit; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AWS Honeypot+SIEM; Obfuscated Infostealer; Magento Skimmer; LogoFAIL Exploit; https://traffic.libsyn.com/securitypodcast/9236.mp3 https://isc.sans.edu/podcastdetail/9236 Mon, 02 Dec 2024 02:00:01 GMT https://isc.sans.edu/diary/SANS%20ISC%20Internship%20Setup%3A%20AWS%20DShield%20Sensor%20%2B%20DShield%20SIEM%20%5BGuest%20Diary%5D/31480
From a Regular Infostealer to its Obfuscated Version
https://isc.sans.edu/diary/From%20a%20Regular%20Infostealer%20to%20its%20Obfuscated%20Version/31484
Credit Card Skimmer Malware Targeting Magento Checkout Pages
https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html
LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux
https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux
Stickers:
https://isc.sans.edu/stickers.html (code PODCAST)
]]> 5:47 stickers, logofail, bootkitty, skimmer, magento, infostealer, obfuscation, aws, dshield, sensor, siem, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9234 Network Detection for Redtail; Next Neighbor; NachoVPN; Keycloak, PAN and Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Network Detection for Redtail; Next Neighbor; NachoVPN; Keycloak, PAN and Patches https://traffic.libsyn.com/securitypodcast/9234.mp3 https://isc.sans.edu/podcastdetail/9234 Wed, 27 Nov 2024 02:00:02 GMT https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Using%20Zeek%2C%20Snort%2C%20and%20Grafana%20to%20Detect%20Crypto%20Mining%20Malware/31472
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/
Introducing NachoVPN: One VPN Server to Pwn Them All
https://blog.amberwolf.com/blog/2024/november/introducing-nachovpn---one-vpn-server-to-pwn-them-all/
Keycloak Patches
https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
Palo Alto Networks Global Protect App
https://security.paloaltonetworks.com/CVE-2024-5921
PHP Updates
https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff
]]> 6:13 php, pan, keycloak, nachovpn, miner, wifi, next neighbor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9232 Quick JS Deobfuscation; PDFs with Passwords; Less Russian Servers; QNAP Bug; 7-ZIP Bug; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Quick JS Deobfuscation; PDFs with Passwords; Less Russian Servers; QNAP Bug; 7-ZIP Bug; https://traffic.libsyn.com/securitypodcast/9232.mp3 https://isc.sans.edu/podcastdetail/9232 Tue, 26 Nov 2024 02:00:02 GMT https://isc.sans.edu/diary/Quick%20%26%20Dirty%20Obfuscated%20JavaScript%20Analysis/31468
Decrypting a PDF With a User Password
https://isc.sans.edu/diary/Decrypting%20a%20PDF%20With%20a%20User%20Password/31466
The strange case of disappearing Russian servers
https://isc.sans.edu/diary/The%20strange%20case%20of%20disappearing%20Russian%20servers/31476
QNAP Buggy Firmware Update
https://community.qnap.com/t/firmware-qts-5-2-2-2950-build-20241114-released/254
7-ZIP Zstandard Decompression Integer Underflow
https://www.zerodayinitiative.com/advisories/ZDI-24-1532/
https://7-zip.org/download.html
]]> 4:22 7zip, qnap, russia, servers, shodan, pdf, javascript, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9230 SVG Phishing; FortiClient VPN Logging; Needrestart Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SVG Phishing; FortiClient VPN Logging; Needrestart Vuln; https://traffic.libsyn.com/securitypodcast/9230.mp3 https://isc.sans.edu/podcastdetail/9230 Fri, 22 Nov 2024 02:00:02 GMT https://isc.sans.edu/diary/Increase%20In%20Phishing%20SVG%20Attachments/31456
Logging blind spot revealed in FortiClient VPN
https://pentera.io/blog/FortiClient-VPN_logging-blind-spot-revealed/
Needrestart Vulnerability
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
]]> 5:37 needrestart, logging, forticlient, phishing, svg, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9228 Apple Patches; Oracle PLM Vulns; OFBiz Patches; D-Link EOL Product Vulns Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Patches; Oracle PLM Vulns; OFBiz Patches; D-Link EOL Product Vulns https://traffic.libsyn.com/securitypodcast/9228.mp3 https://isc.sans.edu/podcastdetail/9228 Thu, 21 Nov 2024 08:50:04 GMT https://isc.sans.edu/diary/Apple%20Fixes%20Two%20Exploited%20Vulnerabilities/31452
Oracle Patch for Agile Product Lifecycle Management CVE-2024-21287
https://www.oracle.com/security-alerts/alert-cve-2024-21287.html
OFBiz Patches CVE-2024-47208 CVE-2024-48962
https://nvd.nist.gov/vuln/detail/CVE-2024-47208
https://seclists.org/oss-sec/2024/q4/95
D-Link Warns of Vulnerability in EOL Devices
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415

]]> 5:03 ofbiz, d-link, oracle, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9226 Python Debugger Detection; PAN-OS Patches; VCenter Attacks; Veritas Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python Debugger Detection; PAN-OS Patches; VCenter Attacks; Veritas Vuln; https://traffic.libsyn.com/securitypodcast/9226.mp3 https://isc.sans.edu/podcastdetail/9226 Wed, 20 Nov 2024 02:45:06 GMT https://isc.sans.edu/diary/Detecting%20the%20Presence%20of%20a%20Debugger%20in%20Linux/31450
Palo Alto Patches
https://security.paloaltonetworks.com/CVE-2024-0012
https://security.paloaltonetworks.com/CVE-2024-9474
VMware vCenter Server Attacks
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968e
Veritas Enterprise Vault Vulnerability
https://www.veritas.com/support/en_US/security/VTS24-014
]]> 6:12 veritas, enterprise, vault, vmware, vcenter, server, palo alto, pan, debugger, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9224 Unpatched Citrix Vuln Exploited; Microsoft Power Pages Issues; Manageengine ADAudit Plus SQL Injection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Unpatched Citrix Vuln Exploited; Microsoft Power Pages Issues; Manageengine ADAudit Plus SQL Injection https://traffic.libsyn.com/securitypodcast/9224.mp3 https://isc.sans.edu/podcastdetail/9224 Tue, 19 Nov 2024 02:00:01 GMT https://isc.sans.edu/diary/Exploit+attempts+for+unpatched+Citrix+vulnerability/31446
https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US
Microsoft Power Pages: Data Exposure Reviewed
https://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/
Zohocorp ManageEngine ADAudit Plus Vulnerable To SQL Injection Attacks CVE-2024-49574
https://www.manageengine.com/products/active-directory-audit/cve-2024-49574.html
]]> 5:13 zohocorp, manageengine, adaudit, microsoft, power pages, ctrix, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9222 Ancient Vulns; GitHub Impersonations; PaloAlto and Fortinet still not secure Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ancient Vulns; GitHub Impersonations; PaloAlto and Fortinet still not secure https://traffic.libsyn.com/securitypodcast/9222.mp3 https://isc.sans.edu/podcastdetail/9222 Mon, 18 Nov 2024 02:00:01 GMT https://isc.sans.edu/diary/Ancient%20TP-Link%20Backdoor%20Discovered%20by%20Attackers/31442
GitHub Projects Targeted with Malicious Commits To Frame Researchers
https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/
PaloAlto and Fortinet Vulnerabilities
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
https://security.paloaltonetworks.com/PAN-SA-2024-0015
https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/
]]> 6:14 paloalto, pan, fortinet, github, impersonation, tp-link, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9220 Microsoft Patch Tuesday; CISA Top Exploited Vulns; APT Embeds Malware Using Flutter Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; CISA Top Exploited Vulns; APT Embeds Malware Using Flutter https://traffic.libsyn.com/securitypodcast/9220.mp3 https://isc.sans.edu/podcastdetail/9220 Wed, 13 Nov 2024 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20November%202024%20Patch%20Tuesday/31438
CISA Top Routinely Exploited Vulnerabilities
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
APT Actors Embed Malware within macOS Flutter Applications
https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
]]> 5:50 apt, macos, flutter, cisa, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9218 PDF Phish Analysis; Mazda Vulns; Ruby SAML Vuln Details; Veeam Vuln; Fake FBI EDRs; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PDF Phish Analysis; Mazda Vulns; Ruby SAML Vuln Details; Veeam Vuln; Fake FBI EDRs; https://traffic.libsyn.com/securitypodcast/9218.mp3 https://isc.sans.edu/podcastdetail/9218 Tue, 12 Nov 2024 02:00:01 GMT https://isc.sans.edu/diary/PDF%20Object%20Streams/31430
Mazda Infotainment Vulnerabilities
https://www.zerodayinitiative.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system
Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight
https://workos.com/blog/ruby-saml-cve-2024-45409
Veeam Backup Enterprise Manager Vulnerability
https://www.veeam.com/kb4682
Security Update for Dell Enterprise SONiC Distribution Vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities
Easy Access to Information for Conducting Fraudulent
Emergency Data Requests Impacts US-Based Companies
and Law Enforcement Agencies
https://www.ic3.gov/CSA/2024/241104.pdf
]]> 6:03 fbi, dell, sonic, veeam, workos, ruby, saml, pdf, pdfid, pdf-parser, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9216 zipdump and PKZIP; Am I Isolated; iOS Lock Reboot; PAN Bulletin; D-Link Vulns Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. zipdump and PKZIP; Am I Isolated; iOS Lock Reboot; PAN Bulletin; D-Link Vulns https://traffic.libsyn.com/securitypodcast/9216.mp3 https://isc.sans.edu/podcastdetail/9216 Mon, 11 Nov 2024 02:00:02 GMT https://isc.sans.edu/diary/zipdump%20%26%20PKZIP%20Records/31428
Am I Isolated
https://github.com/edera-dev/am-i-isolated
Locked iPhones Reboot
https://www.404media.co/police-freak-out-at-iphones-mysteriously-rebooting-themselves-locking-cops-out/
https://x.com/naehrdine/status/1854896392797360484
Palo Alto Networks Bulletin
https://security.paloaltonetworks.com/PAN-SA-2024-0015
D-Link Vulnerability
https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07
]]> 5:18 dlink, palo alto networks, pan, pan-os, iphones, docker, isolated, zipbdump, pkzip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9214 Malicious Steam Bruteforcer; Cisco and Veem Patches; ZIP file issues; File Upload Dangers; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious Steam Bruteforcer; Cisco and Veem Patches; ZIP file issues; File Upload Dangers; https://traffic.libsyn.com/securitypodcast/9214.mp3 https://isc.sans.edu/podcastdetail/9214 Fri, 08 Nov 2024 02:00:02 GMT https://isc.sans.edu/diary/Steam%20Account%20Checker%20Poisoned%20with%20Infostealer/31420
Cisco Ultra Reliable Wireless Backhaul Vulnerability
https://www.cisco.com/site/us/en/products/networking/industrial-wireless/ultra-reliable-wireless-backhaul/index.html
Breaking Down Multipart Parsers: File upload validation bypass
https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/
Evasive ZIP Concatenation: Trojan Targets Windows Users
https://perception-point.io/blog/evasive-concatenated-zip-trojan-targets-windows-users/
Veeam Backup Enterprise Manager Vulnerability (CVE-2024-40715)
https://www.veeam.com/kb4682
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge-2024
]]> 5:51 holiday, hack, challenge, sans, veeam, backup, zip, concatentation, file upload, parser, cisco, steam, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9212 Web Attack Surge; Air Fryer Privacy; Pygmy Goat Malware; Apple Vuln PoC; HPE Aruba critical vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Web Attack Surge; Air Fryer Privacy; Pygmy Goat Malware; Apple Vuln PoC; HPE Aruba critical vuln https://traffic.libsyn.com/securitypodcast/9212.mp3 https://isc.sans.edu/podcastdetail/9212 Thu, 07 Nov 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/%5BGuest%20Diary%5D%20Insights%20from%20August%20Web%20Traffic%20Surge/31408/
Talkative Air Fryer
https://www.which.co.uk/policy-and-insight/article/why-is-my-air-fryer-spying-on-me-which-reveals-the-smart-devices-gathering-your-data-and-where-they-send-it-a9Fa24K6gY1c
Pygmy Goat Malware Report
https://www.ncsc.gov.uk/section/keep-up-to-date/malware-analysis-reports
Apple CVE-2024-44258 PoC Exploit
https://github.com/ifpdz/CVE-2024-44258
HPE Arruba vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
]]> 4:38 hpe, arruba, apple, Poc, pygmy, goat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9210 Python RAT Screen Share; Android Security Bulletin; VMs Delivery Malware; Fake Docusign Invoices Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python RAT Screen Share; Android Security Bulletin; VMs Delivery Malware; Fake Docusign Invoices https://traffic.libsyn.com/securitypodcast/9210.mp3 https://isc.sans.edu/podcastdetail/9210 Wed, 06 Nov 2024 02:00:02 GMT https://isc.sans.edu/diary/Python%20RAT%20with%20a%20Nice%20Screensharing%20Feature/31414
Android Security Bulletin November 2024
https://source.android.com/docs/security/bulletin/2024-11-01
Malware Delivered as Virtual Machine
https://www.securonix.com/blog/crontrap-emulated-linux-environments-as-the-latest-tactic-in-malware-staging/
Fake Docusign Invoices
https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/
]]> 5:26 docusign, malware, vm, android, november, python, rat, screensharing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9208 Analyzing Encrypted PDFs; Okta Passwordless Password Leak; QuRouter Patch; Google AI Tool finds SQLite vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing Encrypted PDFs; Okta Passwordless Password Leak; QuRouter Patch; Google AI Tool finds SQLite vuln https://traffic.libsyn.com/securitypodcast/9208.mp3 https://isc.sans.edu/podcastdetail/9208 Tue, 05 Nov 2024 02:00:02 GMT https://isc.sans.edu/diary/Analyzing%20an%20Encrypted%20Phishing%20PDF/31404
Okta Verify Desktop MFA For Windows Password Less Login CVE-2024-9191
https://trust.okta.com/security-advisories/okta-verify-desktop-mfa-for-windows-passwordless-login-cve-2024-9191/
QNAP QuRouter Vulnerability and Patch
https://www.qnap.com/en/security-advisory/qsa-24-45
From Naptime to Big Sleep
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
Authenticated SQL injection vulnerability - ManageEngine ADManager Plus CVE-2024-48878
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html
]]> 4:53 zoho, manage engine, admanager, naptime, big sleep, qnap, qurouter, Okta, PDF, qpdf, pdf-parser, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9206 Odd SSH Username; QPDF; Okta bcrypt issue; Synology Patches; Fake Lastpass Reviews; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd SSH Username; QPDF; Okta bcrypt issue; Synology Patches; Fake Lastpass Reviews; https://traffic.libsyn.com/securitypodcast/9206.mp3 https://isc.sans.edu/podcastdetail/9206 Mon, 04 Nov 2024 02:00:02 GMT https://isc.sans.edu/diary/October%202024%20Activity%20with%20Username%20chenzilong/31400
qpdf Extracting PDF Streams
https://isc.sans.edu/diary/qpdf%3A%20Extracting%20PDF%20Streams/31406
Okta bcrypt issue
https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/
https://medium.com/@rajat29gupta/how-bcrypts-limitations-contributed-to-okta-s-vulnerability-a-lesson-for-developers-39425c644ed5
Synology Vulnerabilities
https://www.synology.com/de-de/security/advisory/Synology_SA_24_19
https://www.synology.com/de-de/security/advisory/Synology_SA_24_18
Lastpass Fake Reviews
https://blog.lastpass.com/posts/fake-web-store-reviews-attempting-to-steal-customer-data
]]> 5:47 lastpass, synology, brcrypt, okta, chenzilong, qpdf, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9204 RDP Gateway Scans; CyberPanel Exploited; QNAP Patches; Facebook Malvertising Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RDP Gateway Scans; CyberPanel Exploited; QNAP Patches; Facebook Malvertising https://traffic.libsyn.com/securitypodcast/9204.mp3 https://isc.sans.edu/podcastdetail/9204 Thu, 31 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Scans%20for%20RDP%20Gateways/31398
CyberPanel Exploited
https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
Windows Themes Files Spoofing CVE-2024-38030
https://blog.0patch.com/2024/10/we-patched-cve-2024-38030-found-another.html
QNAP Patches CVE-2024-50388, CVE-2024-50387
https://www.qnap.com/en/security-advisory/qsa-24-41
Facebook Malvertising
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
]]> 5:53 facebook, malvertising, bussiness pages, meta, qnap, patches, windows themes, cyberpanel, NTLM, RDP, gateway, scans, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9202 CyberPanel RCE; Spring WebFlux Vuln; MSFT Implements DANE; Attackers Enable RDP Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CyberPanel RCE; Spring WebFlux Vuln; MSFT Implements DANE; Attackers Enable RDP https://traffic.libsyn.com/securitypodcast/9202.mp3 https://isc.sans.edu/podcastdetail/9202 Wed, 30 Oct 2024 02:00:02 GMT https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
Spring WebFlux Vulnerability
https://access.redhat.com/security/cve/cve-2024-38821
https://spring.io/security/cve-2024-38821
Inbound SMTP DANE with DNSSEC for Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292
HeptaX: Unauthorized RDP Connections for Cyberespionage Operations
https://cyble.com/blog/heptax-unauthorized-rdp-connections-for-cyberespionage-operations/

]]> 6:11 heptax, dane, dnssec, rdp, spring, webflux, rce, cyberpanel, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9200 Apple Updates; HTML File Phishing via Telegram; ChatGTP-4o Encoding Evasion Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; HTML File Phishing via Telegram; ChatGTP-4o Encoding Evasion https://traffic.libsyn.com/securitypodcast/9200.mp3 https://isc.sans.edu/podcastdetail/9200 Tue, 29 Oct 2024 02:00:01 GMT https://isc.sans.edu/diary/Apple%20Updates%20Everything/31390
Selfcontained HTML Phishing Attachment Using Telegram to Exfiltrate Credentials
https://isc.sans.edu/diary/Selfcontained+HTML+phishing+attachment+using+Telegram+to+exfiltrate+stolen+credentials/31388/
ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
]]> 5:26 chatgpt, guardrails, apple, html phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9198 Old Ivanti Vulns Exploited; Arcadyan Wifi RCE; Okta iOS Vuln; TeamTNT Docker Hunt Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Old Ivanti Vulns Exploited; Arcadyan Wifi RCE; Okta iOS Vuln; TeamTNT Docker Hunt https://traffic.libsyn.com/securitypodcast/9198.mp3 https://isc.sans.edu/podcastdetail/9198 Mon, 28 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Two%20currently%20%28old%29%20exploited%20Ivanti%20vulnerabilities/31384
Arcadyan FMIMG51AX000J (WiFi Alliance) RCE CVE-2024-41992
https://ssd-disclosure.com/ssd-advisory-arcadyan-fmimg51ax000j-wifi-alliance-rce/
Okta iOS App Vulnerability CVE-2024-10327
https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/
Threat Alert TeamTNT's docker gatling gun campaign
https://www.aquasec.com/blog/threat-alert-teamtnts-docker-gatling-gun-campaign/
]]> 5:38 teamtnt, docker, miner, okta, ios, arcadyan, wifi, alliance, ivanti, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9196 Dev Features in Prod; Cisco VPN DOS and Authenticed RCE; Hard Coded Cloud Credentials Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dev Features in Prod; Cisco VPN DOS and Authenticed RCE; Hard Coded Cloud Credentials https://traffic.libsyn.com/securitypodcast/9196.mp3 https://isc.sans.edu/podcastdetail/9196 Fri, 25 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Development%20Features%20Enabled%20in%20Prodcution/31380
Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials
https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/
Cisco Secure Firewall Management Center Software Command Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7
Exposing the Danger Within: Hardcoded Cloud Credentials in Popular Mobile Apps
https://www.security.com/threat-intelligence/exposing-danger-within-hardcoded-cloud-credentials-popular-mobile-apps
]]> 5:13 cloud, mobile app, cisco, ssh, dos, vpn, development, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9194 Shell Scripts; Fortimanager Mess; Sharepoint Exploit; OpenSSL Patch; Reduced Cert Lifetime Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Shell Scripts; Fortimanager Mess; Sharepoint Exploit; OpenSSL Patch; Reduced Cert Lifetime https://traffic.libsyn.com/securitypodcast/9194.mp3 https://isc.sans.edu/podcastdetail/9194 Thu, 24 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Everybody%20Loves%20Bash%20Scripts.%20Including%20Attackers./31376
Fortimanager Exploited Vulnerability
https://www.fortiguard.com/psirt/FG-IR-24-423
Sharepoint Exploit
https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
OpenSSL Vulnerability
https://openssl-library.org/news/secadv/20241016.txt
Reduced Certificate Lifetime
https://github.com/cabforum/servercert/pull/553

]]> 6:39 certificate, openssl, cisa, sharepoint, fortinet, fortimanager, bash, scripts, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9192 HTTP vs. HTTPS; VMware, Unifi, Roundgroup, Atlassian, OneDev Patches, Vulnerability and Exploits Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HTTP vs. HTTPS; VMware, Unifi, Roundgroup, Atlassian, OneDev Patches, Vulnerability and Exploits https://traffic.libsyn.com/securitypodcast/9192.mp3 https://isc.sans.edu/podcastdetail/9192 Wed, 23 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/How%20much%20HTTP%20%28not%20HTTPS%29%20Traffic%20is%20Traversing%20Your%20Perimeter%3F/31372
VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Unifi Security Advisory Bulletin 043
https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7
Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability.
https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability
Atlassian Security Bulletin - October 15 2024
https://confluence.atlassian.com/security/security-bulletin-october-15-2024-1442910972.html
OneDev Arbitrary file reading for unauthenticated user
https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489
]]> 5:21 onedev, atlassian, roundcube, unifi, vmware, vcenter, http, https, tls, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9190 Emergency Preparedness; HM Surf Exploited; Fortinet and ScienLogic Vague Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emergency Preparedness; HM Surf Exploited; Fortinet and ScienLogic Vague Patches https://traffic.libsyn.com/securitypodcast/9190.mp3 https://isc.sans.edu/podcastdetail/9190 Tue, 22 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/A%20Network%20Nerd%27s%20Take%20on%20Emergency%20Preparedness/31356
HM Surf Vulnerability Access to Camera Exploited CVE-2024-44133
https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/
Fortinet releases patches for undisclosed critical FortiManager vulnerability
https://www.helpnetsecurity.com/2024/10/21/fortimanager-critical-vulnerability/
ScienceLogic Vulnerability
https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6
https://docs.sciencelogic.com/latest/Content/Web_Admin_and_Accounts/System_Administration/sys_admin_system_upgrade.htm
]]> 6:26 sciencelogic, rackspace, fortinet, fortimanager, hm surf, apple, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9188 Lost MSFT 365 Logs; Broken Cloud Storage; ESET Branded Malware; Synology, Spring and Grafana Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Lost MSFT 365 Logs; Broken Cloud Storage; ESET Branded Malware; Synology, Spring and Grafana Updates https://traffic.libsyn.com/securitypodcast/9188.mp3 https://isc.sans.edu/podcastdetail/9188 Mon, 21 Oct 2024 02:00:02 GMT https://m365admin.handsontek.net/multiple-services-partially-incomplete-log-data-due-to-monitoring-agent-issue/
End-to-End Encrytped Cloud Storage in the Wild: A Broken Ecosystem
https://brokencloudstorage.info/paper.pdf
ESET Branded Malware
https://x.com/ESETresearch/status/1847192384448172387
Synology Update
https://www.synology.com/en-us/security/advisory/Synology_SA_24_17
Spring Framework Update CVe-2024-38819 CVE-2024-38820
https://spring.io/blog/2024/10/17/spring-framework-cve-2024-38819-and-cve-2024-38820-published
Grafana Security Release CVE-2024-9264
https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/
]]> 5:42 grafana, spring, synology, eset, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9186 AWS Scans; Gatekeeper Bypass; Oracle CPU; Cisco ATA 190 Patch; SAP Code Injection; Dept of Commerce Advertises Drugs; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AWS Scans; Gatekeeper Bypass; Oracle CPU; Cisco ATA 190 Patch; SAP Code Injection; Dept of Commerce Advertises Drugs; https://traffic.libsyn.com/securitypodcast/9186.mp3 https://isc.sans.edu/podcastdetail/9186 Fri, 18 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Scanning%20Activity%20from%20Subnet%2015.184.0.0%2016/31362
Gatekeeper Bypass
/unit42.paloaltonetworks.com/gatekeeper-bypass-macos/
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2024.html
Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy
SAP Vulnerability
https://redrays.io/blog/poc-sap-note-3433192-code-injection-vulnerability-in-sap-netweaver-as-java/
Dept. of Commerce Sites Advertising Medication
https://x.com/tliston/status/1833542884047654984
]]> 5:52 doc, commerce, cisco, ata, oracle, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9184 Not so Common Passwords; Security Bad Practices; Kubernetes Image Builder Vuln; Solarwinds Helpdesk Exploited; noexec bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Not so Common Passwords; Security Bad Practices; Kubernetes Image Builder Vuln; Solarwinds Helpdesk Exploited; noexec bypass https://traffic.libsyn.com/securitypodcast/9184.mp3 https://isc.sans.edu/podcastdetail/9184 Thu, 17 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/The%20Top%2010%20Not%20So%20Common%20SSH%20Usernames%20and%20Passwords/31360
CISA Product Security Bad Practices
https://www.cisa.gov/resources-tools/resources/product-security-bad-practices
Kubernetes Image Builder Vulnerability CVE-2024-9486 CVE-2024-9594
https://discuss.kubernetes.io/t/security-advisory-cve-2024-9486-and-cve-2024-9594-vm-images-built-with-kubernetes-image-builder-use-default-credentials/30119
Solarwinds Hardcoded Password Exploited CVE-2024-28987
https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/
Bypassing noexec and executing arbitrary binaries
https://iq.thc.org/bypassing-noexec-and-executing-arbitrary-binaries
Workshop Website:
https://www.sansapi.com/
https://www.sansapi.com/docs
]]> 5:38 api, workdshop, noexec, solarwinds, kubernetes, cisa, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9182 Demo Script Exploits; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Demo Script Exploits; https://traffic.libsyn.com/securitypodcast/9182.mp3 https://isc.sans.edu/podcastdetail/9182 Wed, 16 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Angular-base64-upload%20Demo%20Script%20Exploited%20%28CVE-2024-42640%29/31354
Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage
http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf
EDRSilencer
https://github.com/netero1010/EDRSilencer
Synchronizing Passkeys
https://fidoalliance.org/specifications-credential-exchange-specifications/
]]> 6:44 passkeys, edrsilencer, quantum annealing, quantum computing, crypto, quantum, angular, base64, upload, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9180 Blog Phishing; Fortigate Vuln Deep Dive; CLI Entrypoint Takeover Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Blog Phishing; Fortigate Vuln Deep Dive; CLI Entrypoint Takeover https://traffic.libsyn.com/securitypodcast/9180.mp3 https://isc.sans.edu/podcastdetail/9180 Tue, 15 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Phishing%20Page%20Delivered%20Through%20a%20%20Blob%20URL/31350
Fortinet Fortigate CVE 2024-23113 deep dive
https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/
This New Supply Chain Attack Technique Can Trojanize All Your CLI Commands
https://checkmarx.com/blog/this-new-supply-chain-attack-technique-can-trojanize-all-your-cli-commands/
]]> 5:43 python, npm, entrypoint, cli, developers, phishing, blog, fortinet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9178 Windows PPTP/L2TP Deprecation; BIG-IP Cookie Issues; Travel Platforms Targeted Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows PPTP/L2TP Deprecation; BIG-IP Cookie Issues; Travel Platforms Targeted https://traffic.libsyn.com/securitypodcast/9178.mp3 https://isc.sans.edu/podcastdetail/9178 Mon, 14 Oct 2024 02:00:01 GMT https://techcommunity.microsoft.com/t5/windows-server-news-and-best/pptp-and-l2tp-deprecation-a-new-era-of-secure-connectivity/ba-p/4263956
BIG-IP LTM Systems Unencrypted Cookie Exploitation
https://www.cisa.gov/news-events/alerts/2024/10/10/best-practices-configure-big-ip-ltm-systems-encrypt-http-persistence-cookies
https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/
https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/
]]> 5:56 pptp, l2tp, big-ip, cookies, travel, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9176 PaloAlto "Exploit"; Firefox 0-Day; GitLab Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PaloAlto "Exploit"; Firefox 0-Day; GitLab Vuln; https://traffic.libsyn.com/securitypodcast/9176.mp3 https://isc.sans.edu/podcastdetail/9176 Fri, 11 Oct 2024 02:00:02 GMT https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/
Firefox 0-Day
https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
GitLab Vulnerabilities Patched
https://securityonline.info/cve-2024-9164-cvss-9-6-gitlab-users-urged-to-update-now/
]]> 5:08 gitlab, firefox, palo alto, expedition, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9174 Perfctl to Infostealer; Wazuh Malware Distribution; USB Airgab Bridge; Fortigate Vuln Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Perfctl to Infostealer; Wazuh Malware Distribution; USB Airgab Bridge; Fortigate Vuln Exploited https://traffic.libsyn.com/securitypodcast/9174.mp3 https://isc.sans.edu/podcastdetail/9174 Thu, 10 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/From%20Perfctl%20to%20InfoStealer/31334
Wazuh Abused by Miner Campaign
https://securelist.com/miner-campaign-misuses-open-source-siem-agent/114022/
USB Sticks Still Bridge Airgaps
https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/
Fortigate Vulnerability now being exploited
https://nvd.nist.gov/vuln/detail/CVE-2024-23113
]]> 5:39 fortigate, usb, bridge, arigap, wazuh, miner, infostealer, perfctl, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9172 Microsoft Patch Tuesday; Adobe Patches; .io ccTLD discontinuing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Patches; .io ccTLD discontinuing https://traffic.libsyn.com/securitypodcast/9172.mp3 https://isc.sans.edu/podcastdetail/9172 Wed, 09 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20October%202024/31336
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
The Disappearance of an Internet Domain
https://every.to/p/the-disappearance-of-an-internet-domain
]]> 6:30 .io, domain, adobe, patches, microsoft, october, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9170 Sequoia Update Issues; Cisco Vuln; iTunes Priv Esc PoC; ISP Wiretap Spying Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sequoia Update Issues; Cisco Vuln; iTunes Priv Esc PoC; ISP Wiretap Spying https://traffic.libsyn.com/securitypodcast/9170.mp3 https://isc.sans.edu/podcastdetail/9170 Tue, 08 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/macOS%20Sequoia%3A%20System%20Network%20Admins%2C%20Hold%20On!/31330
Cisco Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms
Apple iTunes PoC
https://github.com/mbog14/CVE-2024-44193
Attackers used ISP's Wiretap System to Spy on Users
https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835
https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/
]]> 5:36 isp, wiretap, attackers, apple, itunes, cisco, macos, sequoia, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9168 CUPS Vuln Scans; Exposed LDAP Servers; Visual Studio Dump File Exploits; Apple Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CUPS Vuln Scans; Exposed LDAP Servers; Visual Studio Dump File Exploits; Apple Updates https://traffic.libsyn.com/securitypodcast/9168.mp3 https://isc.sans.edu/podcastdetail/9168 Mon, 07 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Survey%20of%20CUPS%20exploit%20attempts/31326
Exposed LDAP Servers
https://www.usenix.org/conference/usenixsecurity24/presentation/kaspereit
Exploiting Visual Studio via Dump Files
https://ynwarcs.github.io/exploiting-vs-dump-files
Apple Security Updates
https://support.apple.com/en-us/100100
Free API Security Workshop
https://www.sans.org/webcasts/aviata-solo-flight-challenge-cloud-security-workshop-chapter-7/
]]> 5:34 apple, ldap, visual studio, cups, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9166 DShieldKickStarted; Abused Cloud Services; Pixel Phones Baseband Security; Optigo Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DShieldKickStarted; Abused Cloud Services; Pixel Phones Baseband Security; Optigo Vulnerabilities https://traffic.libsyn.com/securitypodcast/9166.mp3 https://isc.sans.edu/podcastdetail/9166 Fri, 04 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Kickstart%20Your%20DShield%20Honeypot%20%5BGuest%20Diary%5D/31320
CreanaKeeper Use of Cloud Services
https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/

Pixel Addressing Vulnerabilities in Cellular Modems
https://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html
Optigo Spectra Vulnerabilities
https://claroty.com/team82/disclosure-dashboard/cve-2024-41925
https://claroty.com/team82/disclosure-dashboard/cve-2024-45367
]]> 5:53 optigo, spectra, php, pixel, modems, baseband, creanakeeper, dropbox, kickstart, dshield, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9164 Security Docker Containers; CUPS DDoS Attack; Draytek Vulnerabilities; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Security Docker Containers; CUPS DDoS Attack; Draytek Vulnerabilities; https://traffic.libsyn.com/securitypodcast/9164.mp3 https://isc.sans.edu/podcastdetail/9164 Thu, 03 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Security%20related%20Docker%20containers/31318
CUPS DDoS Attack
https://www.akamai.com/blog/security-research/october-cups-ddos-threat
Draytek Vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
SANS Munich (free Community Night Tuesday October 15th)
https://www.sans.org/cyber-security-training-events/munich-october-2024/
]]> 6:35 munich, bojan, draytek, cups, ddos, containers, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9162 Hurricane Aftermath; Zimbra Vuln and Exploit; MSFT Edge Extension Security; Supermicro BMC flaw Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hurricane Aftermath; Zimbra Vuln and Exploit; MSFT Edge Extension Security; Supermicro BMC flaw https://traffic.libsyn.com/securitypodcast/9162.mp3 https://isc.sans.edu/podcastdetail/9162 Wed, 02 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Hurricane%20Helene%20Aftermath%20-%20Cyber%20Security%20Awareness%20Month/31314
Zimbra - Remote Command Execution (CVE-2024-45519)
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
Enhancing the security of Microsoft Edge extensions with the new Publish API
https://blogs.windows.com/msedgedev/2024/09/30/enhanced-security-for-extensions-with-new-publish-api/
CVE-2024-36435 Deep-Dive: The Year s Most Critical BMC Security Flaw
https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw
]]> 5:43 supermicro, bmc, edge, microsoft, extensions, zimbra, helene, cyber security awareness month, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9160 Mac-Robber Update; Recall Re-Released; Hybrid Cloud Attacks; Ransomware IDs; What's Up Gold Patch; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mac-Robber Update; Recall Re-Released; Hybrid Cloud Attacks; Ransomware IDs; What's Up Gold Patch; https://traffic.libsyn.com/securitypodcast/9160.mp3 https://isc.sans.edu/podcastdetail/9160 Tue, 01 Oct 2024 02:00:02 GMT https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py%20and%20le-hex-to-ip.py/31310
Ransomware Attacks Expanding to Hybrid Cloud Environments
https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/
Update on Recall Security and Privacy Architecture
https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/
Detecting Ransomware in Windows Event Logs
https://blogs.jpcert.or.jp/en/2024/09/windows.html
Progress WhatsUp Gold Update
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024?popup=true&overview
Singapore Class
https://jbu.me/singapore
]]> 6:16 singapore, ransomware, event logs, windows, whatsup gold, progress, recall, cloud, hybrid, mac-robber, le-hex-to-ip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9158 CUPS Vulnerability Update; PHP Updates; Chinese Firewall and DNS; HPE Aruba Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CUPS Vulnerability Update; PHP Updates; Chinese Firewall and DNS; HPE Aruba Patches https://traffic.libsyn.com/securitypodcast/9158.mp3 https://isc.sans.edu/podcastdetail/9158 Mon, 30 Sep 2024 02:00:02 GMT https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302
PHP Updates
https://www.php.net/ChangeLog-8.php#8.1.30
DNS And Big Chinese Firewall
https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall
https://isc.sans.edu/diary/Are+You+Piratebay+thepiratebayorg+Resolving+to+Various+Hosts/19175
HPE Aruba Networking Vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
]]> 7:00 hpe, aruba, dns, firewall, php, updates, cups, vulnerability, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9156 Patch for Critical CUPS vulnerability: Don't Panic Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Patch for Critical CUPS vulnerability: Don't Panic https://traffic.libsyn.com/securitypodcast/9156.mp3 https://isc.sans.edu/podcastdetail/9156 Fri, 27 Sep 2024 02:00:02 GMT https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302
]]> 6:53 cups, browsed, filter, evilsocket, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9154 Corrupt DNS DDoS; SolarWindows Hard Coded Credentials; Watchguard Advisory; Infostealers and Encrypted Cookie Data Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Corrupt DNS DDoS; SolarWindows Hard Coded Credentials; Watchguard Advisory; Infostealers and Encrypted Cookie Data https://traffic.libsyn.com/securitypodcast/9154.mp3 https://isc.sans.edu/podcastdetail/9154 Thu, 26 Sep 2024 02:00:02 GMT https://isc.sans.edu/diary/DNS%20Reflection%20Update%20and%20Odd%20Corrupted%20DNS%20Requests/31296
CVE-2024-28987 Solarwinds Web Help Desk Hardcoded Credentials Vulnerability
https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/ cve-2024-28987
Watchguard Unauthenticated and Unencrypted SSO Protocol
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014
Infostealers Overcome Chrome's App Bound Encryption
https://securityonline.info/infostealers-overcome-chromes-app-bound-encryption-threatening-user-data-security/
]]> 7:01 chrome, cookies, infostealer, watchguard, solarwinds, helpdesk, dns, reflection, dos, ddos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9152 RAISECOM Exploit; Cellopoint Vuln; Cisco Smart Licensing Details; Ivanty Traffic Manager Exploited; Linux Vulnerablity Controversy; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RAISECOM Exploit; Cellopoint Vuln; Cisco Smart Licensing Details; Ivanty Traffic Manager Exploited; Linux Vulnerablity Controversy; https://traffic.libsyn.com/securitypodcast/9152.mp3 https://isc.sans.edu/podcastdetail/9152 Wed, 25 Sep 2024 02:00:02 GMT https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292
Cellopoint Vulnerability CVE-2024-9043
https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html
Cisco Smart Licensing Vulnerability Details
https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html
Ivanti Virtual Traffic Manager Exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
GNU Linux Systems Possible Critical Vulnerability
https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu-linux-systems-awaiting-full-disclosure/
]]> 5:27 linux, gnu, vulnerability, controversy, ivanti, virtual traffic manager, cisco, smart licensing, cellopoint, raisecom, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9150 Resurected Phishing Tricks; Kaspersky installs Ultra AV; Microchip ASF tinydhcp Vulnerability; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Resurected Phishing Tricks; Kaspersky installs Ultra AV; Microchip ASF tinydhcp Vulnerability; https://traffic.libsyn.com/securitypodcast/9150.mp3 https://isc.sans.edu/podcastdetail/9150 Tue, 24 Sep 2024 02:00:05 GMT https://isc.sans.edu/diary/Phishing%20links%20with%20%40%20sign%20and%20the%20need%20for%20effective%20security%20awareness%20building/31288
Kaspersky Deletes Itself Installs UltraAV Antivirus Without Warning
https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/
Microchip ASF tinydhcp Vulnerability
https://kb.cert.org/vuls/id/138043
]]> 5:33 microchip, asf, tinydhcp, kaspersky, ultraav, antivirus, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9148 WSUS Deprecation; Windows Hotpatches; WHOIS and Certificates; Versa Vuln; Apache HugeGraph Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WSUS Deprecation; Windows Hotpatches; WHOIS and Certificates; Versa Vuln; Apache HugeGraph Exploit https://traffic.libsyn.com/securitypodcast/9148.mp3 https://isc.sans.edu/podcastdetail/9148 Mon, 23 Sep 2024 02:00:01 GMT https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436
Windows Server 2025 Hotpatches
https://techcommunity.microsoft.com/t5/windows-server-news-and-best/now-in-preview-hotpatch-for-windows-server-2025/ba-p/4248296
Google Suggests Not Using WHOIS for Certificate Validation
https://lists.cabforum.org/pipermail/servercert-wg/2024-September/004821.html
Versa Director Vulnerability
https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9
Apache Hugegraph Vulnerability Exploited
https://nvd.nist.gov/vuln/detail/CVE-2024-27348
]]> 5:13 apache, hugegraph, versa, director, google, whois, certificate, windows, server, hotpatches, Update, WSUS, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9146 Fake GitHub Notices; More Iventi CVS Vulns; Deanonymizing Tor; iPhone Unlockers; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake GitHub Notices; More Iventi CVS Vulns; Deanonymizing Tor; iPhone Unlockers; https://traffic.libsyn.com/securitypodcast/9146.mp3 https://isc.sans.edu/podcastdetail/9146 Fri, 20 Sep 2024 02:00:02 GMT https://isc.sans.edu/diary/Fake%20GitHub%20Site%20Targeting%20Developers/31282
Ivanti CSA 4.6 Advisory
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US
German Police Deanonymizes Tor User
https://blog.torproject.org/tor-is-still-safe/
Ever wonder how crooks get the credentials to unlock stolen phones?
https://arstechnica.com/security/2024/09/cops-bust-website-crooks-used-to-unlock-1-2-million-stolen-mobile-phones/
]]> 7:35 iphone, unlocker, police, tor, ivatny, csa, github, fake, phishing, developers, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9144 Python Infostealer Targeting Exodus; Service Now KB Leaks; GitLab Patch; Aruba Patch; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python Infostealer Targeting Exodus; Service Now KB Leaks; GitLab Patch; Aruba Patch; https://traffic.libsyn.com/securitypodcast/9144.mp3 https://isc.sans.edu/podcastdetail/9144 Thu, 19 Sep 2024 02:00:01 GMT https://isc.sans.edu/diary/Python%20Infostealer%20Patching%20Windows%20Exodus%20App/31276
Service Now Knoledge Bases Data Exposures
https://appomni.com/ao-labs/servicenow-knowledge-bases-data-exposures-uncovered/
Gitlab Patch
https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/
Aruba Patch
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
]]> 4:13 aruba, gitlab, service now, python, exodus, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9142 Python Exfiltration; VMWare VCenter Patch; macOS Calendar Exploit; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python Exfiltration; VMWare VCenter Patch; macOS Calendar Exploit; https://traffic.libsyn.com/securitypodcast/9142.mp3 https://isc.sans.edu/podcastdetail/9142 Wed, 18 Sep 2024 02:00:02 GMT https://isc.sans.edu/diary/23%3A59%2C%20Time%20to%20Exfiltrate!/31272
Critical VMWare VCenter Vulnerability
https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/
Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS
https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b
Google Adds Latest Post Quantum Encryption Standard to Chrome
https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
]]> 5:18 python, firebase, vmware, vcenter, calendar, macos, google, chrome, quantum, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9140 PE Overlays; Apple Updates; Ivanti EOL Issue; MSFT Patch Tuesday Revision; DLink Vulns; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PE Overlays; Apple Updates; Ivanti EOL Issue; MSFT Patch Tuesday Revision; DLink Vulns; https://traffic.libsyn.com/securitypodcast/9140.mp3 https://isc.sans.edu/podcastdetail/9140 Tue, 17 Sep 2024 02:25:18 GMT https://isc.sans.edu/forums/diary/Managing%20PE%20Files%20With%20Overlays/31268/
Apple Updates
https://support.apple.com/en-us/100100
Ivanti EOL Cloud Service Appliances
https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance
Microsoft Revises September Update
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43461
DLink Vulnerabilities
https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html
https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
]]> 5:14 dlink, microsoft, september, mshtml, ivanti, csa, overlays, python, pe, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9138 DBScan Examples; Credential Flusher; Ivanti Vulnerabilities; File Sender; Docker Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DBScan Examples; Credential Flusher; Ivanti Vulnerabilities; File Sender; Docker Patch https://traffic.libsyn.com/securitypodcast/9138.mp3 https://isc.sans.edu/podcastdetail/9138 Mon, 16 Sep 2024 02:00:02 GMT https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%202/31194
Auto IT Credential Flusher
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Ivanti Patches
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/
File Sender Vulnerability
https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/
Docker Patches
https://docs.docker.com/desktop/release-notes/#4342
]]> 6:03 docker, file sender, ivanti, auto-it, honeypot, dbscan, credential flusher, kiosk mode, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9136 Whois Trust Issues; MSFT Security APIs; MSFT PQC Implementation; GitLbab Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Whois Trust Issues; MSFT Security APIs; MSFT PQC Implementation; GitLbab Patch https://traffic.libsyn.com/securitypodcast/9136.mp3 https://isc.sans.edu/podcastdetail/9136 Fri, 13 Sep 2024 02:00:02 GMT https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
Microsoft Reconsidering Security Tool API
https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/
Microsoft implents PQC in SymCrypt
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-s-quantum-resistant-cryptography-is-here/ba-p/4238780
GitLab Patch
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/#execute-environment-stop-actions-as-the-owner-of-the-stop-action-job
]]> 5:13 gitlab, microsoft, pqc, symcrypt, security tool, mobi, whois, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9134 Microsoft, Adobe and Ivanti Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft, Adobe and Ivanti Patches https://traffic.libsyn.com/securitypodcast/9134.mp3 https://isc.sans.edu/podcastdetail/9134 Wed, 11 Sep 2024 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20September%202024%20Patch%20Tuesday/31254
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Ivanti Patches
https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
]]> 6:00 ivanti, adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9132 LoadMaster Vuln; HAProxy Patch; Sonicwall SSLVPN Ransomware; Kibana Update; VSCode Abuse Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LoadMaster Vuln; HAProxy Patch; Sonicwall SSLVPN Ransomware; Kibana Update; VSCode Abuse https://traffic.libsyn.com/securitypodcast/9132.mp3 https://isc.sans.edu/podcastdetail/9132 Tue, 10 Sep 2024 03:20:05 GMT https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591
HA Proxy Patch
https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html
Akira Ransomware Campaign Targeting Sonicwall SSLVPN Accounts
https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts/
Kibana Deserializatio Vulnerability
https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119
Stately Taurus Abuses VSCode
https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/
]]> 4:29 china, taurus, vscode, kibana, elastic, sslvpn, sonicwall, ransomware, haproxy, loadmaster, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9130 Hashcat Power Use; Fake Job Ads; Android OCR Password Stealer; Spouse Sextortion Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hashcat Power Use; Fake Job Ads; Android OCR Password Stealer; Spouse Sextortion https://traffic.libsyn.com/securitypodcast/9130.mp3 https://isc.sans.edu/podcastdetail/9130 Mon, 09 Sep 2024 02:50:06 GMT https://isc.sans.edu/diary/Password%20Cracking%20%26%20Energy%3A%20More%20Dedails/31242
Python Notpad ++
https://isc.sans.edu/diary/Python%20%26%20Notepad%2B%2B/31240
Fake LinkedIn Job Ads
https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/
Android Crypto Passphrase Stealer with OCR
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/
Sextortion Scam Now use Your Chating Spouses Name as a Lure
https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/
]]> 6:15 sextortion, spouse, android, ocr, crypto wallet, stealer, notepad, power, hashcat, linkedin, job ad, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9128 Enriching Logs; Veeam Update; More OFBiz Issues; Cisco License Manager Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Enriching Logs; Veeam Update; More OFBiz Issues; Cisco License Manager Patches; https://traffic.libsyn.com/securitypodcast/9128.mp3 https://isc.sans.edu/podcastdetail/9128 Fri, 06 Sep 2024 02:25:06 GMT https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236
Veeam Update
https://www.veeam.com/kb4649
New OFBiz Vulnerabilities
https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/
Cisco Smart License Manager Patches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
]]> 6:04 cisco, ofbiz, veeam, enrichment, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9126 Moodle Scans; PyPi Revival Hijack; Android Updates; Mediatec Wifi PoC; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Moodle Scans; PyPi Revival Hijack; Android Updates; Mediatec Wifi PoC; https://traffic.libsyn.com/securitypodcast/9126.mp3 https://isc.sans.edu/podcastdetail/9126 Thu, 05 Sep 2024 03:20:05 GMT https://isc.sans.edu/diary/Scans+for+Moodle+Learning+Platform+Following+Recent+Update/31230
PyPi Rivival HiJack
https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
Android Updates
https://source.android.com/docs/security/bulletin/2024-09-01
Mediatec WAPPD PoC Exploit
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html#wrapping-up
]]> 6:50 mediatec, android, pypi, moodle, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9124 OOXML Text Docs; Photo Sextortion; Zyxel Vuln; DLink Vuln; VMWare Patch; YubiKey Sidechannel Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OOXML Text Docs; Photo Sextortion; Zyxel Vuln; DLink Vuln; VMWare Patch; YubiKey Sidechannel https://traffic.libsyn.com/securitypodcast/9124.mp3 https://isc.sans.edu/podcastdetail/9124 Wed, 04 Sep 2024 02:00:01 GMT https://isc.sans.edu/diary/Protected%20OOXML%20Text%20Documents/31078
Sextortion E-Mails with Photos
https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/
Zyxel OS Command Injection Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024
D-Link DIR-846W Unpatched RCE Vulnerabilities
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411
VMWare Priviledge Escalation Vulnerability CVe-2024-38811
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939
YubiKey Sidechannel Attack
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
https://www.yubico.com/support/security-advisories/ysa-2024-03/
]]> 6:42 yubikey, vmware, fusion, d-link, dir-846W, zyxel, Sextortion, ooxml, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9122 Convert Wireshark Filter; GitHub Comments Spreading Malware; Google Sheets C2; Jenkins PoC; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Convert Wireshark Filter; GitHub Comments Spreading Malware; Google Sheets C2; Jenkins PoC; https://traffic.libsyn.com/securitypodcast/9122.mp3 https://isc.sans.edu/podcastdetail/9122 Tue, 03 Sep 2024 02:00:02 GMT https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224
GitHub Comments Used to Spread Malware
https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/
Voldemort Malware Curses Orgs Using Global Tax Authorities
https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities
Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
]]> 5:41 jenkins, volemort, google sheets, github, wireshark, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9120 Python DLL Patching; Global Protect Phishing; BlackByte Ransomware; Exposed AI Services; Detecting Lateral Movement @sans_edu @BriPwn Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python DLL Patching; Global Protect Phishing; BlackByte Ransomware; Exposed AI Services; Detecting Lateral Movement @sans_edu @BriPwn https://traffic.libsyn.com/securitypodcast/9120.mp3 https://isc.sans.edu/podcastdetail/9120 Fri, 30 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/Live%20Patching%20DLLs%20with%20Python/31218
Global Protect Phishing
https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html
BlackByte Ransomware Update
https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/
The Risks Lurking in Publicly Exposed GenAI Development Services
https://www.legitsecurity.com/blog/the-risks-lurking-in-publicly-exposed-genai-development-services
Finding Lateral Movement of Adversaries Through the Noise of Systems Administration
https://www.sans.edu/cyber-research/finding-lateral-movement-adversaries-through-noise-systems-administration/
YouTube Channel: https://www.youtube.com/c/CyberAttackDefense
]]> 14:01 lateral movement, sans_edu, genai, exposed, llm, blackbyte, vmware, global protect, pan, palo alto, patching, dlls, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9118 Kibana Vega; EDR Killers; Iran Ransomware; Confluence Exploit; Fortra Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Kibana Vega; EDR Killers; Iran Ransomware; Confluence Exploit; Fortra Vulnerability https://traffic.libsyn.com/securitypodcast/9118.mp3 https://isc.sans.edu/podcastdetail/9118 Thu, 29 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/Vega-Lite%20with%20Kibana%20to%20Parse%20and%20Display%20IP%20Activity%20over%20Time/31210
Attack tool update impairs Windows computers
https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a
Confluence Vulnerabilty Exploited for Crypto Miners
https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html
Fortra FileCatalyst Workflow Hard Coded HSQLDB Credentials
https://www.fortra.com/security/advisories/product-security/fi-2024-011
]]> 5:49 fortra, filecatalyst, workflow, hsqldb, confulence, miners, iran, vega, atlasian, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9116 Why Python; OFBiz Update; Versa Directory Exploit; Chrome Exploit; SGX Key Leak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Why Python; OFBiz Update; Versa Directory Exploit; Chrome Exploit; SGX Key Leak https://traffic.libsyn.com/securitypodcast/9116.mp3 https://isc.sans.edu/podcastdetail/9116 Wed, 28 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/Why%20Is%20Python%20so%20Popular%20to%20Infect%20Windows%20Hosts%3F/31208
OFBiz Vulnerability Update
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2024-38856
Versa Directory Vulnerability Exploited
https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/
Google Chrome Vulnerability Exploited
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
SGX Key Leak
https://x.com/_markel___/status/1828112469010596347
]]> 6:08 sgx, intel, google, chrome, versa, ofbiz, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9114 Obfuscated XWorm/Redline; Windows IPv6 PoC CVE-2024-38063; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscated XWorm/Redline; Windows IPv6 PoC CVE-2024-38063; https://traffic.libsyn.com/securitypodcast/9114.mp3 https://isc.sans.edu/podcastdetail/9114 Tue, 27 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/From%20Highly%20Obfuscated%20Batch%20File%20to%20XWorm%20and%20Redline/31204
CVE-2024-38063 Windows IPv6 Issue PoC Exploit
https://github.com/ynwarcs/CVE-2024-38063
Not a vulnerability
https://github.com/juwenyi/CVE-2024-42992
]]> 5:34 pandas, vulnerability, windows, ipv6, cve-2024-38063, xworm, redline, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9112 Pandas Encoding Errors; Crowdstrike Slowness; CopyBara; SonicWall Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Pandas Encoding Errors; Crowdstrike Slowness; CopyBara; SonicWall Patch https://traffic.libsyn.com/securitypodcast/9112.mp3 https://isc.sans.edu/podcastdetail/9112 Mon, 26 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/Pandas%20Errors%3A%20What%20encoding%20are%20my%20logs%20in%3F/31200
Crowdstrike Performance Issues
https://www.reddit.com/r/sysadmin/comments/1eyfex6/at_least_its_not_on_a_friday/
CopyBara Malware
https://www.zscaler.com/blogs/security-research/technical-analysis-copybara#conclusion
SonicWall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
]]> 5:34 pandas, parsing, encoding, crowdstriek, copybara, sonicwall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9110 OpenAI Scans; MSFT Broke Linux Boot; Chrome 0-Day; @Cisco Vuln; @Solarwinds Helpdesk; Memory Safety @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OpenAI Scans; MSFT Broke Linux Boot; Chrome 0-Day; @Cisco Vuln; @Solarwinds Helpdesk; Memory Safety @sans_edu https://traffic.libsyn.com/securitypodcast/9110.mp3 https://isc.sans.edu/podcastdetail/9110 Fri, 23 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/OpenAI%20Scans%20for%20Honeypots.%20Artificially%20Malicious%3F%20Action%20Abuse%3F/31196
Broken Linux Boot Partitions after August Microsoft Update
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2#3377msgdesc
Google Fixes Chrome 0-day
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
Cisco Zero Day Exploited (now Patched)
https://www.sygnia.co/blog/china-threat-group-velvet-ant-cisco-zero-day/
Solar Winds Helpdesk Backdoor
https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
Securing the Future: How Memory-Safe Programming Languages Impact Industry Safety (Christopher Ross)
https://www.sans.edu/cyber-research/securing-future-how-memory-safe-programming-languages-impact-industry-safety/
]]> 15:20 openai, msft, linux, boot, chrome, cisco, solarwinds, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9108 DNSTwist on New Domains; Slack AI Prompt Injection; PWA Phishing; QNAP Ransomware Security; @PromptArmor @sudo_Rem Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNSTwist on New Domains; Slack AI Prompt Injection; PWA Phishing; QNAP Ransomware Security; @PromptArmor @sudo_Rem https://traffic.libsyn.com/securitypodcast/9108.mp3 https://isc.sans.edu/podcastdetail/9108 Thu, 22 Aug 2024 01:23:00 GMT https://isc.sans.edu/diary/Mapping%20Threats%20with%20DNSTwist%20and%20the%20Internet%20Storm%20Center%20%5BGuest%20Diary%5D/31188
Slack AI Prompt Injection
https://promptarmor.substack.com/p/slack-ai-data-exfiltration-from-private
Phishing in PWA Applications
https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/
QNAP Ransomware Security Center
https://www.qnap.com/en/news/2024/qnap-officially-releases-qts-5-2-introducing-security-center-for-active-file-activity-monitoring-elevated-security-and-data-protection
]]> 7:05 qnap, phishing, slack ai, dnstwist, dns, sans_edu, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9106 MSFT IPv6 Vuln Update; MSFT August update and Linux boot issues; php cgi-bin exploited; f5 updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT IPv6 Vuln Update; MSFT August update and Linux boot issues; php cgi-bin exploited; f5 updates https://traffic.libsyn.com/securitypodcast/9106.mp3 https://isc.sans.edu/podcastdetail/9106 Wed, 21 Aug 2024 02:00:01 GMT https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186
Microsoft August Update Prevents Linux from Booting
https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354
PHP CGI Vulnerability Exploited CVE-2024-4577
https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns
F5 Updates
https://my.f5.com/manage/s/article/K000140111
https://my.f5.com/manage/s/article/K000140108
]]> 4:54 f5, big-ip, php, cgi, microsoft, august, secure boot, safe boot, ipv6, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9104 Marshal Python Obfuscation; MacOS Entitlements and MSFT Apps; Digital Wallet Loophole; MSFT CVE-2024-38063 Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Marshal Python Obfuscation; MacOS Entitlements and MSFT Apps; Digital Wallet Loophole; MSFT CVE-2024-38063 Update https://traffic.libsyn.com/securitypodcast/9104.mp3 https://isc.sans.edu/podcastdetail/9104 Tue, 20 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/Do%20you%20Like%20Donuts%3F%20Here%20is%20a%20Donut%20Shellcode%20Delivered%20Through%20PowerShell%20Python/31182
How Vulnerabilities in Microsoft Apps for MacOS allow Stealing Permissions
https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/
Digital Wallet Security Loophole
https://www.umass.edu/news/article/new-study-reveals-loophole-digital-wallet-security-even-if-rightful-cardholder-doesnt
Microsoft IPv6 Vulnerability CVE-2024-38063
https://x.com/f4rmpoet/status/1825472703223992323
YouTube Video (going live 10am ET)
https://www.youtube.com/watch?v=miBb1llFOYQ
]]> 7:12 youtube, ipv6, microsoft, cve-2024-38063, digital wallet, credit card, marshal, python, donut, macos, apps, microsoft, entitlements, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9102 Summarizing WebHpot Logs; Exposed env files; Chrome Auto Redaction; Google Ad Scammers; Hacking Bike Shifters; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Summarizing WebHpot Logs; Exposed env files; Chrome Auto Redaction; Google Ad Scammers; Hacking Bike Shifters; https://traffic.libsyn.com/securitypodcast/9102.mp3 https://isc.sans.edu/podcastdetail/9102 Mon, 19 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/%5BGuest%20Diary%5D%207%20minutes%20and%204%20steps%20to%20a%20quick%20win%3A%20A%20write-up%20on%20custom%20tools/31170
Large Scale Cloud Extortion Operation
https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
Chrome Redacting Credit Cards and Passwords when you share Android Screens
https://www.bleepingcomputer.com/news/google/chrome-will-redact-credit-cards-passwords-when-you-share-android-screen/
Google Products Targeted by Search Ad Scammers
https://www.malwarebytes.com/blog/scams/2024/08/dozens-of-google-products-targeted-by-scammers-via-malicious-search-ads
MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicyles
https://www.usenix.org/system/files/woot24-motallebighomi.pdf
]]> 6:06 shimano, bike, shifter, google, ads, scams, chrome, cloud, env, honeypot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9100 Wireshark 4.4rc1; Github Aritfact Token Leaks; Bitlocker Fix Issues; Solarwinds Hotfix; Ed Skoudis: The Code of Honor @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Wireshark 4.4rc1; Github Aritfact Token Leaks; Bitlocker Fix Issues; Solarwinds Hotfix; Ed Skoudis: The Code of Honor @sans_edu https://traffic.libsyn.com/securitypodcast/9100.mp3 https://isc.sans.edu/podcastdetail/9100 Fri, 16 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/Wireshark%204.4.0rc1%27s%20Custom%20Columns/31174
Github Repo Artifact Leak Tokens
https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/
BitLocker Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38058
Solarwindws Hotfix
https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
Ed Skoudis, Paul Maurer: The Code of Honor
https://cybercodeofhonor.com/
]]> 17:23 honor, code, ethids, skoudis, sans.edu, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9098 MSI Malware; Windows IPv6 Vuln; Critical Ivanti Patch; Adobe Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSI Malware; Windows IPv6 Vuln; Critical Ivanti Patch; Adobe Patches; https://traffic.libsyn.com/securitypodcast/9098.mp3 https://isc.sans.edu/podcastdetail/9098 Thu, 15 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/Multiple%20Malware%20Dropped%20Through%20MSI%20Package/31168
Microsoft IPv6 Vulnerablity CVE-2024-38063
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
https://x.com/XiaoWei___/status/1823532146679799993/photo/1
Critical Ivanti Virtual Traffic Manager Patch CVE-2024-7593
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593?language=en_US
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
]]> 6:41 ivanti, adobe, traffic manager, microsoft, ipv6, msi, malware, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9096 Microsoft Patches; Post Quantum Encryption; Zabbix Vulns; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Post Quantum Encryption; Zabbix Vulns; https://traffic.libsyn.com/securitypodcast/9096.mp3 https://isc.sans.edu/podcastdetail/9096 Wed, 14 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20August%202024%20Patch%20Tuesday/31164
NIST Finalizes Post Quantum Encryption Standards
https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
Zabbix Network Monitoring Updates
https://support.zabbix.com/browse/ZBX-25016
https://support.zabbix.com/browse/ZBX-25013
(and others)
]]> 6:11 zabbix, nist, microsoft, patches, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9094 Quick Share Vulns; Chrome/Edge Malicious Extensions; AMD Vuln Patched; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Quick Share Vulns; Chrome/Edge Malicious Extensions; AMD Vuln Patched; https://traffic.libsyn.com/securitypodcast/9094.mp3 https://isc.sans.edu/podcastdetail/9094 Tue, 13 Aug 2024 02:00:02 GMT https://www.safebreach.com/blog/rce-attack-chain-on-quick-share
Chrome, Edge users beset by malicious extensions that can t be easily removed
https://www.helpnetsecurity.com/2024/08/12/chrome-edge-malicious-browser-extensions/
AMD Guest Memory Vulnerabilities
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
]]> 5:31 amd, flaw, smm, chrome, edge, extension, quckshell, quick share, google, android, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9092 CORS/SameOrigin Video; E-Mail Parser Issues; Apache HTTP Confusion Attacks; Office Spoofing 0-Day; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CORS/SameOrigin Video; E-Mail Parser Issues; Apache HTTP Confusion Attacks; Office Spoofing 0-Day; https://traffic.libsyn.com/securitypodcast/9092.mp3 https://isc.sans.edu/podcastdetail/9092 Mon, 12 Aug 2024 02:00:01 GMT https://isc.sans.edu/forums/diary/Video%3A%20Same%20Origin%2C%20CORS%2C%20DNS%20Rebinding%20and%20Localhost/31158/
Splitting the email atom: exploiting parsers to bypass access controls
https://portswigger.net/research/splitting-the-email-atom#parser-discrepancies
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
https://blog.orange.tw/2024/08/confusion-attacks-en.html
GL-Inet Patches
https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-aug-1-2024/
Microsoft Office Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
]]> 5:51 microsoft, office, gl-inet, confusion, apache, http, email, parsing, cors, sameorgin, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9090 Disabling Phish Warning; SSHAMBLE; macOS Permission Prompts; .internal Domain Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Disabling Phish Warning; SSHAMBLE; macOS Permission Prompts; .internal Domain https://traffic.libsyn.com/securitypodcast/9090.mp3 https://isc.sans.edu/podcastdetail/9090 Fri, 09 Aug 2024 02:00:02 GMT https://certitude.consulting/blog/en/o365-anti-phishing-measures/
SSHamble Security Testing Tool
https://www.runzero.com/blog/sshamble-unexpected-exposures-in-the-secure-shell/
macOS Sequoia Weekly Permission Prompts
https://9to5mac.com/2024/08/06/macos-sequoia-screen-recording-privacy-prompt/
.internal domain
https://www.icann.org/en/public-comment/proceeding/proposed-top-level-domain-string-for-private-use-24-01-2024
]]> 6:17 internal, macos, sequoia, sshamble, microsoft, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9088 0.0.0.0 Requests; Apple Gatekeeper Changes; Windows Downgrade Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 0.0.0.0 Requests; Apple Gatekeeper Changes; Windows Downgrade https://traffic.libsyn.com/securitypodcast/9088.mp3 https://isc.sans.edu/podcastdetail/9088 Thu, 08 Aug 2024 10:50:05 GMT https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
Apple Hardens Gatekeeper
https://developer.apple.com/news/?id=saqachfa
Downgrade Attacks Using Windows Updates
https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/
]]> 6:20 windows, updates, apple, gatekeeper, APIs, 0.0.0.0, loopback, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9086 GeoServer Update; Crowdstrike RCA; Kibana Vuln; Android Patch Day; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GeoServer Update; Crowdstrike RCA; Kibana Vuln; Android Patch Day; https://traffic.libsyn.com/securitypodcast/9086.mp3 https://isc.sans.edu/podcastdetail/9086 Wed, 07 Aug 2024 02:00:01 GMT https://isc.sans.edu/diary/A%20Survey%20of%20Scans%20for%20GeoServer%20Vulnerabilities/31148
Crowdstrike Root Cause Analysis
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
Kibana Vulnerability
https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424
Android August 2024 Bulletin
https://source.android.com/docs/security/bulletin/2024-08-01
Ubiquity Amplication Attack Vulnerability Update
https://blog.checkpoint.com/research/over-20000-ubiquiti-cameras-and-routers-are-vulnerable-to-amplification-attacks-and-privacy-risks/
]]> 5:58 geoserver, crowdstrike, kibana, android, ubiquity, unifi, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9084 Function Confusion Obfuscation; Crowdstrike LPE Vuln; New OFBiz Vuln; Roundcube XSS Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Function Confusion Obfuscation; Crowdstrike LPE Vuln; New OFBiz Vuln; Roundcube XSS Vuln; https://traffic.libsyn.com/securitypodcast/9084.mp3 https://isc.sans.edu/podcastdetail/9084 Tue, 06 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/Script%20obfuscation%20using%20multiple%20instances%20of%20the%20same%20function/31144
Disclosure of key technical details of CrowdStrike's large-scale blue screen
https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ
New OFBiz Vulnerability
https://issues.apache.org/jira/browse/OFBIZ-13128
https://www.youtube.com/watch?v=J_IxCBjd4Pw
Roundcube XSS Vulnerabilities
https://securityonline.info/roundcube-webmail-releases-security-updates-to-patch-multiple-vulnerabilities/
]]> 6:21 roundcube, xss, ofbiz, crowdstrike, objuscation, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9082 Secure Boot CA; OOXML Verifier Hashes; ISP Compromises; DARPA TRACTOR; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Secure Boot CA; OOXML Verifier Hashes; ISP Compromises; DARPA TRACTOR; https://traffic.libsyn.com/securitypodcast/9082.mp3 https://isc.sans.edu/podcastdetail/9082 Mon, 05 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/Even+Linux+users+should+take+a+look+at+this+Microsoft+KB+article/31140
OOXML Spreadsheets Protected by Verifier Hashes
https://isc.sans.edu/diary/OOXML%20Spreadsheets%20Protected%20By%20Verifier%20Hashes/31072
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
DARPA TRACTOR Program for Translating C to Rust
https://www.darpa.mil/news-events/2024-07-31a
]]> 6:21 darpa, tractor, rust, c, stormbamboo, isp, evilgrade, updates, ooxml, xls, ole, verifier, hashes, secure boot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9080 ipv4.games; Fake Google Authenticator; Sitting Ducks Domains Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ipv4.games; Fake Google Authenticator; Sitting Ducks Domains https://traffic.libsyn.com/securitypodcast/9080.mp3 https://isc.sans.edu/podcastdetail/9080 Fri, 02 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/Tracking%20Proxy%20Scans%20with%20IPv4.Games/31136
Threat Actor Impersonates Google via Fake Ad For Authenticator
https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator
Who Knew? Domain Hijacking is so easy
https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
]]> 6:13 domain, hijacking, google, ads, authenticator, proxy, scans, ip4.games, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9078 OFBiz Scans; Digicert Revocations; MSFT Azure DDoS; Google Chrome App Bound Encryption Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OFBiz Scans; Digicert Revocations; MSFT Azure DDoS; Google Chrome App Bound Encryption https://traffic.libsyn.com/securitypodcast/9078.mp3 https://isc.sans.edu/podcastdetail/9078 Thu, 01 Aug 2024 02:00:02 GMT https://isc.sans.edu/diary/Increased%20Activity%20Against%20Apache%20OFBiz%20CVE-2024-32113/31132
Digicert Certificate Revocation Incident
https://www.digicert.com/support/certificate-revocation-incident
Microsoft Azure Outage
https://azure.status.microsoft/en-us/status/history/
Improving Security of Chrome Cookies
https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
]]> 6:33 cookies, chrome, google, microsoft, azure, outage, ddos, digicert, revocation, apache, ofbiz, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9076 Apple Updates; VMWare Vuln Exploited; Weak VoWiFi Encryption Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; VMWare Vuln Exploited; Weak VoWiFi Encryption https://traffic.libsyn.com/securitypodcast/9076.mp3 https://isc.sans.edu/podcastdetail/9076 Wed, 31 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20July%202024%20Edition/31128
VMWare ESXi Vulnerability Actively Exploited CVE-2024-37085
https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/
Weak VoWiFi Encryption CVE-2024-22064
https://idw-online.de/en/news837652
]]> 5:27 vowifi, zte, vmware, esxi, apple, ios, macos, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9074 CrowdStrike Maldoc; HotJar XSS; Proofpoint Echospoofing; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CrowdStrike Maldoc; HotJar XSS; Proofpoint Echospoofing; https://traffic.libsyn.com/securitypodcast/9074.mp3 https://isc.sans.edu/podcastdetail/9074 Tue, 30 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/CrowdStrike%20Outage%20Themed%20Maldoc/31116
HotJar XSS Puts OAuth at Risk
https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage---xss-is-dead-long-live-xss
Proofpoint Echospoofing
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
]]> 5:46 proofpoint, echospoofing, dkim, hotjar, xss, crowdstriek, maldoc, grammarly, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9072 ExelaStealer and more; BSOD Practice; PK Fail; @CrowdStrike Recovery; #pkfail #bsod Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ExelaStealer and more; BSOD Practice; PK Fail; @CrowdStrike Recovery; #pkfail #bsod https://traffic.libsyn.com/securitypodcast/9072.mp3 https://isc.sans.edu/podcastdetail/9072 Mon, 29 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/31118
Create Your Own BSOD: NotMyFault
https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120
PKFail Vulnerability
https://pk.fail/
CrowdStrike Recovery
https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/
]]> 6:03 crowdstrike, pkfail, bsod, notmyfaul, exelastealer, russia, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9070 XWorm Analysis; Private/Deleted GitHub Leak; Google Chrome Scanning Encrypted Files Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. XWorm Analysis; Private/Deleted GitHub Leak; Google Chrome Scanning Encrypted Files https://traffic.libsyn.com/securitypodcast/9070.mp3 https://isc.sans.edu/podcastdetail/9070 Fri, 26 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/XWorm%20Hidden%20With%20Process%20Hollowing/31112
Anyone Can Access Deleted and Private Repo Data on GitHub
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
Google Chrome Scanning Encrypted Files
https://arstechnica.com/security/2024/07/google-overhauls-chromes-safe-browsing-protection-to-scan-password-protected-files/
]]> 5:54 google, chrome, repo, github, leak, private, x-worm, xworm, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9068 Mouse Logger; Crowdstrike PIR; Fake Developers; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mouse Logger; Crowdstrike PIR; Fake Developers; https://traffic.libsyn.com/securitypodcast/9068.mp3 https://isc.sans.edu/podcastdetail/9068 Thu, 25 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/%22Mouse%20Logger%22%20Malicious%20Python%20Script/31106
Crowdstrike Preliminary Post Incident Review
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
How a North Korean Fake IT Worker Tried to Infiltrate Us
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
]]> 5:32 north korea, developer, fake, crowdstrike, mouse logger, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9066 D-Link NAS Exploit; Android Fake Video Exp; Windows Hello For Bussines Phishing; The end of OCSP; Google Cookie Update; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. D-Link NAS Exploit; Android Fake Video Exp; Windows Hello For Bussines Phishing; The end of OCSP; Google Cookie Update; https://traffic.libsyn.com/securitypodcast/9066.mp3 https://isc.sans.edu/podcastdetail/9066 Wed, 24 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/New%20Exploit%20Variation%20Against%20D-Link%20NAS%20Devices%20%28CVE-2024-3273%29/31102
APKs Masquerading as Videos on Telegram
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
Goodbye Attackers can Bypass Windows Hello Strong Authentication
https://www.darkreading.com/endpoint-security/goodbye-attackers-can-bypass-windows-hello-strong-authentication
Let's Encrypt Intends to End OCSP Service
https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html
Google Third-Party Cookies are hanging around
https://privacysandbox.com/intl/en_us/news/privacy-sandbox-update/
]]> 6:23 google, cookies, dlink, apk, video, telegram, windows, hello, ocsp, crl, let's encrypt, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9064 CrowdStrike Update; SANSFIRE Keynote Recording; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CrowdStrike Update; SANSFIRE Keynote Recording; https://traffic.libsyn.com/securitypodcast/9064.mp3 https://isc.sans.edu/podcastdetail/9064 Tue, 23 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/CrowdStrike%3A%20The%20Monday%20After/31098
https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/
Keynote Recording
https://www.sans.org/webcasts/sansfire-2024-keynote-25-years-of-the-internet-storm-center-time-traveling-through-sensor-data/]]> 5:14 sansfire, keynote, crowdstrike, linux, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9062 Crowdstrike Configuration File Update Crashes Windows Systems @crowdstrike Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Crowdstrike Configuration File Update Crashes Windows Systems @crowdstrike https://traffic.libsyn.com/securitypodcast/9062.mp3 https://isc.sans.edu/podcastdetail/9062 Mon, 22 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/Widespread%20Windows%20Crashes%20Due%20to%20Crowdstrike%20Updates/31094
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
]]> 8:38 crowdstrike, windows, crash, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9060 Oracle CPU; DANE for Exchange Online; VPN Port Shadowing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Oracle CPU; DANE for Exchange Online; VPN Port Shadowing https://traffic.libsyn.com/securitypodcast/9060.mp3 https://isc.sans.edu/podcastdetail/9060 Fri, 19 Jul 2024 02:05:06 GMT https://www.oracle.com/security-alerts/cpujul2024.html
Exchange Online Implementing Inbound SMTP DANE with DNSSEC
https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-inbound-smtp-dane-with-dnssec-for/ba-p/4155257
VPN Port Shadowing Vulnerability
https://petsymposium.org/popets/2024/popets-2024-0070.pdf
]]> 5:38 vpn, shadow, port, shadowing, exchange, smtp, dane, dnssec, oracle, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9058 AndroxGh0st; Cisco SSM Vuln; Cisco Email Gateway Vuln; MSFT Checkpoint Updates; GeoServer Patch; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AndroxGh0st; Cisco SSM Vuln; Cisco Email Gateway Vuln; MSFT Checkpoint Updates; GeoServer Patch; https://traffic.libsyn.com/securitypodcast/9058.mp3 https://isc.sans.edu/podcastdetail/9058 Thu, 18 Jul 2024 02:55:11 GMT https://isc.sans.edu/diary/Who%20You%20Gonna%20Call%3F%20AndroxGh0st%20Busters!%20%5BGuest%20Diary%5D/31086
Cisco Smart Software Manager Vulnerability CVE-2024-20419
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
Critical Security Flaw in Cisco Secure Email Gateway: CVE-2024-20401
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
Microsoft Introducing Checkpoint Updates
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552
GeoServer Patches
https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv
]]> 6:04 geoserver, msft, checkpoint, updates, cisco, email, ssm, smart software manager, androxghost, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9056 Reply Chain Phishing; TP-Link/Synology IP Camera Exploits; Adobe Commerce Exploit; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reply Chain Phishing; TP-Link/Synology IP Camera Exploits; Adobe Commerce Exploit; https://traffic.libsyn.com/securitypodcast/9056.mp3 https://isc.sans.edu/podcastdetail/9056 Wed, 17 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/%22Reply-chain%20phishing%22%20with%20a%20twist/31084
Claroty TP-Link and Synology IP Camera Exploits
https://claroty.com/team82/research/pivoting-from-wan-to-lan-synology-bc500-ip-camera
https://claroty.com/team82/research/pwn2own-wan-to-lan-exploit-showcase
Cosmic Sting Hits Adobe Commerce Stores
https://sansec.io/research/cosmicsting-hitting-major-stores
]]> 5:39 cosmic string, adobe, commerce, magento, claroty, tp-link, synology, replay chain, spam, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9054 OOXML Protected Spreadsheets; Leaked PyPi Secret; June MSFT Patch Issues; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OOXML Protected Spreadsheets; Leaked PyPi Secret; June MSFT Patch Issues; https://traffic.libsyn.com/securitypodcast/9054.mp3 https://isc.sans.edu/podcastdetail/9054 Tue, 16 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/Protected%20OOXML%20Spreadsheets/31070
Leaked PyPi Secret Token Revealed in Binary
https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/
Microsoft 365 Defender Affected by June Update
https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#network-data-reporting-from-microsoft-365-defender-may-be-interrupted
]]> 5:59 microsoft, patch, defender, june, pypi, token, github, ooxml, protected, password, hashcat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9052 XLS Hash Collisions; Nette Attacks; Squarespace Domain Hijack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. XLS Hash Collisions; Nette Attacks; Squarespace Domain Hijack https://traffic.libsyn.com/securitypodcast/9052.mp3 https://isc.sans.edu/podcastdetail/9052 Mon, 15 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/16-bit%20Hash%20Collisions%20in%20.xls%20Spreadsheets/31066
Attacks against the "Nette" PHP framework CVE-2020-15227
https://isc.sans.edu/forums/diary/Attacks+against+the+Nette+PHP+framework+CVE202015227/31076/
Squarespace Hijacked Domains
https://github.com/security-alliance/advisories/blob/main/2024-07-squarespace.pdf
]]> 6:30 squarespace, google, domains, nette, php, xls, spreadsheets, collisions, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9050 Honeypot Fingerprinting; Veeam Exploited; Juniper Patches; VMWAre Aria SQLi; SMS Leak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Honeypot Fingerprinting; Veeam Exploited; Juniper Patches; VMWAre Aria SQLi; SMS Leak https://traffic.libsyn.com/securitypodcast/9050.mp3 https://isc.sans.edu/podcastdetail/9050 Fri, 12 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/Understanding%20SSH%20Honeypot%20Logs%3A%20Attackers%20Fingerprinting%20Honeypots/31064
Patch or Peril: A Veeam Vulnerability Incident
https://www.group-ib.com/blog/estate-ransomware/
Juniper Patches
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&f:ctype=[Security%20Advisories]
VMWare Aria Automation SQL Injection Vuln;
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24598
Leaked SMS Messages
https://www.ccc.de/de/updates/2024/2fa-sms
]]> 7:30 ccc, sms, vmware, aria, juniper, veeam, ssh, honeypot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9048 DBSCAN and Honeypot Data; Another SSH Vuln; URL File Exploit; Sharepoint PoC; Citrix and OpenVPN updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DBSCAN and Honeypot Data; Another SSH Vuln; URL File Exploit; Sharepoint PoC; Citrix and OpenVPN updates https://traffic.libsyn.com/securitypodcast/9048.mp3 https://isc.sans.edu/podcastdetail/9048 Thu, 11 Jul 2024 02:00:01 GMT https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%201/31050
Second RegreSSHion Like OpenSSH Vulnerability
https://lwn.net/ml/all/20240708162106.GA4920@openwall.com/
Resurrecting Internet Explorer: Threat Actors Using Zero-Day Tricks in Internet Shortcut File CVE-2024-38112
https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/
SharePoint Proof of Concept Exploit CVE-2024-38094 CVE-2024-38024 CVE-2024-38023
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC/blob/main/poc_filtered.py
Citrix Netscaler, Agent and SDX Security Bulletin CVE-2024-6235 CVE-2024-6236
https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-sdx-security-bulletin-for-cve20246235-and-cve20246236
OpenVPN Updates
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
]]> 5:33 openvpn, citrix, netscaler, sharepoint, internet explorer, mshtml, microsoft, url, regression, openssh, honeypot, dbscan, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9046 Microsoft Patches; Adobe Patches; RADIUS Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Adobe Patches; RADIUS Vuln; https://traffic.libsyn.com/securitypodcast/9046.mp3 https://isc.sans.edu/podcastdetail/9046 Wed, 10 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20July%202024/31058
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
RADIUS protocol susceptible to forgery attacks
https://kb.cert.org/vuls/id/456537
https://www.inkbridgenetworks.com/blastradius/faq
]]> 6:25 radius, blastradius, adobe, microsoft, patches, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9044 Kunai #kunai_project; DoNex Decryptor; Shelltorch Explained; Exim Vuln; Toshiba/Sharp Printer Vulns; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Kunai #kunai_project; DoNex Decryptor; Shelltorch Explained; Exim Vuln; Toshiba/Sharp Printer Vulns; https://traffic.libsyn.com/securitypodcast/9044.mp3 https://isc.sans.edu/podcastdetail/9044 Tue, 09 Jul 2024 02:00:02 GMT https://isc.sans.edu/diary/Kunai%3A%20Keep%20an%20Eye%20on%20your%20Linux%20Hosts%20Activity/31054
Decryptor for DoNex Ransomware
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/
Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve)
https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server
Exim Bypass Attachment Inspection
https://bugs.exim.org/show_bug.cgi?id=3099#c4
Toshiba/Sharp Printer vulnerabilities
https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html
https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
]]> 5:33 toshiba, sharp, exim, shelltorch, pytorch, donex, avast, kunai, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9042 OpenSSH Vulnerablity; HE.Net Downtime; Cloudflare DNS Outage; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OpenSSH Vulnerablity; HE.Net Downtime; Cloudflare DNS Outage; https://traffic.libsyn.com/securitypodcast/9042.mp3 https://isc.sans.edu/podcastdetail/9042 Mon, 08 Jul 2024 02:00:02 GMT https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
https://isc.sans.edu/diary/SSH%20%22regreSSHion%22%20Remote%20Code%20Execution%20Vulnerability%20in%20OpenSSH./31046
Overlooked Domain Name Resliency Issues: Registrar Communications
https://isc.sans.edu/diary/Overlooked%20Domain%20Name%20Resiliency%20Issues%3A%20Registrar%20Communications/31048
Cloudflare 1.1.1.1 incident on Juine 27th 2024
https://blog.cloudflare.com/cloudflare-1111-incident-on-june-27-2024
]]> 9:26 cloudflare, dos, bgp, dns, registrar, hurricane electric, openssh, regresshion, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9040 Honeypot Lesons; TeamViewer Compromise; Fortra File Catalyst Vuln/PoC; GitLab Update; Vanna.AI RCE; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Honeypot Lesons; TeamViewer Compromise; Fortra File Catalyst Vuln/PoC; GitLab Update; Vanna.AI RCE; https://traffic.libsyn.com/securitypodcast/9040.mp3 https://isc.sans.edu/podcastdetail/9040 Fri, 28 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038
TeamViewer Compromise
https://www.teamviewer.com/en-us/resources/trust-center/statement/
Fortra File Catalyst Vulnerability and PoC
https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0
https://www.tenable.com/security/research/tra-2024-25
GitLab Critical Update
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/
]]> 7:29 vanna.ai, prompt injection, sql injection, remote code execution, sqli, rce, gitlab, fortra, teamviewer, honeypot, sans.edu, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9038 New MOVEit Vulnerability; Polyfill Supply Chain Attack; Apple AirPods Patch; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New MOVEit Vulnerability; Polyfill Supply Chain Attack; Apple AirPods Patch; https://traffic.libsyn.com/securitypodcast/9038.mp3 https://isc.sans.edu/podcastdetail/9038 Thu, 27 Jun 2024 02:00:02 GMT https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806
Polyfill.io Supply Chain Attack
https://cside.dev/blog/more-than-100k-websites-targeted-in-web-supply-chain-attack
Apple AirPods Firmware Update
https://support.apple.com/en-us/HT214111
]]> 6:22 airpods, polyfill, moveit, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9036 TCP Latency Sidechannel; MMC Initial Access; Wyze Camera Vulns; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TCP Latency Sidechannel; MMC Initial Access; Wyze Camera Vulns; https://traffic.libsyn.com/securitypodcast/9036.mp3 https://isc.sans.edu/podcastdetail/9036 Wed, 26 Jun 2024 02:00:02 GMT https://www.snailload.com/snailload.pdf
Microsoft Management Console for Intial Access and Evasion
https://www.elastic.co/security-labs/grimresource
Wyze Camera Vulnerabilities
https://forums.wyze.com/t/security-advisory/289256
]]> 6:23 wyze, camera, mmc, snailload, tcp, latency, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9034 Configuration Scans Expand; SQL Server Emergency Fix; Juniper Security Analytics; XNU Buffer Overflow PoC @0xjprx Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Configuration Scans Expand; SQL Server Emergency Fix; Juniper Security Analytics; XNU Buffer Overflow PoC @0xjprx https://traffic.libsyn.com/securitypodcast/9034.mp3 https://isc.sans.edu/podcastdetail/9034 Tue, 25 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/Configuration%20Scanners%20Adding%20Java%20Specific%20Configuration%20Files/31032
SQL Server Emergency Fix
https://support.microsoft.com/en-us/topic/june-20-2024-kb5041054-os-build-20348-2529-out-of-band-b746ffbd-934e-42ac-9c66-ed0636edf7f1
Juniper Security Analytics Update
https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03?language=en_US
MacOS/iOS XNU Buffer Overflow Exploit CVE-2024-27815
https://jprx.io/cve-2024-27815/
]]> 5:25 macos, ios, buffer overflow, juniper, sql server, microsoft, java, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9032 Process Monitor Update; Kaspersky Sanctions; Phoenix UEFI Vuln; Ghostscript Vuln; js2py unpatched vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Process Monitor Update; Kaspersky Sanctions; Phoenix UEFI Vuln; Ghostscript Vuln; js2py unpatched vuln; https://traffic.libsyn.com/securitypodcast/9032.mp3 https://isc.sans.edu/podcastdetail/9032 Mon, 24 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/Sysinternals%27%20Process%20Monitor%20Version%204%20Released/31026
Kaspersky Sanctions
https://home.treasury.gov/news/press-releases/jy2420
Phoenix UEFI Buffer Overflow Affects Wide Range of Systems
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
Ghostscript Update
https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
js2py vulnerability
https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape
]]> 7:06 js2py, ghostscript, pdf, postscript, ps, phoenix, uefi, kaspersky, sysinternals, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9030 Ubuntu Login Security; BOM Mime Files; Confluence Patches; Validating E-Mail Addresses; VMware Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ubuntu Login Security; BOM Mime Files; Confluence Patches; Validating E-Mail Addresses; VMware Patches; https://traffic.libsyn.com/securitypodcast/9030.mp3 https://isc.sans.edu/podcastdetail/9030 Fri, 21 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024
Handling BOM MIME Files
https://isc.sans.edu/diary/Handling+BOM+MIME+Files/31022
Atlasiun Confluence Data Center and Server Vuln
https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html
Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes
https://modzero.com/en/blog/beyond_the_at_symbol/
VMWare Patches
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
]]> 5:09 ubuntu, authentcation, mfa, vmware, email, validating, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9028 NetSupport Campaign; D-Link Backdoor; iTerm2 Vuln; NextCloud Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NetSupport Campaign; D-Link Backdoor; iTerm2 Vuln; NextCloud Vuln; https://traffic.libsyn.com/securitypodcast/9028.mp3 https://isc.sans.edu/podcastdetail/9028 Tue, 18 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/New%20NetSupport%20Campaign%20Delivered%20Through%20MSIX%20Packages/31018
D-Link Router Backdoor
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398
iTerm2 Vulnerablity
https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html
NextCloud Vulnerability
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c
]]> 4:47 nextcloud, iterm2, d-link, dlink, netsupport, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9026 Didier's Tools JSON use; Python Serialization Lab @markbaggett; Detecting Headless Chrome @xopek59; ExtensionTotal; ASUS Router Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Didier's Tools JSON use; Python Serialization Lab @markbaggett; Detecting Headless Chrome @xopek59; ExtensionTotal; ASUS Router Update https://traffic.libsyn.com/securitypodcast/9026.mp3 https://isc.sans.edu/podcastdetail/9026 Mon, 17 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/Overview%20of%20My%20Tools%20That%20Handle%20JSON%20Data/31012
Python Serialization and "Sleepy Pickle"
https://x.com/MarkBaggett/status/1801732554740969561
Detecting Headless Chrome
https://deviceandbrowserinfo.com/learning_zone/articles/detecting-headless-chrome-puppeteer-2024
Detecting Malicious VS Code Extensions
https://medium.com/@amitassaraf/4-6-introducing-extensiontotal-how-to-assess-risk-in-vs-code-extensions-3ac5bfd83fb1
ASUS Router Critical Vulnerability
https://www.asus.com/content/asus-product-security-advisory/
]]> 5:26 ASUS, vscode, headless, chrome, python, sleepy pickle, json, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9024 JQ Intro; Outlook Vuln Details; Outlook MFA Required; Pickle File Attacks; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. JQ Intro; Outlook Vuln Details; Outlook MFA Required; Pickle File Attacks; https://traffic.libsyn.com/securitypodcast/9024.mp3 https://isc.sans.edu/podcastdetail/9024 Fri, 14 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/The%20Art%20of%20JQ%20and%20Command-line%20Fu%20%5BGuest%20Diary%5D/31006
Microsoft Outlook Vulnerablity Details
https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability
Keeping our Outlook Personal Email Users Safe
https://techcommunity.microsoft.com/t5/outlook-blog/keeping-our-outlook-personal-email-users-safe-reinforcing-our/ba-p/4164184
Exploiting ML models with pickle file attacks
https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/
]]> 5:34 ml, pickle, outlook, email, mfa, jq, json, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9022 MSMQ Packets; Adobe Updates; Black Basta used 0-day; Pixel Phone 0-day Patched Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSMQ Packets; Adobe Updates; Black Basta used 0-day; Pixel Phone 0-day Patched https://traffic.libsyn.com/securitypodcast/9022.mp3 https://isc.sans.edu/podcastdetail/9022 Thu, 13 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/Port%201801%20Traffic%3A%20Microsoft%20Message%20Queue/31004
Adobe Updates
https://helpx.adobe.com/security/products/magento/apsb24-40.html
Black Basta Exploited CVE-2024-26169 Prior to Patch
https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day
Pixel Phone 0-Day Patched
https://source.android.com/docs/security/bulletin/pixel/2024-06-01

]]> 5:20 pixel, phone, black basta, adobe, msmq, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9020 Microsoft Patch Tuesday; JetBrains InteliJ GitHub Vuln; More Veeam Vulns; Precor Threadmill Vulns; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; JetBrains InteliJ GitHub Vuln; More Veeam Vulns; Precor Threadmill Vulns; https://traffic.libsyn.com/securitypodcast/9020.mp3 https://isc.sans.edu/podcastdetail/9020 Wed, 12 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202024/31000
JetBrains IntelliJ Based IDE GitHub Plugin Vulnerability
https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/
Veeam Recovery Orchestrator (VRO) vulnerability CVE-2024-29855
https://www.veeam.com/kb4585
Precor Threadmill Vulnerablity
https://securityintelligence.com/x-force/internet-connected-treadmill-vulnerabilities-discovered/
]]> 5:39 precore, threadmill, veeam, jetbrains, inellij, ide, github, microsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9018 #Veeam Exploit CVE-2024-29849 @sinsinology; #SORBS Shutdown @ssharwood; Malicious #Comfui Modules; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #Veeam Exploit CVE-2024-29849 @sinsinology; #SORBS Shutdown @ssharwood; Malicious #Comfui Modules; https://traffic.libsyn.com/securitypodcast/9018.mp3 https://isc.sans.edu/podcastdetail/9018 Tue, 11 Jun 2024 02:00:02 GMT https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
SORBS Shutdown
https://www.theregister.com/2024/06/07/sorbs_closed/
Rogue Cell Tower Shut Down in London
https://www.cityoflondon.police.uk/news/city-of-london/news/2024/june/two-people-arrested-in-connection-with-investigation-into-homemade-mobile-antenna-used-to-send-thousands-of-smishing-text-messages-to-the-public/
Malicious Comfyui Modules
https://www.youtube.com/watch?v=ntwGHjBCbeQ
]]> 6:03 comfyui, cell tower, sorbs, veeam, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9016 PHP Vulnerablity Exploited; PyTorch RPC Vulnerability; Malicious VSCode Extensions Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PHP Vulnerablity Exploited; PyTorch RPC Vulnerability; Malicious VSCode Extensions https://traffic.libsyn.com/securitypodcast/9016.mp3 https://isc.sans.edu/podcastdetail/9016 Mon, 10 Jun 2024 02:00:02 GMT https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
PyTorch Distributed RPC Framework Remote Code Execution
https://huntr.com/bounties/39811836-c5b3-4999-831e-46fee8fcade3
https://www.cve.org/CVERecord?id=CVE-2024-5480
Malicious VSCode Extensions Used by Researchers
https://www.bleepingcomputer.com/news/security/malicious-visual-studio-code-extensions-with-millions-of-installs-discovered/]]> 8:10 vscode, extensions, pytorch, rpc, rce, php, unicode, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9014 "Best Before" Malware; FBI Offers Lockbit Help; UK Asks for EoL data; FCC proposes RPKI rules for BPG Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. "Best Before" Malware; FBI Offers Lockbit Help; UK Asks for EoL data; FCC proposes RPKI rules for BPG https://traffic.libsyn.com/securitypodcast/9014.mp3 https://isc.sans.edu/podcastdetail/9014 Fri, 07 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20%22Best%20Before%22%20Date/30988
FBI Obtained 7,000 LockBit Ransomware Keys
https://www.fbi.gov/news/speeches/fbi-cyber-assistant-director-bryan-vorndran-s-remarks-at-the-2024-boston-conference-on-cyber-security
Apple Guarantees 5 Years of Security Updates
https://www.androidauthority.com/iphone-software-support-commitment-3449135/
FCC Proposes New Rule for Security Routing
https://www.fcc.gov/document/fcc-proposes-internet-routing-security-reporting-requirements
]]> 6:11 fbi, lockbit, uk, apple, samsung, fcc, bgp, rpki, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9012 WatchGuard VPN Bruteforcing; TotalRecall; WebEx Flaw; #webex @cisco #recall Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WatchGuard VPN Bruteforcing; TotalRecall; WebEx Flaw; #webex @cisco #recall https://traffic.libsyn.com/securitypodcast/9012.mp3 https://isc.sans.edu/podcastdetail/9012 Thu, 06 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/Brute%20Force%20Attacks%20Against%20Watchguard%20VPN%20Endpoints/30984
TotalRecall Tool To Extract Data from Microsoft Recall
https://github.com/xaitax/TotalRecall
WebEx Flaw
https://www.helpnetsecurity.com/2024/06/05/cisco-webex-cloud-vulnerability/
https://netzbegruenung.de/blog/netzbegruenung-findet-schwachstellen-auch-im-cisco-webex-clouddienst-behoerden-und-unternehmen-in-ganz-europa-betroffen/ (in german)
]]> 6:28 webex, totalrecall, recall, watchguard, vpn, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9010 No Defender Detection; Fake Job Ads; Zyxel NAS Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. No Defender Detection; Fake Job Ads; Zyxel NAS Patches https://traffic.libsyn.com/securitypodcast/9010.mp3 https://isc.sans.edu/podcastdetail/9010 Wed, 05 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/No-Defender%2C%20Yes-Defender/30980
Fake Job Ads Lead to Stolen Crypto Currency
https://www.ic3.gov/Media/Y2024/PSA240604
Zyxel NAS Vulnerabilities
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
]]> 5:34 zyxel, nas, fake job ads, defender, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9008 Custom Wireshark LUA Dissectors; COX Cable Modem API; Malicious Stack Overflow Answers; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Custom Wireshark LUA Dissectors; COX Cable Modem API; Malicious Stack Overflow Answers; https://traffic.libsyn.com/securitypodcast/9008.mp3 https://isc.sans.edu/podcastdetail/9008 Tue, 04 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/A%20Wireshark%20Lua%20Dissector%20for%20Fixed%20Field%20Length%20Protocols/30976
COX Cable Modem Admin API Weakness
https://samcurry.net/hacking-millions-of-modems
Malicous Stack Overflow Answers
https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/
Atlasian Confluence Data Center and SErver Remote Code Execution Vuln CVE-2024-21683
https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/
]]> 5:33 atlasian, confluence, stack overflow, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9006 K1W1 Infostealer; Linux Malware Scanner; Snowflake Incident; HuggingFace Space secrets leak; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. K1W1 Infostealer; Linux Malware Scanner; Snowflake Incident; HuggingFace Space secrets leak; https://traffic.libsyn.com/securitypodcast/9006.mp3 https://isc.sans.edu/podcastdetail/9006 Mon, 03 Jun 2024 02:00:02 GMT https://isc.sans.edu/diary/%22K1w1%22%20InfoStealer%20Uses%20gofile.io%20for%20Exfiltration/30972
Kaspersky Linux Malware Scanner
https://www.kaspersky.com/blog/kvrt-for-linux/51375/
Snowflake Incident
https://www.helpnetsecurity.com/2024/06/01/snowflake-breach-data-theft/
HuggingFace Space Secrets Leak
https://huggingface.co/blog/space-secrets-disclosure
]]> 5:38 huggingface, ai, snowflake, credential stuffing, kaspersky, malware, scanner, k1w1, python, infostealer, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9004 OSSEC and MISP; Checkpoint VPN PoC Exploit; Massive October Windstream Outage; Cypher Injection; @sans_edu @watchtowrcyber @lumentechco Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OSSEC and MISP; Checkpoint VPN PoC Exploit; Massive October Windstream Outage; Cypher Injection; @sans_edu @watchtowrcyber @lumentechco https://traffic.libsyn.com/securitypodcast/9004.mp3 https://isc.sans.edu/podcastdetail/9004 Fri, 31 May 2024 02:00:02 GMT https://isc.sans.edu/diary/Feeding%20MISP%20with%20OSSEC/30968
Checkpoint VPN
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
The Pumpkin Eclipse
https://blog.lumen.com/the-pumpkin-eclipse/
Michael Dunking: Detecting Cypher Injection with Open-Source Network Intrusion Detection
https://www.sans.edu/cyber-research/detecting-cypher-injection-with-open-source-network-intrusion-detection/
]]> 15:24 cypher, pumpkin, checkpoint, vpn, misp, ossec, path traversal, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9002 DShield SIEM; Checkpoint 0-Day; Okta Credential Stuffing; Bitcoin Wallet Bruteforce; @okta @joegrand Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DShield SIEM; Checkpoint 0-Day; Okta Credential Stuffing; Bitcoin Wallet Bruteforce; @okta @joegrand https://traffic.libsyn.com/securitypodcast/9002.mp3 https://isc.sans.edu/podcastdetail/9002 Thu, 30 May 2024 02:00:02 GMT https://isc.sans.edu/diary/Is%20that%20It%3F%20%20Finding%20the%20Unknown%3A%20Correlations%20Between%20Honeypot%20Logs%20%26%20PCAPs%20%5BGuest%20Diary%5D/30962
Checkpoint 0-Day
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture
Okta warns of Credential Stuffing Against Customer Identity Cloud
https://sec.okta.com/articles/2024/05/detecting-cross-origin-authentication-credential-stuffing-attacks
Brute Forcing Old Bitcoin Wallet Password
https://www.youtube.com/watch?v=o5IySpAkThg
]]> 5:33 bitcoin, okta, checkpoint, siem, dshield, pcap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 9000 SQL Injection and Python; FortiSIEM RCE PoC; Bitlocker Ransomware; iconv (glibc) and MacOS PoC; @Horizon3ai @WangTielei Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SQL Injection and Python; FortiSIEM RCE PoC; Bitlocker Ransomware; iconv (glibc) and MacOS PoC; @Horizon3ai @WangTielei https://traffic.libsyn.com/securitypodcast/9000.mp3 https://isc.sans.edu/podcastdetail/9000 Wed, 29 May 2024 02:00:02 GMT https://www.youtube.com/watch?v=1cQy9N1Xndk
PoC Exploit for CVE-2024-23108 in Fortinet FortiSIEM
https://www.horizon3.ai/attack-research/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/
ShrinkLocker: Turning BitLocker into ransomware
https://securelist.com/ransomware-abuses-bitlocker/112643/
iconv buffer overflow PoC 2024-2961
https://github.com/ambionics/cnext-exploits/
PoC for Apple Priv. Escalation bug CVE-2024-27842
https://github.com/wangtielei/POCs/tree/main/CVE-2024-27842
https://x.com/WangTielei
]]> 4:44 poc, apple, macos, iconv, php, shinklocker, ransomware, bitlocker, fortinet, fortisiem, sql injection, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8998 TXZ Malspam; 4th Google 0-Day; Google no trust in Globaltrust; Checkpoint Password Bruteforcing; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TXZ Malspam; 4th Google 0-Day; Google no trust in Globaltrust; Checkpoint Password Bruteforcing; https://traffic.libsyn.com/securitypodcast/8998.mp3 https://isc.sans.edu/podcastdetail/8998 Tue, 28 May 2024 02:00:02 GMT https://isc.sans.edu/diary/Files%20with%20TXZ%20extension%20used%20as%20malspam%20attachments/30958
Google 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html
Google Stops Trusting Globaltrust CA
https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ
Checkpoint warns of password bruteforcing
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture?campaign=checkpoint&eid=guvrs&advisory=1
SEC522: Defending Web Applications
isc.sans.edu/j/sec522
]]> 6:05 dc, washington, TXZ, malspam, chrome, 0-day, globaltrust, ccadb, checkpoint, vpm, mfa, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8996 Redtail Miner; Veeam, Ivanti and Firepower Vulns; Justice AV Backdoor; C-Root Server Lack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Redtail Miner; Veeam, Ivanti and Firepower Vulns; Justice AV Backdoor; C-Root Server Lack https://traffic.libsyn.com/securitypodcast/8996.mp3 https://isc.sans.edu/podcastdetail/8996 Fri, 24 May 2024 02:35:05 GMT https://isc.sans.edu/diary/Analysis%20of%20%3Fredtail%3F%20File%20Uploads%20to%20ICS%20Honeypot%2C%20a%20Multi-Architecture%20Coin%20Miner%20%5BGuest%20Diary%5D/30950
Veeam Vulnerablity
https://www.veeam.com/kb4581
C-Root Server Lost Touch With Peers
https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/
Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_US
Justice AV Solutions Software Backdoor
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
]]> 7:15 justice, av, ivanti, firepower, cisco, c-root, cogent, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8994 Scripting ipinfo in nmap; Wifi BSSID Location Databases: risks and opting out Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Scripting ipinfo in nmap; Wifi BSSID Location Databases: risks and opting out https://traffic.libsyn.com/securitypodcast/8994.mp3 https://isc.sans.edu/podcastdetail/8994 Thu, 23 May 2024 02:00:02 GMT https://isc.sans.edu/diary/NMAP%20Scanning%20without%20Scanning%20%28Part%202%29%20-%20The%20ipinfo%20API/30948
Why Your WiFi Router Doubles As An Apple Airtag
https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551
https://account.microsoft.com/privacy/location-services-opt-out
https://answers.microsoft.com/en-us/windows/forum/all/wifi-sense-my-ssid-includes-optout-why-do-windows/1453142a-755a-476f-aa48-56d05b89e33c
https://www.computerworld.com/article/1484722/here-s-how-to-opt-out-of-google-s-wi-fi-snooping.html
https://www.privacy.org.nz/publications/commissioner-inquiries/google-s-collection-of-wifi-information-during-street-view-filming/
]]> 9:15 wps, wifi, location, gps, nmap, ipinfo, api, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8992 Shodan via nmap; iTerm2 Vulns; GitHub Enterprise Vuln; BitBucket Secret Leaks; MSFT Recall Privacy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Shodan via nmap; iTerm2 Vulns; GitHub Enterprise Vuln; BitBucket Secret Leaks; MSFT Recall Privacy https://traffic.libsyn.com/securitypodcast/8992.mp3 https://isc.sans.edu/podcastdetail/8992 Wed, 22 May 2024 02:00:02 GMT https://isc.sans.edu/diary/Scanning%20without%20Scanning%20with%20NMAP%20%28APIs%20FTW%29/30944
iTerm2 Vulnerablities
https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html
GitHub Enterprise Vulnerablity CVE-2024-4985
https://nvd.nist.gov/vuln/detail/CVE-2024-4985
BitBucket Pipelines Leaking Secrets
https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pipeline-leaking-secrets
Microsoft Recall Privacy
https://www.microsoft.com/en-us/windows/copilot-plus-pcs?r=1#faq1
]]> 6:39 microsoft, recall, bitbucket, pipelines, github, iterm2, nmap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8990 Analyzing MSG Files; Fluent Bit Vuln; Fortinet Vuln Details; Git and Google Chrome PoCs; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing MSG Files; Fluent Bit Vuln; Fortinet Vuln Details; Git and Google Chrome PoCs; https://traffic.libsyn.com/securitypodcast/8990.mp3 https://isc.sans.edu/podcastdetail/8990 Tue, 21 May 2024 02:00:01 GMT https://isc.sans.edu/diary/Analyzing%20MSG%20Files/30940
Linguistic Lumberjack: Fluent Bit Vulnerability CVE-2024-4323
https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323
Fortinet FortiSIEM Command Injection Deep-Dive CVE-2023-23992
https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/
Git Vulnerability CVE-2024-32002 PoC
https://amalmurali.me/posts/git-rce/
Google Chrome CVE-2024-4947 PoC
https://buptsb.github.io/blog/post/CVE-2024-4947-%20v8%20incorrect%20AccessInfo%20for%20module%20namespace%20object%20causes%20Maglev%20type%20confusion.html
]]> 5:48 msg, fluent bit, fortinet, fortisiem, git, google, chrome, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8988 Extrace JPEGs from PDFs; QNAP 0-Day PoC; Exploited D-Link Vulnerabilities; Ivanti PoC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Extrace JPEGs from PDFs; QNAP 0-Day PoC; Exploited D-Link Vulnerabilities; Ivanti PoC https://traffic.libsyn.com/securitypodcast/8988.mp3 https://isc.sans.edu/podcastdetail/8988 Mon, 20 May 2024 02:00:02 GMT https://isc.sans.edu/diary/Another%20PDF%20Streams%20Example%3A%20Extracting%20JPEGs/30924
QNAP QTS QNAPping At the Wheel
https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/
May 2024 Security Update Problems with Windows 2019
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#3299msgdesc
Dlink Vulnerabilities Exploited
https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog
Ivanti PoC Exploit CVE 2024-22026
https://www.redlinecybersecurity.com/blog/exploiting-cve-2024-22026-rooting-ivanti-epmm-mobileiron-core
]]> 6:22 ivanti, poc, dlink, patch, windows, microsoft, 2019, qnap, qts, ping, share, pdf, jpeg, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8986 yq parser; Quick Assist Misuse; Chrome 0-Days; Android Theft Protection; Git Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. yq parser; Quick Assist Misuse; Chrome 0-Days; Android Theft Protection; Git Update https://traffic.libsyn.com/securitypodcast/8986.mp3 https://isc.sans.edu/podcastdetail/8986 Fri, 17 May 2024 02:00:02 GMT https://isc.sans.edu/diary/Why%20yq%3F%20%20Adventures%20in%20XML/30930
Black Basta Uses Quick Assist
https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/
Various Chrome 0-Day Vulnerabilities
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
Android Theft Protection Improvement
https://blog.google/products/android/android-theft-protection/
Critical Git Update
https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/
]]> 5:21 git, android, chrome, quick assist, black basta, yq, xml, json, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8984 VPNs need MFA; SSID Confusion; FIDO2 Session Hijacking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VPNs need MFA; SSID Confusion; FIDO2 Session Hijacking https://traffic.libsyn.com/securitypodcast/8984.mp3 https://isc.sans.edu/podcastdetail/8984 Thu, 16 May 2024 02:00:02 GMT https://isc.sans.edu/diary/Got%20MFA%3F%20%20If%20not%2C%20Now%20is%20the%20Time!/30926
SSID Confusion: Making Wi-Fi Clients Connect to the Wrong Network CVE-2023-52424
https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf
FIDO2 MitM Session Hijacking
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/?web_view=true#but-first-some-background
]]> 5:31 fido2, mitm, ssid, wifi, mfa, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8982 Microsoft Patches; Bluetooth Trackers; VMWare Updates; Revoking Windows UEFI Certs; Adobe Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Bluetooth Trackers; VMWare Updates; Revoking Windows UEFI Certs; Adobe Patches https://traffic.libsyn.com/securitypodcast/8982.mp3 https://isc.sans.edu/podcastdetail/8982 Wed, 15 May 2024 02:35:05 GMT https://isc.sans.edu/diary/Microsoft%20May%202024%20Patch%20Tuesday/30920
Detecting Bluetooth Trackers
https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
VMWare Updates
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280
Revoking Vulnerability Windows Boot Managers
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/revoking-vulnerable-windows-boot-managers/ba-p/4121735
]]> 7:33 boot managers, windows, patches, bluetooth, trackers, vmware, adobe, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8980 Apple Updates; JunOS OpenSSH Issues; Malicious Go in PyPi; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; JunOS OpenSSH Issues; Malicious Go in PyPi; https://traffic.libsyn.com/securitypodcast/8980.mp3 https://isc.sans.edu/podcastdetail/8980 Tue, 14 May 2024 02:35:05 GMT https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916
Juniper OpenSSH Update
https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US
Malicious Go Binary Delivered via Steganography in PyPi
https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/
]]> 6:16 go, pypi, openssh, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8978 Windows DNS Suffixes; Black Basta Ransomware; Arcserve UDP Exploits; Chrome 0-day; SolarWinds ARM Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows DNS Suffixes; Black Basta Ransomware; Arcserve UDP Exploits; Chrome 0-day; SolarWinds ARM Vuln; https://traffic.libsyn.com/securitypodcast/8978.mp3 https://isc.sans.edu/podcastdetail/8978 Mon, 13 May 2024 03:00:05 GMT https://isc.sans.edu/diary/DNS%20Suffixes%20on%20Windows/30912
Black Basta Ransomware Advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
Possible Exploitation of Arcserve Unified Data Protection Vuln
https://digital.nhs.uk/cyber-alerts/2024/cc-4487
Chrome Patches 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
Solarwinds ARM Vulnerablities
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm
]]> 5:35 dns, suffix, windows, black basta, ransomware, arcserve, chrome, 0-day, solarwinds, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8976 PDF Streams; F5 Central Manager Vuln; Veeam Patches; XenCenter Putty Update; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PDF Streams; F5 Central Manager Vuln; Veeam Patches; XenCenter Putty Update; https://traffic.libsyn.com/securitypodcast/8976.mp3 https://isc.sans.edu/podcastdetail/8976 Fri, 10 May 2024 03:05:05 GMT https://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908
F5 Next Central Manager Vulnerabilities
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
Veeam Patches
https://www.veeam.com/kb4441
https://www.veeam.com/kb4509
Citrix Hypervisor Security Update CVE-2024-31497
https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-for-cve202431497
]]> 5:53 citrix, hypervisor, veeam, f5, pdf, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8974 Analyzing Synology Disks; RSA Panel; SANS.edu Research Journal Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing Synology Disks; RSA Panel; SANS.edu Research Journal https://traffic.libsyn.com/securitypodcast/8974.mp3 https://isc.sans.edu/podcastdetail/8974 Thu, 09 May 2024 04:45:05 GMT https://isc.sans.edu/diary/Analyzing%20Synology%20Disks%20on%20Linux/30904
RSA Panel
https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques%20You%20Need%20to%20Know%20About
SANS.edu Research Journal
https://www.sans.edu/cyber-security-research
]]> 6:09 sans.edu, research, journal, rsa, panel, synology, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8972 ISP DNS Spoofing; Weblogic PoC; PDF.js / React PDF Vuln; Tinyproxy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ISP DNS Spoofing; Weblogic PoC; PDF.js / React PDF Vuln; Tinyproxy https://traffic.libsyn.com/securitypodcast/8972.mp3 https://isc.sans.edu/podcastdetail/8972 Wed, 08 May 2024 04:50:05 GMT https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898
Weblogic PoC CVE-2024-21006
https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/
https://github.com/momika233/CVE-2024-21006
PDF.js React PDF Vulnerablity
https://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/
Tinyproxy Response
https://github.com/tinyproxy/tinyproxy/issues/533
]]> 8:13 tinyproxy, pdf.js, react, pdf, weblogic, xfinity, comcast, dns, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8970 VPN Routing Leaks; Mullvad VPN Traffic Leak; Tiny Proxy unpatches RCE Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VPN Routing Leaks; Mullvad VPN Traffic Leak; Tiny Proxy unpatches RCE Vuln; https://traffic.libsyn.com/securitypodcast/8970.mp3 https://isc.sans.edu/podcastdetail/8970 Tue, 07 May 2024 05:30:06 GMT https://www.leviathansecurity.com/blog/tunnelvision
Mullvad VPN DNS Traffic Leak
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
Tiny Proxy Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
]]> 6:27 tiny proxy, vpn, mullvad, tunnelview, routing, leak, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8968 DNS Debugging; MSFT Zero Trust DNS; MSFT Graph API Abuse Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS Debugging; MSFT Zero Trust DNS; MSFT Graph API Abuse https://traffic.libsyn.com/securitypodcast/8968.mp3 https://isc.sans.edu/podcastdetail/8968 Mon, 06 May 2024 02:00:02 GMT https://isc.sans.edu/diary/nslookups+Debug+Options/30894/
Microsoft Plans DNS Lockdown
https://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366
Microsoft Graph API Abuse
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats
SANSFIRE SEC522 Defending Web Applications
https://www.sans.org/cyber-security-training-events/sansfire-2024/
]]> 5:32 microsoft, graph, api, dns, zero trust, ztdns, nslookup, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8966 Scans for Stupid Router Vuln; npm xml-crypt Vuln; Cuddlefish; ArubaOS Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Scans for Stupid Router Vuln; npm xml-crypt Vuln; Cuddlefish; ArubaOS Vuln; https://traffic.libsyn.com/securitypodcast/8966.mp3 https://isc.sans.edu/podcastdetail/8966 Fri, 03 May 2024 02:00:02 GMT https://isc.sans.edu/diary/Scans%20Probing%20for%20LB-Link%20and%20Vinga%20WR-AC1200%20routers%20CVE-2023-24796/30890
Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796
Buffer Overflow Vulnerabilities in ArubaOS
https://www.arubanetworks.com/support-services/security-bulletins/
The Cuttlefish Malware
https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
]]> 5:33 routers, npm, cuddlefix, arubaos, https, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8964 Linux Trojan; Denial of Wallet Attack; EU iOS Appstore User Tracking; BentoML Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Linux Trojan; Denial of Wallet Attack; EU iOS Appstore User Tracking; BentoML Vuln; https://traffic.libsyn.com/securitypodcast/8964.mp3 https://isc.sans.edu/podcastdetail/8964 Thu, 02 May 2024 02:00:02 GMT https://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880
AWS S3 Denial of Wallet Amplification Attack
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d
EU iOS Safari Allows User Tracking
https://www.mysk.blog/2024/04/28/safari-tracking/
BentoML Critical Deserialization Vuln CVE-2024-2912
https://nvd.nist.gov/vuln/detail/CVE-2024-2912
]]> 6:51 bentoml, ios, safari, tracking, aws, s3, cost, wallet, linux, trojan, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8962 Zyxel NAS Attacks; R Vulnerability; Malicious Containers; NVMe-oF/TCP Vulns; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Zyxel NAS Attacks; R Vulnerability; Malicious Containers; NVMe-oF/TCP Vulns; https://traffic.libsyn.com/securitypodcast/8962.mp3 https://isc.sans.edu/podcastdetail/8962 Wed, 01 May 2024 10:15:05 GMT https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884
R-Bitrary Code Execution: Vulnearbility in R's Deserialization
https://hiddenlayer.com/research/r-bitrary-code-execution/
Coordinated Docker Hub Attacks using Malicious Repositories
https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/
NVMe-oF/TCP Vulnerabilities
https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
]]> 6:38 nvme, tcp, docker, hub, malicious, repos, nas, zyxel, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8960 DLink NAS Exploit Variation; DNS and Great Firewall of China; Android TV Data Leakage Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DLink NAS Exploit Variation; DNS and Great Firewall of China; Android TV Data Leakage https://traffic.libsyn.com/securitypodcast/8960.mp3 https://isc.sans.edu/podcastdetail/8960 Tue, 30 Apr 2024 02:00:02 GMT https://www.qnap.com/en/security-advisory/qsa-24-09
Muddling Meerkat DNS Abuse
https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/
Android TV Data Leakage
https://www.youtube.com/watch?v=QiyBXXO8QpA
https://www.404media.co/android-tvs-can-expose-user-email-inboxes/
SEC522: SANSFIRE
https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices/
SEC522 Demo (requires free account):
https://www.sans.org/ondemand/get-demo/316
]]> 6:55 sec522, sansfire, demo, android, muddling, meerkat, dns, great firewall, china, dlink, nas, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8958 Credential Stuffing Increase; Fake Payment Cards; USPS Phishing; Chrome Post Quantum TLS Issues; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Credential Stuffing Increase; Fake Payment Cards; USPS Phishing; Chrome Post Quantum TLS Issues; https://traffic.libsyn.com/securitypodcast/8958.mp3 https://isc.sans.edu/podcastdetail/8958 Mon, 29 Apr 2024 02:00:02 GMT https://sec.okta.com/blockanonymizers
Fake payment cards used by Police in Japan
https://twitter.com/vxunderground/status/1783522097425211887
Phishing Campaigns Targeting USPS
https://www.akamai.com/blog/security-research/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic
Chrome 124 Breaks TLS Handshake
https://www.reddit.com/r/sysadmin/comments/1carvpd/chrome_124_breaks_tls_handshake/
]]> 6:36 chrome, tls, phishing, usps, japan, okta, credential stuffing, brute forcing, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8956 Honeypot Firewalls; Unplugging PlugX; pfsense and GitLab Updates; Blocking LOLBins @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Honeypot Firewalls; Unplugging PlugX; pfsense and GitLab Updates; Blocking LOLBins @sans_edu https://traffic.libsyn.com/securitypodcast/8956.mp3 https://isc.sans.edu/podcastdetail/8956 Fri, 26 Apr 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/
Unplugging PlugX: Singholing the PlugX USB worm botnet
https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
pfSense Updates
https://docs.netgate.com/advisories/index.html
GitLab Updates
https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/
Matthew Alan Vorhees: Prevention Strategies for Modern Living Off the Land Usage
https://www.sans.edu/cyber-research/prevention-strategies-modern-living-off-land-usage/
]]> 20:28 sans.edu, research, gitlab, lolbins, pfsense, plugx, iptables, honeypot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8954 NVD API Updates; Cisco Patches and Backdoor; Keyboard App Vulns; node-mysql2 vulns; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NVD API Updates; Cisco Patches and Backdoor; Keyboard App Vulns; node-mysql2 vulns; https://traffic.libsyn.com/securitypodcast/8954.mp3 https://isc.sans.edu/podcastdetail/8954 Thu, 25 Apr 2024 02:00:02 GMT https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868
Cisco Patches Vulnerabilities and Discovers Arcane Backdoor
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
MySQL2: Dangers of User-Defined Database Connections
https://blog.slonser.info/posts/mysql2-attacker-configuration/
Netgear Nighthawk Vulnerabilities
https://jvn.jp/en/vu/JVNVU91883072/
]]> 6:09 netgear, nighthawk, mysql2, node, keyboard, cisco, backdoor, arcanedoor, api, nvd, nist, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8952 struts2 devmode scans; Russian PrinterNightmare; Exchange Server Fix; Flowmon Exploit; GuptiMiner; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. struts2 devmode scans; Russian PrinterNightmare; Exchange Server Fix; Flowmon Exploit; GuptiMiner; https://traffic.libsyn.com/securitypodcast/8952.mp3 https://isc.sans.edu/podcastdetail/8952 Wed, 24 Apr 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/
Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028
https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
April 2024 Exchange Server Hotfix Update
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536
CVE-2024-2389: Command Injection Vulnerability in Progress Flowmon
https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
]]> 6:22 guptiminer, progress, flowmon, exchange server, hotfix, forest blizard, printnightmware, struts2, devmode, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8950 Exposed ICS; Evil XDR; GitLab Comment Bug; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exposed ICS; Evil XDR; GitLab Comment Bug; https://traffic.libsyn.com/securitypodcast/8950.mp3 https://isc.sans.edu/podcastdetail/8950 Tue, 23 Apr 2024 02:00:02 GMT https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860
Evil XDR: Turning an XDR into an Offensive Tool
https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware
GitLab Comment Bug
https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/
SEC522 Demo: https://www.sans.org/ondemand/get-demo/316
]]> 6:05 gitlab, xdr, evil xdr, ics, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8948 CVE Changes; CrushFTP 0-Day; GitHub Comment Bug; YubiKey Manager Bug; PAN GlobalProtect Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CVE Changes; CrushFTP 0-Day; GitHub Comment Bug; YubiKey Manager Bug; PAN GlobalProtect Update https://traffic.libsyn.com/securitypodcast/8948.mp3 https://isc.sans.edu/podcastdetail/8948 Mon, 22 Apr 2024 02:00:02 GMT https://isc.sans.edu/diary/The%20CVE%27s%20They%20are%20A-Changing!/30850
CrushFTP 0-Day Vulnerability
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/
GitHub Comment Bug Used to Distribute Malware
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
YubiKey Manager Privilege Escalation
https://www.yubico.com/support/security-advisories/ysa-2024-01/
Palo Alto Networks GlobalProtect Update
https://security.paloaltonetworks.com/CVE-2024-3400
]]> 5:36 cve, crushftp, github, yubikey, palo alto, PAN, globalprotect, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8946 Delinea PoC; Ivanti Avalanche PoC; Advanced Phishing Campaign; go-getter update; OfflRouter Virus Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Delinea PoC; Ivanti Avalanche PoC; Advanced Phishing Campaign; go-getter update; OfflRouter Virus https://traffic.libsyn.com/securitypodcast/8946.mp3 https://isc.sans.edu/podcastdetail/8946 Fri, 19 Apr 2024 02:00:01 GMT https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3
Ivanti Avalanche Poc/Details
https://www.tenable.com/security/research/tra-2024-10
Advanced Phishing Campaign
https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit
Hashicorp go-getter update CVE-2024-3817
https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040
OfflRouter Virus
https://blog.talosintelligence.com/offlrouter-virus-causes-upload-confidential-documents-to-virustotal/
]]> 5:06 offlrouter, ukraine, hashicorp, go-getter, phishing, ivanti, delinea, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8944 AgentTesla via PDF; GlobalProtect Updates; Open Source Takeovers; OpenMetaData Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AgentTesla via PDF; GlobalProtect Updates; Open Source Takeovers; OpenMetaData Attacks https://traffic.libsyn.com/securitypodcast/8944.mp3 https://isc.sans.edu/podcastdetail/8944 Thu, 18 Apr 2024 02:00:02 GMT https://isc.sans.edu/diary/Malicious%20PDF%20File%20Used%20As%20Delivery%20Mechanism/30848
Updated Palo Alto Networks GlobalProtect Guidance
https://security.paloaltonetworks.com/CVE-2024-3400
Coordinated Social Engineering Takeovers of Open Source Projects;
https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/
OpenMetaData Attacks
https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/
]]> 5:19 openmetadata, social engineering, open source, openssf, openjs, pan, globalprotect, pdf, agenttesla, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8942 GlobalProtect Exploit Public; Putty Private Key Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GlobalProtect Exploit Public; Putty Private Key Vuln; https://traffic.libsyn.com/securitypodcast/8942.mp3 https://isc.sans.edu/podcastdetail/8942 Wed, 17 Apr 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/Palo%20Alto%20Networks%20GlobalProtect%20exploit%20public%20and%20widely%20exploited%20CVE-2024-3400/30844/
Putty Private Key Recovery
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuapr2024.html
Ivanti Avalanche MDM Patches
https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US
]]> 5:33 ivanti, avalanche, oracle, cpu, putty, ssh, pan, globalprotect, palo alto, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8940 GlobalProtect Updates; Delinea Patch; Lancom PW reset; PHP Patch; Duo leak; LastPass Deepfake Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GlobalProtect Updates; Delinea Patch; Lancom PW reset; PHP Patch; Duo leak; LastPass Deepfake https://traffic.libsyn.com/securitypodcast/8940.mp3 https://isc.sans.edu/podcastdetail/8940 Tue, 16 Apr 2024 02:00:01 GMT https://isc.sans.edu/diary/30838
Delinea patches critical vulnerability in secret manager
https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3
Lancom Windows Setup Assistant May Reset Password
https://www.lancom-systems.com/service-support/general-security-information
PHP Patches
https://seclists.org/oss-sec/2024/q2/113
Duo SMS and VoiP Logs Leaked
https://app.securitymsp.cisco.com/e/es?e=2785&eid=opguvrs&elq=bd1c1886a59e40c09915b029a74be94e
Lastpass Stops Deepfake Attack
https://blog.lastpass.com/posts/2024/04/attempted-audio-deepfake-call-targets-lastpass-employee
]]> 6:17 Delinea, secret manager, lancom, php, duo, sms, voip, lastpass, deepfake, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8938 Palo Alto Networks GlobalProtect 0-Day Vulnerability Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Palo Alto Networks GlobalProtect 0-Day Vulnerability Exploited https://traffic.libsyn.com/securitypodcast/8938.mp3 https://isc.sans.edu/podcastdetail/8938 Sat, 13 Apr 2024 19:58:48 GMT https://security.paloaltonetworks.com/CVE-2024-3400
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/#RespondingToCompromise
]]> 5:41 palo alto networks, pan, panos, 0-day, globalprotect, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8936 BatBadBut Vulnerability; FortiClient Linux RCE; Apple Notifications; GitHub Search Tricks; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BatBadBut Vulnerability; FortiClient Linux RCE; Apple Notifications; GitHub Search Tricks; https://traffic.libsyn.com/securitypodcast/8936.mp3 https://isc.sans.edu/podcastdetail/8936 Fri, 12 Apr 2024 02:00:02 GMT https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
FortiClient Linux Remote Code Execution
https://www.fortiguard.com/psirt/FG-IR-23-087
Apple Threat Notifications and Protecting Against Mercenary Spyware
https://support.apple.com/en-us/102174
New Technique to Trick Developers Detected in an Open Source Supply Chain Attack
https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/
]]> 6:11 github, supply chain, search, mercenary, spyware, apple, forticlient, linux, batbadbut, windows, bat, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8934 Rust Vulnerability; Adobe Updates; Fortinet Patches; Malicious Windows Driver Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Rust Vulnerability; Adobe Updates; Fortinet Patches; Malicious Windows Driver https://traffic.libsyn.com/securitypodcast/8934.mp3 https://isc.sans.edu/podcastdetail/8934 Thu, 11 Apr 2024 02:00:02 GMT https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
Adobe Updates: Magento Adobe Commerce CVE-2024-20759 CVE-2024-20758
https://helpx.adobe.com/security/products/magento/apsb24-18.html
https://helpx.adobe.com/security.html
Fortinet FortiOS And FortiProxy Vulnerability CVE-2023-41677
https://www.fortiguard.com/psirt/FG-IR-23-493
Smoke and Screen Mirrors Signed Backdoor CVE-2024-26234
https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/
]]> 5:59 driver, backdoor, fortinet, fortios, fortiproxy, adobe, magento, commerce, rust, command, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8932 Microsoft Patches; D-Link NAS Backdoor; LG WebOS TV Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; D-Link NAS Backdoor; LG WebOS TV Vulnerabilities https://traffic.libsyn.com/securitypodcast/8932.mp3 https://isc.sans.edu/podcastdetail/8932 Wed, 10 Apr 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/April%202024%20Microsoft%20Patch%20Tuesday%20Summary/30822/
D-Link NAS Backdoor
https://github.com/netsecfish/dlink
LG SmartTV Vulnerabilities
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
]]> 6:31 lg, smarttv, d-link, nas, backdoor, microsoft, patches, patch tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8930 Why Threat Hunting; Notepad++ Domain Issue; Pickle ML Vulns; V8 Sandbox Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Why Threat Hunting; Notepad++ Domain Issue; Pickle ML Vulns; V8 Sandbox https://traffic.libsyn.com/securitypodcast/8930.mp3 https://isc.sans.edu/podcastdetail/8930 Tue, 09 Apr 2024 02:00:01 GMT https://isc.sans.edu/diary/30816
Notepad++ Parasite Site
https://notepad-plus-plus.org/news/help-to-take-down-parasite-site/
Hugging Face Pickle File Vulnerablities
https://huggingface.co/blog/hugging-face-wiz-security-blog
Google Considers V8 Sandbox no longer experimental
https://v8.dev/blog/sandbox
]]> 5:59 v8, google, hugging face, pickle, notepad, parasite, plus, threat hunting, soc, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8928 Heartbleed 10th Anniversary; Magento Backdoor; Fighting DNS Spoofing; Brocade Vuln; @sans_emea evening talk Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Heartbleed 10th Anniversary; Magento Backdoor; Fighting DNS Spoofing; Brocade Vuln; @sans_emea evening talk https://traffic.libsyn.com/securitypodcast/8928.mp3 https://isc.sans.edu/podcastdetail/8928 Mon, 08 Apr 2024 02:00:02 GMT https://heartbleed.com/
Possible Libarchive Backdoor Vulnerability
https://github.com/libarchive/libarchive/pull/1609
Magento XML Backdoor
https://sansec.io/research/magento-xml-backdoor
Google Public DNS's approach to fight against cache poisoning attacks
https://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html
Remote code execution (RCE)vulnerability in Brocade Fabric OS (CVE-2023-3454)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23215
SANS London April Evening Talk
https://sans.zoom.us/webinar/register/WN_ZLLnQKCCQCywLGm-CM4xQg#/registration
]]> 5:29 heartbleed, xz-utils, magento, libarchive, google, dns, cache poisoning, brocade, fabric os, sans, london, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8926 Reversing DoNex; HTTP/2 Continuation Flood; Kobold Letters; Infostealers in Automotive Headunits @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reversing DoNex; HTTP/2 Continuation Flood; Kobold Letters; Infostealers in Automotive Headunits @sans_edu https://traffic.libsyn.com/securitypodcast/8926.mp3 https://isc.sans.edu/podcastdetail/8926 Fri, 05 Apr 2024 02:00:02 GMT https://isc.sans.edu/diary/Slicing%20up%20DoNex%20with%20Binary%20Ninja/30812
HTTP/2 Continuation Flood
https://nowotarski.info/http2-continuation-flood-technical-details/
Dangers of CSS in HTML Email
https://lutrasecurity.com/en/articles/kobold-letters/
Dan Mazzella: Infostealers in Automotive Headunits
https://www.sans.edu/cyber-research/exploring-infostealer-malware-techniques-automotive-head-units/
]]> 15:11 donex, binary ninja, http2, css, html, email, infostealers, automotive, headunits, android, carplay, android auto, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8924 Playing with xzbot; Device Bound Session Credentials; Ivanti Vulns; Google Pixel 0-Day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Playing with xzbot; Device Bound Session Credentials; Ivanti Vulns; Google Pixel 0-Day https://traffic.libsyn.com/securitypodcast/8924.mp3 https://isc.sans.edu/podcastdetail/8924 Thu, 04 Apr 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/Some%20things%20you%20can%20learn%20from%20SSH%20traffic/30808/
Google Proposes Device Bound Session Credentials (DBSC)
https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html

Four More Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Google Pixel Zero Day
https://source.android.com/docs/security/bulletin/pixel/2024-04-01
]]> 6:02 google, pixel, cookies, sessions, ivanti, dbsc, ssh, xzbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8922 Chrome Incognito Mode; GMail Anti-Spam; Cisco Updates; Apache Pulsar Updates; Progress Flowmon Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Chrome Incognito Mode; GMail Anti-Spam; Cisco Updates; Apache Pulsar Updates; Progress Flowmon Vuln; https://traffic.libsyn.com/securitypodcast/8922.mp3 https://isc.sans.edu/podcastdetail/8922 Wed, 03 Apr 2024 02:00:01 GMT https://www.wired.com/story/google-chrome-incognito-mode-data-deletion-settlement/
Google E-Mail Sender Guidelines FAQ
https://support.google.com/a/answer/14229414?hl=en&fl=1&sjid=2270464422796374445-NC
Cisco Updates and VPN Best Practices
https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Apache Pulsar Vulnerability
https://pulsar.apache.org/security/CVE-2024-29834/
Progress Flowmon Network Monitoring Tool Vulnerability CVE-2024-2389
https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability
Wait Just an Infosec Episode with Bojan Zdrnja: Thursday April 4th 2024 10:00 EDST
https://isc.sans.edu/j/xzutils (link will redirect once episode is live)
]]> 5:39 progress, flowmon, apache, pulsar, cisco, chrome, google, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8920 xz-utils update; csv files; MacOS Infostealer Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. xz-utils update; csv files; MacOS Infostealer https://traffic.libsyn.com/securitypodcast/8920.mp3 https://isc.sans.edu/podcastdetail/8920 Tue, 02 Apr 2024 02:00:02 GMT https://isc.sans.edu/diary/The%20amazingly%20scary%20xz%20sshd%20backdoor/30802
The xz-utils backdoor in security advisories by national CSIRTs
https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
Checking CSV Files
https://isc.sans.edu/diary/Checking%20CSV%20Files/30796
Infostealers Pose Threat to macOS
https://www.jamf.com/blog/infostealers-pose-threat-to-macos/
]]> 7:09 infostealers, macos, cvs, xz-utils, backdoor, ssh, sshd, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8918 xz-utils Backdoor (CVE-2024-3094) Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. xz-utils Backdoor (CVE-2024-3094) https://traffic.libsyn.com/securitypodcast/8918.mp3 https://isc.sans.edu/podcastdetail/8918 Mon, 01 Apr 2024 02:00:02 GMT https://www.openwall.com/lists/oss-security/2024/03/29/4
https://tukaani.org/xz-backdoor/
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
Backdoor reverse analysis
https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b
YARA Rule
https://github.com/byinarie/CVE-2024-3094-info/blob/main/CVE-2024-3094.yar
Social Engineering Attempts to Include Backdoor in Distros
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708
https://news.ycombinator.com/item?id=39866275
Github Repo (now disabled)
https://github.com/tukaani-project/xz
Statements from Distributions
https://www.kali.org/blog/about-the-xz-backdoor/
https://archlinux.org/news/the-xz-package-has-been-backdoored/
https://access.redhat.com/security/cve/CVE-2024-3094
https://bugs.gentoo.org/928134
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024

]]> 7:37 xz-utils, backdoor, xz, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8916 JavaScript to AsyncRAT; TeamCity Patch; Okta Verify Patch; Google 0-Day Report Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. JavaScript to AsyncRAT; TeamCity Patch; Okta Verify Patch; Google 0-Day Report https://traffic.libsyn.com/securitypodcast/8916.mp3 https://isc.sans.edu/podcastdetail/8916 Fri, 29 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/From%20JavaScript%20to%20AsyncRAT/30788
TeamCity Patches
https://www.jetbrains.com/privacy-security/issues-fixed/?product=TeamCity&version=2024.03
Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980
https://trust.okta.com/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980/
Google Zero Day Report
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf
]]> 5:36 google, zero day, okta, teamcity, javascript, asyncrat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8914 OfBiz Scans; Wall-Escape; Apple MFA Bombing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OfBiz Scans; Wall-Escape; Apple MFA Bombing https://traffic.libsyn.com/securitypodcast/8914.mp3 https://isc.sans.edu/podcastdetail/8914 Thu, 28 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/Scans%20for%20Apache%20OfBiz/30784
Wall-Escape (CVE-2024-28085)
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
Recent "MFA Bombing" Attacks Targeting Apple Users
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
]]> 5:20 apple, mfa, bombing, wall, escape, apache, ofbiz, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8912 linux-pkgs.sh; Suspect NuGet Packages; QUIC vs UDP Loops; AI System Miners; ASUS to TheMoon; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. linux-pkgs.sh; Suspect NuGet Packages; QUIC vs UDP Loops; AI System Miners; ASUS to TheMoon; https://traffic.libsyn.com/securitypodcast/8912.mp3 https://isc.sans.edu/podcastdetail/8912 Wed, 27 Mar 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/New%20tool%3A%20linux-pkgs.sh/30774/
Suspicious NuGet package grabs data from industrial systems
https://www.reversinglabs.com/blog/suspicious-nuget-package-grabs-data-from-industrial-systems
Preventing Cross Service UDP Loops in QUIC
https://bughunters.google.com/blog/5960150648750080/preventing-cross-service-udp-loops-in-quic
ShadowRay Attacks AI Workloads Actively Exploited in the Wild
https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
TheMoon Malware Infects 6,000 ASUS Routers in 72 Hours for Proxy Service
https://www.bleepingcomputer.com/news/security/themoon-malware-infects-6-000-asus-routers-in-72-hours-for-proxy-service/
]]> 5:48 linux packages, themoon, asus, shadowray, quic, nuget, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8910 Tool Updates; Apple Updates; Fake Python Infrastructure; OpenVPN Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Tool Updates; Apple Updates; Fake Python Infrastructure; OpenVPN Update https://traffic.libsyn.com/securitypodcast/8910.mp3 https://isc.sans.edu/podcastdetail/8910 Tue, 26 Mar 2024 02:00:01 GMT https://isc.sans.edu/diary/Tool%20updates%3A%20le-hex-to-ip.py%20and%20sigs.py/30772
Apple Updates for MacOS, iOS/iPadOS, visionOS;
https://isc.sans.edu/diary/Apple%20Updates%20for%20MacOS%2C%20iOS%20iPadOS%20and%20visionOS/30778
Fake Python Infrastructure
https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
OpenVPN Update
https://openvpn.net/community-downloads/
]]> 6:02 openvpn, python, apple, macos, ios, ipados, visionos, le-hex-to-ip, sigs, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8908 1768.py Experimental Mode; Loop DoS; Windows Server Crash Fix Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 1768.py Experimental Mode; Loop DoS; Windows Server Crash Fix https://traffic.libsyn.com/securitypodcast/8908.mp3 https://isc.sans.edu/podcastdetail/8908 Mon, 25 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/1768.py%27s%20Experimental%20Mode/30770
CISCP Advisory on Application-Layer Loop DoS
https://docs.google.com/document/d/1KByZzrdwQhrXGPPCf9tUzERZyRzg0xOpGbWoDURZxTI/edit
Fixes for Windows Server LSASS Memory Leak
https://www.catalog.update.microsoft.com/Search.aspx?q=2024-03%20Cumulative%20Update
]]> 5:31 lsass, windows, server, ciscp, loop, dos, dns, ntp, tftp, 1768, cobalt strike, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8906 Geofeed; Apple Updates and Bugs; GitHub AutoFix; Fortinet POC; new Ivanti Breakage; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Geofeed; Apple Updates and Bugs; GitHub AutoFix; Fortinet POC; new Ivanti Breakage; https://traffic.libsyn.com/securitypodcast/8906.mp3 https://isc.sans.edu/podcastdetail/8906 Fri, 22 Mar 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/Whois%20%22geofeed%22%20Data/30766/
Apple Updates
https://support.apple.com/en-us/HT201222
Apple Bug
https://gofetch.fail/
GitHub Copilot AutoFix
https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/
Fortinet PoC
https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/
Ivanti Standalone Sentry
https://forums.ivanti.com/s/article/KB-CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US
]]> 6:24 geofeed, apple, apple bug, github, copilot, autofix, fortinet, ivanti, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8904 FortiOS Scans; Tax Scams; Abusing DHCP Administrators Group Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. FortiOS Scans; Tax Scams; Abusing DHCP Administrators Group https://traffic.libsyn.com/securitypodcast/8904.mp3 https://isc.sans.edu/podcastdetail/8904 Thu, 21 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/Scans%20for%20Fortinet%20FortiOS%20and%20the%20CVE-2024-21762%20vulnerability/30762
Microsoft Reminder: It is Tax Season (at least in the US)
https://www.theregister.com/2024/03/20/its_tax_season_and_scammers/
Abusing DHCP Administrators Group for Privilege Escalation in Windows Domains;
https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains
]]> 5:56 dhcp, administrators, windows, domains, tax season, irs, fortinet, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8902 Hunting Firewalls; Fortigate Exploit; IC3 Annual Report; macOS 14.4 Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hunting Firewalls; Fortigate Exploit; IC3 Annual Report; macOS 14.4 Update https://traffic.libsyn.com/securitypodcast/8902.mp3 https://isc.sans.edu/podcastdetail/8902 Wed, 20 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/Attacker%20Hunting%20Firewalls/30758
Fortigate Vulnerability Exploit Available
https://github.com/h4x0r-dz/CVE-2024-21762
IC3 Annual Report 2023
https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
Issues with macOS 14.4 Update
https://www.macrumors.com/2024/03/18/do-not-update-macos-sonoma-14-4/
]]> 5:25 macos, ic3, fortigate, firewalls, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8900 MSFT 1024 Bit RSA Keys; Real-Time Safe Browsing; Fortra FileCatalyst Vuln; Spring inSecurity; TrendNet Router Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT 1024 Bit RSA Keys; Real-Time Safe Browsing; Fortra FileCatalyst Vuln; Spring inSecurity; TrendNet Router Vuln; https://traffic.libsyn.com/securitypodcast/8900.mp3 https://isc.sans.edu/podcastdetail/8900 Tue, 19 Mar 2024 02:00:02 GMT https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#deprecated-features
Chrome Real-Time Safe Browsing Protection
https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
Fortra FileCatalyst Vulnerability CVE-2024-25153
https://www.fortra.com/security/advisory/fi-2024-002
Spring Security CVE-2024-22257
https://spring.io/security/cve-2024-22257/
TrendNet TWEW-827DRU Router Vulnerability CVE-2024-28353 CVE-2024-28354
https://warp-desk-89d.notion.site/TEW-827DRU-5c40fb20572148f0b00f329d69273791
]]> 5:23 trendnet, spring, security, chrome, safe browsing, safebrowsing, fortra, microsoft, tls, ssl, rsa, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8898 5GHoul Update; Cobalt Strike Hex Encoded; ChatGPT related OAUTH Issues; Help Desk Attacks; CRL/OCSP Changes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 5GHoul Update; Cobalt Strike Hex Encoded; ChatGPT related OAUTH Issues; Help Desk Attacks; CRL/OCSP Changes https://traffic.libsyn.com/securitypodcast/8898.mp3 https://isc.sans.edu/podcastdetail/8898 Mon, 18 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/5Ghoul%20Revisited%3A%20Three%20Months%20Later/30746
Obfuscated Hexadecimal Payload
https://isc.sans.edu/diary/Obfuscated%20Hexadecimal%20Payload/30750
ChatGPT Related OAUTH Issues
https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data?utm_source=social&utm_medium=reddit
RedCanary Threat Detection Report
https://redcanary.com/threat-detection-report/
CRL/OCSP Changes
https://github.com/cabforum/servercert/blob/main/docs/BR.md
]]> 6:39 crl, ocsp, cab forum, revocation, certificates, redcanacy, help desks, oauth, 5GHOUL, hexadecimal, obfuscation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8896 R2/IPFS Phishing; Fortinet Updates/new Vulns; Arcserve UDP PoC; Michael Holcomb ICS/PLC Security @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. R2/IPFS Phishing; Fortinet Updates/new Vulns; Arcserve UDP PoC; Michael Holcomb ICS/PLC Security @sans_edu https://traffic.libsyn.com/securitypodcast/8896.mp3 https://isc.sans.edu/podcastdetail/8896 Fri, 15 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/Increase%20in%20the%20number%20of%20phishing%20messages%20pointing%20to%20IPFS%20and%20to%20R2%20buckets/30744
Fortinet New Vulnerabilities
https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/
Fortinet Updates
https://www.helpnetsecurity.com/2024/03/14/cve-2023-48788-poc/
Arcserve UDP Vulnerability and PoC
https://www.tenable.com/security/research/tra-2024-07
Michael Holcomb: Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents
https://www.sans.edu/cyber-research/mode-matters-monitoring-plcs-for-detecting-potential-ics-ot-incidents/
]]> 20:37 holcomb, sans.edu, ics, plc, mode, udp, arcserve, fortinet, horizon3, ipfs, r2, spam, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8894 ChatGPT Deobfuscation; Fortinet Patches; Adobe Patches; Kubernetes Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ChatGPT Deobfuscation; Fortinet Patches; Adobe Patches; Kubernetes Exploit https://traffic.libsyn.com/securitypodcast/8894.mp3 https://isc.sans.edu/podcastdetail/8894 Thu, 14 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/Using%20ChatGPT%20to%20Deobfuscate%20Malicious%20Scripts/30740
Critical Fortinet Vulnerabilities
https://fortiguard.fortinet.com/psirt
Adobe Security Bulletins
https://helpx.adobe.com/security/security-bulletin.html
Kubernetes Local Volumes Command Injection Vulnerability
https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
]]> 5:28 kubernetes, adobe, fortinet, chatgpt, obfuscation, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8892 MSFT Patch Tuesday; NVD Issues; ZOHO ManageEngine Vuln; Arube Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Tuesday; NVD Issues; ZOHO ManageEngine Vuln; Arube Patches https://traffic.libsyn.com/securitypodcast/8892.mp3 https://isc.sans.edu/podcastdetail/8892 Wed, 13 Mar 2024 02:00:01 GMT https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20March%202024/30736
Death Knell of NVD
https://resilientcyber.substack.com/p/death-knell-of-the-nvd
Unrestricted file upload vulnerability in ManageEngine Desktop Central
https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central
Siemens Fire Protection System Updates
https://cert-portal.siemens.com/productcert/html/ssa-225840.html
]]> 5:39 siemens, manageengine, nvd, nist, microsoft, patch tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8890 Leaked API Keys; Fake Calendly Links; SCCM Problems and Misconfiguration Manager @SpecterOps Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Leaked API Keys; Fake Calendly Links; SCCM Problems and Misconfiguration Manager @SpecterOps https://traffic.libsyn.com/securitypodcast/8890.mp3 https://isc.sans.edu/podcastdetail/8890 Tue, 12 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/What%20happens%20when%20you%20accidentally%20leak%20your%20AWS%20API%20keys%3F%20%5BGuest%20Diary%5D/30730
How Crypto Imposters are using Calendly to infect Macs with Malware
https://cyberguy.com/news/how-crypto-imposters-are-using-calendly-to-infect-macs-with-malware/
https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/
Misconfiguration Manager: Overlooked and Overprivileged
https://posts.specterops.io/misconfiguration-manager-overlooked-and-overprivileged-70983b8f350d
]]> 6:17 misconfiguration, configuration manager, sccm, crypto, calendly, aws, api keys, github, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8888 Wordpress Brute Force Trick and CORS; Cisco VPN Client Vuln; Fortinet Exploits; pgAdmin; Font Vulnerabilities; QNAP; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Wordpress Brute Force Trick and CORS; Cisco VPN Client Vuln; Fortinet Exploits; pgAdmin; Font Vulnerabilities; QNAP; https://traffic.libsyn.com/securitypodcast/8888.mp3 https://isc.sans.edu/podcastdetail/8888 Mon, 11 Mar 2024 02:00:01 GMT https://arstechnica.com/security/2024/03/attack-wrangles-thousands-of-web-users-into-a-password-cracking-botnet
Cisco VPN Client Vuln
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7
Fortinet Vulnerability Exploited
https://bishopfox.com/blog/cve-2024-21762-vulnerability-scanner-for-fortigate-firewalls
pgAdmin Path Traversal
https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/
Font Vulnerabilities
https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/

QNAP Flaws
https://securityonline.info/cve-2024-21899-cvss-9-8-critical-qnap-flaw-opens-door-to-hackers/
]]> 7:17 qnap, fonts, canva, pgadmin, fortinet, cisco, javascript, cors, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8886 AWS vs. Azure Honeypots; Apple Patches; NSA/CISA Cloud Security Guides Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AWS vs. Azure Honeypots; Apple Patches; NSA/CISA Cloud Security Guides https://traffic.libsyn.com/securitypodcast/8886.mp3 https://isc.sans.edu/podcastdetail/8886 Fri, 08 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20AWS%20Deployment%20Risks%20-%20Configuration%20and%20Credential%20File%20Targeting/30722
Apple Updates
https://isc.sans.edu/diary/MacOS%20Patches%20%28and%20Safari%2C%20TVOS%2C%20VisionOS%2C%20WatchOS%29/30726
NSA/CISA Secure Cloud Guides
https://media.defense.gov/2024/Mar/07/2003407866/-1/-1/0/CSI-CloudTop10-Identity-Access-Management.PDF
https://media.defense.gov/2024/Mar/07/2003407858/-1/-1/0/CSI-CloudTop10-Key-Management.PDF
https://media.defense.gov/2024/Mar/07/2003407859/-1/-1/0/CSI-CloudTop10-Managed-Service-Providers.PDF
https://media.defense.gov/2024/Mar/07/2003407862/-1/-1/0/CSI-CloudTop10-Secure-Data.PDF
https://media.defense.gov/2024/Mar/07/2003407861/-1/-1/0/CSI-CloudTop10-Network-Segmentation.PDF
]]> 5:13 nsa, cisa, cloud, apple, honeypot, aws, azure, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8884 #QUIC Scanning; Google Chrome Update; YARN Miner; Teamcity Exploited; #quicmap Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #QUIC Scanning; Google Chrome Update; YARN Miner; Teamcity Exploited; #quicmap https://traffic.libsyn.com/securitypodcast/8884.mp3 https://isc.sans.edu/podcastdetail/8884 Thu, 07 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/Scanning%20and%20abusing%20the%20QUIC%20protocol/30720
Google Chrome Update
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html
Spinning YARN
https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/
Teamcity Exploited
https://twitter.com/leak_ix/status/1765460190621581347
]]> 6:06 teamcity, yarn, hadoop, chrome, quic, quicmap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8882 iOS Updates; Perimeter Security Survival Time; #QEMU Tunnel; #VMware Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. iOS Updates; Perimeter Security Survival Time; #QEMU Tunnel; #VMware Patches https://traffic.libsyn.com/securitypodcast/8882.mp3 https://isc.sans.edu/podcastdetail/8882 Wed, 06 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716
Why Your Firewall Will Kill You
https://isc.sans.edu/diary/Why+Your+Firewall+Will+Kill+You/30714/
QEMU Tunnel
https://securelist.com/network-tunneling-with-qemu/111803/
VMware Vulnerabilities Patched
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
]]> 6:40 vmware, qemu, tunnel, firewall, permiter, security, ios, ipados, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8880 TAPs at Home; TeamCity Vuln; GitHub Push Protections; Android Update; Linksys Bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TAPs at Home; TeamCity Vuln; GitHub Push Protections; Android Update; Linksys Bug https://traffic.libsyn.com/securitypodcast/8880.mp3 https://isc.sans.edu/podcastdetail/8880 Tue, 05 Mar 2024 02:15:05 GMT https://isc.sans.edu/diary/Capturing%20DShield%20Packets%20with%20a%20LAN%20Tap%20%5BGuest%20Diary%5D/30708
Additional Critical Security Issues Affecting Teamcity
https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/
GitHub Push Protection Now On By Default
https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/
Android Updates
https://source.android.com/docs/security/bulletin/2024-03-01
Linksys E-2000 Vulnerablity
https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8
]]> 5:40 linksys, android, github, tap, network, teamcity, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8878 Old Confluence Vuln Scan; Google CSP Difficulties; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Old Confluence Vuln Scan; Google CSP Difficulties; https://traffic.libsyn.com/securitypodcast/8878.mp3 https://isc.sans.edu/podcastdetail/8878 Mon, 04 Mar 2024 02:00:05 GMT https://isc.sans.edu/diary/Scanning%20for%20Confluence%20CVE-2022-26134/30704
Exploiting CSP Wildcards for Google Domains
https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google
Silver SAML: Golden SAML in the Cloud
https://www.semperis.com/blog/meet-silver-saml/
]]> 5:28 saml, csp, confluence, cve-2022-26134, cloud, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8876 DarkGate Update; Ivanti IR; Github Repo Flood; NoName Doorbell Cameras; @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DarkGate Update; Ivanti IR; Github Repo Flood; NoName Doorbell Cameras; @sans_edu https://traffic.libsyn.com/securitypodcast/8876.mp3 https://isc.sans.edu/podcastdetail/8876 Fri, 01 Mar 2024 02:00:02 GMT https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Dissecting%20DarkGate%3A%20Modular%20Malware%20Delivery%20and%20Persistence%20as%20a%20Service./30700
Ivanti Incident Response Update
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b
Github Flooded with Infected Repos
https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack
Security Flaws in NoName Doorbell Cameras
https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/
]]> 6:27 doorbells, github, repos, flood, ivanti, darkgate, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8874 Odd Confluence Scan; ALPH/Blackcat Healthcare Attacks; GlobalBlock Released Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd Confluence Scan; ALPH/Blackcat Healthcare Attacks; GlobalBlock Released https://traffic.libsyn.com/securitypodcast/8874.mp3 https://isc.sans.edu/podcastdetail/8874 Thu, 29 Feb 2024 02:00:02 GMT https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Unknown%20Password%20Reset%20Vulnerability/30698
StopRansomware: Updated ALPHV Blackcat Advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
GlobalBlock Service To Prevent Trademark abuse
https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/
]]> 5:37 GlobalBlock, trademark, registrars, stopransomware, alphv, healthcare, blackcat, altassian, confluence, password, reset, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8872 Ubiquity Takedown Aftermath; New Govt Botnet Advisory; SVR Cloud Attacks; Hugging Face ML Models Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ubiquity Takedown Aftermath; New Govt Botnet Advisory; SVR Cloud Attacks; Hugging Face ML Models https://traffic.libsyn.com/securitypodcast/8872.mp3 https://isc.sans.edu/podcastdetail/8872 Wed, 28 Feb 2024 02:00:01 GMT https://isc.sans.edu/diary/Take%20Downs%20and%20the%20Rest%20of%20Us%3A%20Do%20they%20matter%3F/30694
Joint Cybersecurity Advisory
https://www.ic3.gov/Media/News/2024/240227.pdf
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
]]> 6:13 Machine learning, ml, backdoor, hugging face, svr, cloud, advisory, routers, ubiquity, take downs, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8870 VirusTotal API and Honeypots; WPA2 Auth Bypass; Subdomain Spam; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VirusTotal API and Honeypots; WPA2 Auth Bypass; Subdomain Spam; https://traffic.libsyn.com/securitypodcast/8870.mp3 https://isc.sans.edu/podcastdetail/8870 Tue, 27 Feb 2024 02:00:02 GMT https://isc.sans.edu/diary/Utilizing%20the%20VirusTotal%20API%20to%20Query%20Files%20Uploaded%20to%20DShield%20Honeypot%20%5BGuest%20Diary%5D/30688
New WiFi Authentication Vulnerabilities Discovered
https://www.top10vpn.com/research/wifi-vulnerabilities/
Subdomain Takeover Spam
https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935
]]> 6:21 subdomain, spam, malspam, wifi, wpa, authentication, vulnerability, honeypots, virustotal, cookoo, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8868 Magellan Scans; Mouse Sandbox Check; Salesforce Apex Vuln; IBM ODM PoC; Linux kTLS Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Magellan Scans; Mouse Sandbox Check; Salesforce Apex Vuln; IBM ODM PoC; Linux kTLS Vuln; https://traffic.libsyn.com/securitypodcast/8868.mp3 https://isc.sans.edu/podcastdetail/8868 Mon, 26 Feb 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/Update%3A%20MGLNDD_*%20Scans/30686/
Simple Anti-Sandbox Technique: Where's the Mouse
https://isc.sans.edu/diary/Simple%20Anti-Sandbox%20Technique%3A%20Where%27s%20The%20Mouse%3F/30684
Security Vulnerabilities in Apex Code Could Leak Salesforce Data
https://www.varonis.com/blog/apex-code-vulnerabilities
IBM Operation Decision Manager Exploit CVE-2024-22319 CVE-2024-22320
https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/
Linux Kernel TLS Vulnerability CVE-2024-26582
https://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh/
]]> 5:48 linux, tls, ibm, odm, exploit, vulnerability, apex, salesforce, mouse, sandbox, mglndd, ripe, atlas, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8866 Friend of Foe; AT&T Wireless Outage; LockBit Uses Screenconnect; SSH Snake Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Friend of Foe; AT&T Wireless Outage; LockBit Uses Screenconnect; SSH Snake https://traffic.libsyn.com/securitypodcast/8866.mp3 https://isc.sans.edu/podcastdetail/8866 Fri, 23 Feb 2024 02:00:02 GMT https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Friend%2C%20foe%20or%20something%20in%20between%3F%20The%20grey%20area%20of%20%27security%20research%27/30670
Large AT&T Wireless Network Outage
https://isc.sans.edu/diary/Large%20AT%26T%20Wireless%20Network%20Outage%20%23att%20%23outage/30680
Connect Wise Screenconnect Userd by LockBit
https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/
SSH Snake Abused in the Wild
https://github.com/MegaManSec/SSH-Snake
]]> 5:51 ssh snake, ssh, connectwise, screenconnect, atT, modbus, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8864 Archive.org Phish; ScreenConnect PoC; Post Quantum iMessage; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Archive.org Phish; ScreenConnect PoC; Post Quantum iMessage; https://traffic.libsyn.com/securitypodcast/8864.mp3 https://isc.sans.edu/podcastdetail/8864 Thu, 22 Feb 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/Phishing%20pages%20hosted%20on%20archive.org/30676/
ScreenConnect Authentication Bypass Exploit CVE-2024-1709 CVE-2024-1708)
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
iMessage with PQ3
https://security.apple.com/blog/imessage-pq3/
]]> 6:32 imessage, pq3, screenconnect, archive, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8862 Dynamic Sandbox Detection; Screenconnect Vulns; VMWare EAP; VoltSchemer Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dynamic Sandbox Detection; Screenconnect Vulns; VMWare EAP; VoltSchemer https://traffic.libsyn.com/securitypodcast/8862.mp3 https://isc.sans.edu/podcastdetail/8862 Wed, 21 Feb 2024 02:45:05 GMT https://isc.sans.edu/diary/Python%20InfoStealer%20With%20Dynamic%20Sandbox%20Detection/30668
Connectwise Screenconnect Vulnerabilities
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Remove VMWare Enhanced Authentication Plugin (EAP) VE-2024-22245 CVE-2024-22250
https://kb.vmware.com/s/article/96442
Voltage Noise to Manipulate Wireless Chargers
https://arxiv.org/pdf/2402.11423.pdf
]]> 6:21 voltage, voltschemer, qi, wireless charging, vmware, screenconnect, sandbox, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8860 Mirai Again; KeyTrap PoC; AI File Type Recon; Unsynced Clock Issue Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mirai Again; KeyTrap PoC; AI File Type Recon; Unsynced Clock Issue https://traffic.libsyn.com/securitypodcast/8860.mp3 https://isc.sans.edu/podcastdetail/8860 Tue, 20 Feb 2024 02:00:02 GMT https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658
KeyTrap PoC Exploit
https://github.com/knqyf263/CVE-2023-50387
Google Open Sources Magika File ID System
https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html
Exploiting Unsynchronised Clocks
https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
]]> 5:32 clocks, ntp, caching, google, magika, ai, libmagic, file id, keytrap, poc, mirai, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8858 SolarWinds Patch; Chrome CORS Extension; Biometrics Theft Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SolarWinds Patch; Chrome CORS Extension; Biometrics Theft https://traffic.libsyn.com/securitypodcast/8858.mp3 https://isc.sans.edu/podcastdetail/8858 Mon, 19 Feb 2024 02:00:02 GMT https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-3_release_notes.htm
Google Chrome Adds Private Network Checks
https://chromestatus.com/feature/4869685172764672
Gold Factory iOS Trojan
https://www.group-ib.com/blog/goldfactory-ios-trojan/
]]> 7:38 goldfactory, ios, trojan, chrome, network, cors, solarwinds, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8856 AWS SNS Smishing; Linux CVEs; Pulse Secure Issues; Rogue Ethernet Switches; @sans_edu @sansinstitute Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AWS SNS Smishing; Linux CVEs; Pulse Secure Issues; Rogue Ethernet Switches; @sans_edu @sansinstitute https://traffic.libsyn.com/securitypodcast/8856.mp3 https://isc.sans.edu/podcastdetail/8856 Fri, 16 Feb 2024 02:00:02 GMT https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/
Linux Issuing CVEs
http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/
Analyzing Pulse Secure Firmware and Bypassing Integrity Checking
https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/
Jennifer Walker: Detecting Rogue Ethernet Switches Using Layer 1 Techniques
https://www.sans.edu/cyber-research/detecting-rogue-ethernet-switches-using-layer-1-techniques/
]]> 13:11 jennifer walker, switches, ethernet, ivanty, linux, cves, usps, phishing, smishing, sns, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8854 Troubleshooting Honeypots; Dangerous Suggestions; MonikerLink Bug; Adobe and AMD patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Troubleshooting Honeypots; Dangerous Suggestions; MonikerLink Bug; Adobe and AMD patches https://traffic.libsyn.com/securitypodcast/8854.mp3 https://isc.sans.edu/podcastdetail/8854 Thu, 15 Feb 2024 02:00:02 GMT https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Learning%20by%20doing%3A%20Iterative%20adventures%20in%20troubleshooting/30648
Snap Trap: The Hidden Dangers within Ubuntu's Package Suggestion System
https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/
The Risks of the Monikerlink Bug in Microsoft Outlook
https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
AMD Patches
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7009.html
]]> 5:44 monikerlink, outlook, smb, snap trap, troubleshooting, honeypot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8852 Microsoft Patches; DNSSEC DoS Vuln; Zoom and QNAP Vulnerablities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; DNSSEC DoS Vuln; Zoom and QNAP Vulnerablities https://traffic.libsyn.com/securitypodcast/8852.mp3 https://isc.sans.edu/podcastdetail/8852 Wed, 14 Feb 2024 03:20:05 GMT https://isc.sans.edu/diary/Microsoft%20February%202024%20Patch%20Tuesday/30646
DNSSEC DoS Vulnerability CVE-2023-50387
https://www.presseportal.de/pm/173495/5713546
Zoom Desktop Client Vuln
https://www.zoom.com/en/trust/security-bulletin
QNAP Vulnerablity
https://www.qnap.com/de-de/security-advisory/qsa-23-57
https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/
]]> 6:24 qnap, zoom, dnssec, dos, bind, unbound, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8850 Mirai vs BYTEVALUE; Targeted Cloud Attack; Repo Security; Postgresql Vuln; Comma vs MSFT Defender Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mirai vs BYTEVALUE; Targeted Cloud Attack; Repo Security; Postgresql Vuln; Comma vs MSFT Defender https://traffic.libsyn.com/securitypodcast/8850.mp3 https://isc.sans.edu/podcastdetail/8850 Tue, 13 Feb 2024 03:00:05 GMT https://isc.sans.edu/diary/Exploit%20against%20Unnamed%20%22Bytevalue%22%20router%20vulnerability%20included%20in%20Mirai%20Bot/30642
Senior Executives Targeted in Ongoing Azure Account Takeover
https://www.darkreading.com/cloud-security/senior-executives-targeted-ongoing-azure-account-takeover
CISA Parners With OpenSSF To Secure Software Repositories
https://www.cisa.gov/news-events/alerts/2024/02/08/cisa-partners-openssf-securing-software-repositories-working-group-release-principles-package
PostgreSQL Vulnerability
https://www.postgresql.org/support/security/CVE-2024-0985/
Microsoft Defender Bypass via Comma
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt
]]> 5:33 microsoft, defender, comma, postgresql, cisa, openssf, repository, mirai, bytevalue, azure, cloud, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8848 Obfuscated MSIX Powershell; Too Many Honeypots; ClamAV Vuln; ExpressVPN Leak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscated MSIX Powershell; Too Many Honeypots; ClamAV Vuln; ExpressVPN Leak https://traffic.libsyn.com/securitypodcast/8848.mp3 https://isc.sans.edu/podcastdetail/8848 Mon, 12 Feb 2024 02:25:05 GMT https://isc.sans.edu/diary/MSIX%20With%20Heavily%20Obfuscated%20PowerShell%20Script/30636
Too Many Honeypots
https://vulncheck.com/blog/too-many-honeypots
ClamAV Command Injection Vulnerability CVE-2024-20328
https://amitschendel.github.io/vulnerabilites/CVE-2024-20328/
ExpressVPN DNS Leaks
https://www.expressvpn.com/blog/windows-app-dns-requests/
]]> 5:50 expressvpn, dns, leak, clamav, honeypots, msix, powershell, obfuscation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8846 Podcast Aniversary; Keylogger MP3 Player; Fake LastPass; Ivanti Vuln; @sans_edu @SANSInstitute Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Podcast Aniversary; Keylogger MP3 Player; Fake LastPass; Ivanti Vuln; @sans_edu @SANSInstitute https://traffic.libsyn.com/securitypodcast/8846.mp3 https://isc.sans.edu/podcastdetail/8846 Fri, 09 Feb 2024 03:10:06 GMT https://isc.sans.edu/diary/A%20Python%20MP3%20Player%20with%20Builtin%20Keylogger%20Capability/30632
Fake LastPass App in Apple App Store
https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/
Ivanti XXE Vulnerability
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure
FortiOS sslvpnd vulnerability
https://www.fortiguard.com/psirt/FG-IR-24-015
]]> 5:46 fortios, sslvpnd, ivanti, xxe, lastpass, python, mp3, player, app store, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8844 Possible Balena Scans; Critical shim vulnerability; Volt Typhoon Living of the Land Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Possible Balena Scans; Critical shim vulnerability; Volt Typhoon Living of the Land https://traffic.libsyn.com/securitypodcast/8844.mp3 https://isc.sans.edu/podcastdetail/8844 Thu, 08 Feb 2024 02:55:05 GMT https://isc.sans.edu/forums/diary/Anybody%20knows%20that%20this%20URL%20is%20about%3F%20Maybe%20Balena%20API%20request%3F/30628/
Critical shim vulnerability and patch
https://github.com/rhboot/shim/releases/tag/15.8
Volt Typhoon Lessons Learned
https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
]]> 5:29 volt, typhoon, shim, bios, uefi, url, balena, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8842 40 Years of Viruses; Infected Toothbrushes; TeamCity Vuln; Resume Looters; Malicious Facebook Job Ads Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 40 Years of Viruses; Infected Toothbrushes; TeamCity Vuln; Resume Looters; Malicious Facebook Job Ads https://traffic.libsyn.com/securitypodcast/8842.mp3 https://isc.sans.edu/podcastdetail/8842 Wed, 07 Feb 2024 03:05:05 GMT https://isc.sans.edu/diary/Computer%20viruses%20are%20celebrating%20their%2040th%20birthday%20%28well%2C%2054th%2C%20really%29/30624
Three million malware-infected smart toothbrushes used in Swiss DDoS attacks
https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages
Critical Security Issue Affecting TeamCity On-Premises CVE-2024-23917
https://blog.jetbrains.com/teamcity/2024/02/critical-security-issue-affecting-teamcity-on-premises-cve-2024-23917/
Resume Looters
https://www.group-ib.com/blog/resumelooters/
Facebook Advertising Spreads Novel Malware Variant
https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/FaceBook_Ad_Spreads_Novel_Malware.pdf
]]> 6:36 facebook, advertising, malware, resume, teamcity, toothbrushes, ddos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8840 Time to Spam; Anydesk Update; Latest Ivanti Exploit; Deepfake Exploits; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Time to Spam; Anydesk Update; Latest Ivanti Exploit; Deepfake Exploits; https://traffic.libsyn.com/securitypodcast/8840.mp3 https://isc.sans.edu/podcastdetail/8840 Tue, 06 Feb 2024 02:40:07 GMT https://isc.sans.edu/diary/Public+Information+and+Email+Spam/30620/
Anydesk Update
https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213655-1032.pdf
Ivanti POC For CVE-2024-21893
https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis
Deepfake Exploits
https://www.scmp.com/news/hong-kong/law-and-crime/article/3250851/everyone-looked-real-multinational-firms-hong-kong-office-loses-hk200-million-after-scammers-stage
https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/

]]> 5:54 deepfake, ivanti, poc, cve-2024-21893, ssrf, anydesk, email, spam, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8838 DShield Honeypot Dashboard; Anydesk Breach; Docker Leaks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DShield Honeypot Dashboard; Anydesk Breach; Docker Leaks https://traffic.libsyn.com/securitypodcast/8838.mp3 https://isc.sans.edu/podcastdetail/8838 Mon, 05 Feb 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/DShield%20Sensor%20Log%20Collection%20with%20Elasticsearch/30616/
Anydesk Breach
https://anydesk.com/en/public-statement
Leaky Vessels
https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/
]]> 5:45 docker, dshield, elastic, kibana, anydesk, leaky vessels, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8836 What is a TLD; CISA Ivanti Policy; Cloudflare Breach; Vision Pro Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. What is a TLD; CISA Ivanti Policy; Cloudflare Breach; Vision Pro Update https://traffic.libsyn.com/securitypodcast/8836.mp3 https://isc.sans.edu/podcastdetail/8836 Fri, 02 Feb 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/What%20is%20a%20%22Top%20Level%20Domain%22%3F/30612/
Updated CISA Ivanti Policy
https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure
Cloudflare Publishes Breach Details
https://blog.cloudflare.com/thanksgiving-2023-security-incident
Vision Pro Update
https://support.apple.com/en-us/HT214070
]]> 7:03 vision pro, cisa, ivanti, cloudflare, okta, tld, domain, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8834 Internal Domains/TLDs; Ivanti Patches and Vulns; glibc syslog vuln; modsecurity vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Internal Domains/TLDs; Ivanti Patches and Vulns; glibc syslog vuln; modsecurity vuln; https://traffic.libsyn.com/securitypodcast/8834.mp3 https://isc.sans.edu/podcastdetail/8834 Thu, 01 Feb 2024 02:00:02 GMT https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608
Ivanti Releases Patches and New Vulnerabilities
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
glibc syslog() vulnerablity
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
modsecurity WAF bypass
https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30
]]> 5:53 modsecurity, waf, glibc, syslog, ivanti, tld, internal, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8832 Detecting Honeypots; TLD for Internal Use; Juniper Patches Patching; ChatGPT Leaks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Detecting Honeypots; TLD for Internal Use; Juniper Patches Patching; ChatGPT Leaks https://traffic.libsyn.com/securitypodcast/8832.mp3 https://isc.sans.edu/podcastdetail/8832 Wed, 31 Jan 2024 02:00:02 GMT https://isc.sans.edu/diary/What%20did%20I%20say%20to%20make%20you%20stop%20talking%20to%20me%3F/30604
Identification of a top-level domain for private use
https://itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf
Juniper Patches Patching
https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US
https://www.theregister.com/2024/01/30/juniper_networks_vulnerabilities/
Chat GPT Leaking Conversations Again
https://arstechnica.com/security/2024/01/ars-reader-reports-chatgpt-is-sending-him-conversations-from-unrelated-ai-users/
]]> 6:50 chatgpt, juniper, patches, tld, internal, honeypot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8830 Another Confluence Scan; PyPI Infostealer; Linux IPv6 Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Another Confluence Scan; PyPI Infostealer; Linux IPv6 Vuln; https://traffic.libsyn.com/securitypodcast/8830.mp3 https://isc.sans.edu/podcastdetail/8830 Tue, 30 Jan 2024 02:15:05 GMT https://isc.sans.edu/diary/Exploit%20Flare%20Up%20Against%20Older%20Altassian%20Confluence%20Vulnerability/30600
Malicious Python Packages install Infostealer
https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi
Linux ICMPv6 Router Adv. RCE
https://access.redhat.com/security/cve/cve-2023-6200
]]> 5:41 linux, icmpv6, router adv, RCE, python, atlassian, confluence, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8828 Batch Comments; .box TLD abuse; Jenkins CVE-2024-23897 PoC; Malicious Chinese Google Ads Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Batch Comments; .box TLD abuse; Jenkins CVE-2024-23897 PoC; Malicious Chinese Google Ads https://traffic.libsyn.com/securitypodcast/8828.mp3 https://isc.sans.edu/podcastdetail/8828 Mon, 29 Jan 2024 02:15:04 GMT https://isc.sans.edu/diary/A%20Batch%20File%20With%20Multiple%20Payloads/30592
fritz.box domain used to advertise NFTs
https://www.heise.de/news/Verwirrend-Internet-Domain-fritz-box-zeigt-NFT-Galerie-statt-Router-Verwaltung-9610149.html
Jenkins CVE-2024-23897 PoC
https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263
Malicious Google Ads Target Chinese Users
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
]]> 7:02 google, ads, malware, china, jenkins, fritz.box, batch file, payloads, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8826 Facebook AdsManager Cookie Theft; iOS Push Notification Abuse; Mobile Spy Ads; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Facebook AdsManager Cookie Theft; iOS Push Notification Abuse; Mobile Spy Ads; https://traffic.libsyn.com/securitypodcast/8826.mp3 https://isc.sans.edu/podcastdetail/8826 Fri, 26 Jan 2024 02:00:01 GMT https://isc.sans.edu/diary/Facebook%20AdsManager%20Targeted%20by%20a%20Python%20Infostealer/30590
Privacy Concerns about Apple Push Notifications
https://twitter.com/mysk_co/status/1750502700112916504
https://www.youtube.com/watch?v=4ZPTjGG9t7s
Inside a Global Phone Spy Tool Monitoring Billions
https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/
]]> 6:27 patternz, phone, mobile, spy, tracking, ios, apple, push notifications, facebook adsmanager, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8824 Bad Infosec UI; Google Sys:All Loophole; Automotive Pwn2Own; Android Bluetooth Exploit; @sans_edu Deans List Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Bad Infosec UI; Google Sys:All Loophole; Automotive Pwn2Own; Android Bluetooth Exploit; @sans_edu Deans List https://traffic.libsyn.com/securitypodcast/8824.mp3 https://isc.sans.edu/podcastdetail/8824 Thu, 25 Jan 2024 02:00:02 GMT https://isc.sans.edu/diary/How%20Bad%20User%20Interfaces%20Make%20Security%20Tools%20Harmful/30586
Sys:All Loophole Alloed Us to Penetrate GKE Clusters in Production
https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/
Automotive Pwn2Own
https://www.zerodayinitiative.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule
Android Keystroke Injection Vulnerability Exploit
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
CVE-2024-0769 D-Link DIR-859
https://securityonline.info/cve-2024-0769-the-vulnerability-d-link-wont-fix-in-dir-859-router/
SANS.edu Dean's List
https://www.sans.edu/students/awards
]]> 5:29 sans.edu, deans list, d-link, android, keystroke, pwn2own, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8822 Atlassian Attacks; GoAnywhere PoC; Baracuda WAF Update; SSH Key Exfil via GitHub Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Atlassian Attacks; GoAnywhere PoC; Baracuda WAF Update; SSH Key Exfil via GitHub https://traffic.libsyn.com/securitypodcast/8822.mp3 https://isc.sans.edu/podcastdetail/8822 Wed, 24 Jan 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/Update%20on%20Atlassian%20Exploit%20Activity%20/30582/
POC For Fortra GoAnywhere MFT Authentication Bypass CVE-2024-0204
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/
Baracuda Web Application Firewall
https://campus.barracuda.com/product/webapplicationfirewall/doc/102888530/security-advisory/
GitGot: GitHub leveraged by cybercriminals to store stolen data
https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data
]]> 5:42 gitgot, github, baracuda, firewall, Forta, goanywhere, mft, atlassian, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8820 Apple Updates; Atlassian Confluence Exploited; Ivanti Mitigation Problems; Czech IPv4 Shutdown Date Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; Atlassian Confluence Exploited; Ivanti Mitigation Problems; Czech IPv4 Shutdown Date https://traffic.libsyn.com/securitypodcast/8820.mp3 https://isc.sans.edu/podcastdetail/8820 Tue, 23 Jan 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20-%20New%200%20Day%20in%20WebKit/30578/
Atlassian Confluence RCE Vulnerability Exploits CVE-2023-22527
https://isc.sans.edu/forums/diary/Scans%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20RCE%20Vulnerability%20CVE-2023-22527/30576/
Updated Ivanti Mitigation Advise
https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Czech Republic Sets IPv4 Shutdown date
https://konecipv4.cz/en/
]]> 7:17 czech, ivanti, atlassian, ipv6, confluence, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8818 macOS Malware; Microsoft Breach; Juniper 0-Day Details; Brave Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. macOS Malware; Microsoft Breach; Juniper 0-Day Details; Brave https://traffic.libsyn.com/securitypodcast/8818.mp3 https://isc.sans.edu/podcastdetail/8818 Mon, 22 Jan 2024 02:00:02 GMT https://isc.sans.edu/diary/macOS%20Python%20Script%20Replacing%20Wallet%20Applications%20with%20Rogue%20Apps/30572
Microsoft Breach
https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
Juniper Vulnerabilities
https://labs.watchtowr.com/the-second-wednesday-of-the-first-month-of-every-quarter-juniper-0day-revisited/
Brave Removing Strict Fingerprint Mode
https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode/
]]> 6:37 macos, brave, microsoft, python, apps, juniper, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8816 Ivanti Updates; Postgres Attacks; Outlook Vuln PoC; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ivanti Updates; Postgres Attacks; Outlook Vuln PoC; https://traffic.libsyn.com/securitypodcast/8816.mp3 https://isc.sans.edu/podcastdetail/8816 Fri, 19 Jan 2024 02:00:01 GMT https://isc.sans.edu/diary/More%20Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN.%20Exploits%20Public/30568
Ivanti Endpoint Manager Mobile / MobileIron Core Vuln exploited CVE-2023-35082
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Attacks against Exposed Databases
https://twitter.com/fasterthanlime/status/1741935393413402739
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
]]> 6:38 outlook, postgres, ivanti, vpn, mobileiron, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8814 Numbers and Password; Detecting iOS Malware; Androxgh0st Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Numbers and Password; Detecting iOS Malware; Androxgh0st Malware https://traffic.libsyn.com/securitypodcast/8814.mp3 https://isc.sans.edu/podcastdetail/8814 Thu, 18 Jan 2024 02:00:02 GMT https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords/30540
A Lightweight Method to Detect Potential iOS Malware
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware
https://www.cisa.gov/news-events/alerts/2024/01/16/cisa-and-fbi-release-known-iocs-associated-androxgh0st-malware
]]> 6:45 passwords, numbers, ios malware, androxgh0st, reboot.log, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8812 Ivanti Exploited; Citrix 0-Day; Confluence Patch; Mac Infostealer; Chrome 0-day; GitHub Key Rotation Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ivanti Exploited; Citrix 0-Day; Confluence Patch; Mac Infostealer; Chrome 0-day; GitHub Key Rotation https://traffic.libsyn.com/securitypodcast/8812.mp3 https://isc.sans.edu/podcastdetail/8812 Wed, 17 Jan 2024 02:00:02 GMT https://isc.sans.edu/diary/Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN%20%20Vulnerability%20%28CVE-2023-46805%2C%20CVE-2024-21887%29/30562
https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/
Citrix Patches Already Exploited Vulnerability
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549
Atlassian Confluence Remote Code Execution Vulnerability
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
macOS Infostealers
https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/
Google Chrome 0-day
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
GitHub Key Rotation
https://www.bleepingcomputer.com/news/security/github-rotates-keys-to-mitigate-impact-of-credential-exposing-flaw/
]]> 5:42 github, chrome, macos, infostealers, atlassian, confluence, citrix, ivanti, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8810 Malware Obfuscation; Ivanti Updates; NVidia Firmware Vuln; GitLab Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Obfuscation; Ivanti Updates; NVidia Firmware Vuln; GitLab Vuln; https://traffic.libsyn.com/securitypodcast/8810.mp3 https://isc.sans.edu/podcastdetail/8810 Tue, 16 Jan 2024 02:00:02 GMT https://isc.sans.edu/diary/One%20File%2C%20Two%20Payloads/30558
Ivanti Vulnerability Updates
https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/
NVidia DGX H100 and A100 Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/5510
GitLab Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-7028
]]> 6:00 gitlab, nvidia, ivanti, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8808 OpenSSH Removing DSA; Juniper Patches; ManageEngine Update; Atomic Stealer; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OpenSSH Removing DSA; Juniper Patches; ManageEngine Update; Atomic Stealer; https://traffic.libsyn.com/securitypodcast/8808.mp3 https://isc.sans.edu/podcastdetail/8808 Fri, 12 Jan 2024 02:00:02 GMT https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-January/000156.html
Juniper Patches
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories]
ManageEngine ADSelfService Plus Patch CVE-2024-0252
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html
Atomic Stealer for Mac Update
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
]]> 5:48 atomic, stealer, mac, malware, manageengine, juniper, dsa, openssh, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8806 Jenkins Scans; Ivanti VPN Exploited; Zoom Update; Hadoop Attacks; infosec toolshed Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Jenkins Scans; Ivanti VPN Exploited; Zoom Update; Hadoop Attacks; infosec toolshed https://traffic.libsyn.com/securitypodcast/8806.mp3 https://isc.sans.edu/podcastdetail/8806 Thu, 11 Jan 2024 02:00:01 GMT https://isc.sans.edu/diary/Jenkins%20Brute%20Force%20Scans/30546
Ivanti Connect Security VPN Vulnerability Exploited
https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/
Zoom Privilege Escalation Vulnerability
https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/
Apache Applictions Targeted by Stealthy Attacker
https://blog.aquasec.com/threat-alert-apache-applications-targeted-by-stealthy-attacker
Infosec Toolshed
https://youtu.be/qDK1PQ1OZjk?si=_vTpHqlovD2Hjd4M
]]> 5:12 infosec, toolshed, apache, hadoop, fink, yarn, zoom, ivanti, vpn, jenkins, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8804 Microsoft Patches; Adobe Patches; Kyocera Vuln; Hacked Wrenches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Adobe Patches; Kyocera Vuln; Hacked Wrenches https://traffic.libsyn.com/securitypodcast/8804.mp3 https://isc.sans.edu/podcastdetail/8804 Wed, 10 Jan 2024 02:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+January+2024+Patch+Tuesday/30548/
Adobe Vulnerabilities
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html
CVE-2023-50916: Authentication Coercion Vulnerablity in Kyocera Device Manager
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-50916-authentication-coercion-vulnerability-in-kyocera-device-manager/
Network Connected Wrenches Used in Factories can be hacked
https://arstechnica.com/security/2024/01/network-connected-wrenches-used-in-factories-can-be-hacked-for-sabotage-or-ransomware/
]]> 6:06 network, wrench, hack, kyocera, adobe, microsoft, patch, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8802 Honeypot User Agents; KyberSlash; netfilter DoS; Cacti RCE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Honeypot User Agents; KyberSlash; netfilter DoS; Cacti RCE https://traffic.libsyn.com/securitypodcast/8802.mp3 https://isc.sans.edu/podcastdetail/8802 Tue, 09 Jan 2024 02:00:02 GMT https://isc.sans.edu/diary/What%20is%20that%20User%20Agent%3F/30536
KyberSlash Vulnerability
https://kyberslash.cr.yp.to/faq.html
Netfilter DoS Vulnerability CVE-2024-0193
https://access.redhat.com/security/cve/CVE-2024-0193
Cacti Vulnerability
https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
]]> 6:05 cacti, netfilter, kyberslash, user agent, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8800 Better Netstat in PS; Phishing Tricks; Prometei Botnet; Spectral Blur; Google Auth API Issue; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Better Netstat in PS; Phishing Tricks; Prometei Botnet; Spectral Blur; Google Auth API Issue; https://traffic.libsyn.com/securitypodcast/8800.mp3 https://isc.sans.edu/podcastdetail/8800 Mon, 08 Jan 2024 02:00:02 GMT https://isc.sans.edu/diary/Netstat%2C%20but%20Better%20and%20in%20PowerShell/30532
Double Phishing Submission
https://isc.sans.edu/diary/Are%20you%20sure%20of%20your%20password%3F/30534
Suspicious Prometei Botnet Activity
https://isc.sans.edu/diary/Suspicious%20Prometei%20Botnet%20Activity/30538
Spectral Blur Mac Malware
https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html
Google Malware Abusing API is Standard Token Theft not an API Issue
https://www.bleepingcomputer.com/news/security/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/
]]> 5:08 google, authentiction, api, spectral blur, mac, malware, prometei, botnet, phishing, netstat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8798 Wireshark Updates; Android Updates; Ivanti Critical Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Wireshark Updates; Android Updates; Ivanti Critical Vuln; https://traffic.libsyn.com/securitypodcast/8798.mp3 https://isc.sans.edu/podcastdetail/8798 Fri, 05 Jan 2024 02:00:02 GMT https://isc.sans.edu/diary/Wireshark%20updates/30528
Android Updates
https://source.android.com/docs/security/bulletin/2024-01-01
Ivanti Critical Vulnerability
https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US
Malicious PyPi Packages
https://www.fortinet.com/blog/threat-research/malicious-pypi-packages-deploy-coinminer-on-linux-devices
Everything npm package
https://www.bleepingcomputer.com/news/security/everything-blocks-devs-from-removing-their-own-npm-packages/
]]> 5:07 pypi, npm, everything, ivanti, android, wireshark, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8796 Malware Review; Orange Spain RIPE Compromise; Bitwarden Weakness; iOS PoC Exploits Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Review; Orange Spain RIPE Compromise; Bitwarden Weakness; iOS PoC Exploits https://traffic.libsyn.com/securitypodcast/8796.mp3 https://isc.sans.edu/podcastdetail/8796 Thu, 04 Jan 2024 02:00:02 GMT https://isc.sans.edu/diary/Interesting%20large%20and%20small%20malspam%20attachments%20from%202023/30524
Orange Spain RIPE Account Compromise
https://www.bleepingcomputer.com/news/security/hacker-hijacks-orange-spain-ripe-account-to-cause-bgp-havoc/
Bitwarden Heist
https://blog.redteam-pentesting.de/2024/bitwarden-heist/
Apple iOS PoC Exploits
https://github.com/felix-pb/kfd/blob/main/writeups/smith.md
https://github.com/felix-pb/kfd/blob/main/writeups/landa.md
]]> 6:26 apple, ios, poc, bitwarden, organe, spain, ripe, rpki, bgp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8794 SSH ID Strings; Google Authentication Weakness Exploited; Novel DNS Amplification (#TsuKing) Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SSH ID Strings; Google Authentication Weakness Exploited; Novel DNS Amplification (#TsuKing) https://traffic.libsyn.com/securitypodcast/8794.mp3 https://isc.sans.edu/podcastdetail/8794 Wed, 03 Jan 2024 02:00:02 GMT https://isc.sans.edu/diary/Fingerprinting%20SSH%20Identification%20Strings/30520
Google OAUTH2 Exploited by Malware
https://www.cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking
TsuKing DNS Amplification
https://lixiang521.com/publication/ccs23/ccs23-xu-tsuking.pdf
]]> 8:46 dns, tsuking, google, oauth, cookies, fingerprinting, ssh, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8792 Malicious Python Game; Mailtrap.io Exfil; Pi Hole Docker; Barracuda 0-Day; Apache OFBiz 0-Day (Atlassian JIRA) Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious Python Game; Mailtrap.io Exfil; Pi Hole Docker; Barracuda 0-Day; Apache OFBiz 0-Day (Atlassian JIRA) https://traffic.libsyn.com/securitypodcast/8792.mp3 https://isc.sans.edu/podcastdetail/8792 Tue, 02 Jan 2024 02:00:01 GMT https://isc.sans.edu/diary/Shall+We+Play+a+Game/30510
Mailtrap.io Exfiltration
https://isc.sans.edu/diary/Python%20Keylogger%20Using%20Mailtrap.io/30512
Pi Hole Docker
https://isc.sans.edu/forums/diary/Pi-Hole%20Pi4%20Docker%20Deployment/30516/
Mirai Update
https://isc.sans.edu/diary/Unveiling%20the%20Mirai%3A%20Insights%20into%20Recent%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30514
Barracuda 0-Day Vulnerability
https://www.barracuda.com/company/legal/esg-vulnerability
Apache OFBiz 0-Day Exploited against Atlassian (and possibly others)
https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/
]]> 6:10 apache, ofbiz, altassian, jira, barracuda, mirai, pihole, maitrap, game, python, excel, perl, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8790 Securing Webservers; Chrome 0-Day; Holiday Security Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Securing Webservers; Chrome 0-Day; Holiday Security https://traffic.libsyn.com/securitypodcast/8790.mp3 https://isc.sans.edu/podcastdetail/8790 Fri, 22 Dec 2023 02:00:01 GMT https://isc.sans.edu/diary/How%20to%20Protect%20your%20Webserver%20from%20Directory%20Enumeration%20Attack%20%3F%20Apache2%20%5BGuest%20Diary%5D/30504
Chrome 0-Day (last one for the year?)
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
Note that there will be no daily stormcast for the rest of the year. Returning January 2nd
SANS Cloud Defender 2024
https://www.sans.org/cyber-security-training-events/cloud-defender-2024-live-online/
]]> 4:48 chrome, web, apache, holidays, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8788 Atlassian Confluence Scans; F5 BigIP Fake Update; Google OAUTH issue; Remembering Adrian; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Atlassian Confluence Scans; F5 BigIP Fake Update; Google OAUTH issue; Remembering Adrian; https://traffic.libsyn.com/securitypodcast/8788.mp3 https://isc.sans.edu/podcastdetail/8788 Thu, 21 Dec 2023 02:00:02 GMT https://isc.sans.edu/diary/Increase%20in%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20Server%20%28CVE-2023-22518%29/30502
Fake F5 BigIP Update
https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/
Google OAUTH Problems
https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
Remembering Adrien de Beaupre
https://www.hpmcgarry.ca/memorials/ernest-adrien-de-beaupre/5344136/index.php
]]> 7:16 adrien, google, oauth, f5, bigip, atlassian, confluence, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8786 Citrixbleed Activity; SSH Terrapin Attack; ALPHV/Blackcat Disruption and Decryptor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Citrixbleed Activity; SSH Terrapin Attack; ALPHV/Blackcat Disruption and Decryptor https://traffic.libsyn.com/securitypodcast/8786.mp3 https://isc.sans.edu/podcastdetail/8786 Wed, 20 Dec 2023 02:00:02 GMT https://isc.sans.edu/diary/What%20are%20they%20looking%20for%3F%20Scans%20for%20OpenID%20Connect%20Configuration%20%28Update%3A%20CitrixBleed%29/30498
Terrapin Attack Against SSH
https://terrapin-attack.com/TerrapinAttack.pdf
ALPHV/Blackcat Ransomware Disrupted and Decryptor Available
https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant
]]> 6:11 alphv, blackcat, ransomware, decryuptor, terrapin, ssh, openid, citrix, citrixleak, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8784 SMTP Smuggling; Ledger Attack; December Patch Breaks Win11 Wifi; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SMTP Smuggling; Ledger Attack; December Patch Breaks Win11 Wifi; https://traffic.libsyn.com/securitypodcast/8784.mp3 https://isc.sans.edu/podcastdetail/8784 Tue, 19 Dec 2023 02:00:02 GMT https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
Ledger Supply Chain Attack
https://www.ledger.com/blog/a-letter-from-ledger-chairman-ceo-pascal-gauthier-regarding-ledger-connect-kit-exploit
December Windows 11 Patch Breacks Wi-Fi Connectivity
https://www.bleepingcomputer.com/news/microsoft/decembers-windows-11-kb5033375-update-breaks-wi-fi-connectivity/
]]> 6:10 windows 11, wifi, ledger, smtp, smuggling, e-mail, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8782 Rocket MQ Exploit; C# Payload; 3CX Vuln; QNAP NVR Exploit; PFSense Vulnerabilith; #holidayhack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Rocket MQ Exploit; C# Payload; 3CX Vuln; QNAP NVR Exploit; PFSense Vulnerabilith; #holidayhack https://traffic.libsyn.com/securitypodcast/8782.mp3 https://isc.sans.edu/podcastdetail/8782 Mon, 18 Dec 2023 02:00:02 GMT https://isc.sans.edu/diary/An%20Example%20of%20RocketMQ%20Exploit%20Scanner/30492
C# Payload Phoning to a Cobalt Strike Server
https://isc.sans.edu/diary/CSharp%20Payload%20Phoning%20to%20a%20CobaltStrike%20Server/30490
3CX SQL Injection Vulnerability
https://www.3cx.com/blog/news/sql-database-integration/
QNAP Viostor 0-Day Vulnerablity
https://www.akamai.com/blog/security-research/qnap-viostor-zero-day-vulnerability-spreading-mirai-patched
PFSense Vulnerability
https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/
SANS Holiday Hack Challenge
https://sans.org/holidayhack
]]> 10:19 sans, holiday, hack, challenge, qnap, viostor, 3cx, sql, injection, rocketmq, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8780 Terraforming Honeypots; Unifi Camera Mixup; Zoom VISS; Squid DoS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Terraforming Honeypots; Unifi Camera Mixup; Zoom VISS; Squid DoS https://traffic.libsyn.com/securitypodcast/8780.mp3 https://isc.sans.edu/podcastdetail/8780 Fri, 15 Dec 2023 02:00:02 GMT https://isc.sans.edu/diary/T-shooting%20Terraform%20for%20DShield%20Honeypot%20in%20Azure%20%5BGuest%20Diary%5D/30484
Ubiquity Unifi Cameras Visible in Wrong Account
https://community.ui.com/questions/Bug-Fix-Cloud-Access-Misconfiguration/fe8d4479-e187-4471-bf95-b2799183ceb7
Zoom Vulnerabilities and VISS
https://viss.zoom.com/specifications
https://www.zoom.com/en/trust/security-bulletin/
Squid Denial of Service Vulnerability
https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3]]> 5:23 squid, zoom, ubiquity, unifi, cameras, terraform, honeypot, protect, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8778 GUI Python Malware; Adobe Updates; TeamCity Exploited; Sophos Patches EOL Devices Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GUI Python Malware; Adobe Updates; TeamCity Exploited; Sophos Patches EOL Devices https://traffic.libsyn.com/securitypodcast/8778.mp3 https://isc.sans.edu/podcastdetail/8778 Thu, 14 Dec 2023 02:10:05 GMT https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20TCL%20TK%20GUI/30478
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
TeamCity Exploited
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
Sophos Firewall Exploit for EOL Devices CVE-2022-3236
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
]]> 5:09 sophos, teamcity, adobe, python, tcl/tk, gui, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8776 Microsoft Patches; Malicious OAUTH; Apache Struts2 Exploit; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Malicious OAUTH; Apache Struts2 Exploit; https://traffic.libsyn.com/securitypodcast/8776.mp3 https://isc.sans.edu/podcastdetail/8776 Wed, 13 Dec 2023 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202023/30480
Microsoft Warns of Malicious OAUTH Applications
https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/
Apache Struts2 Exploit CVE-2023-50164
https://xz.aliyun.com/t/13172
]]> 6:03 struts2, microsoft, patches, oauth, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8774 Sitemap.xml; Apple Patches; Android Password Autospill Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sitemap.xml; Apple Patches; Android Password Autospill https://traffic.libsyn.com/securitypodcast/8774.mp3 https://isc.sans.edu/podcastdetail/8774 Tue, 12 Dec 2023 02:00:02 GMT https://isc.sans.edu/diary/What%20is%20sitemap.xml%2C%20and%20Why%20a%20Pentester%20Should%20Care/30472
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything/30474/
Android Password Manager Auto Spill
https://i.blackhat.com/EU-23/Presentations/EU-23-Gangwal-AutoSpill-Zero-Effort-Credential-Stealing.pdf
]]> 5:35 sitemap.xml, apple patches, android, password manager, autospill, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8772 IPv4 Mapped Addresses; Honeypots; Bluetooth Attacks; Syrus 4 Vuln; MSFT Edge Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IPv4 Mapped Addresses; Honeypots; Bluetooth Attacks; Syrus 4 Vuln; MSFT Edge Vuln; https://traffic.libsyn.com/securitypodcast/8772.mp3 https://isc.sans.edu/podcastdetail/8772 Mon, 11 Dec 2023 02:00:02 GMT https://isc.sans.edu/diary/IPv4-mapped%20IPv6%20Address%20Used%20For%20Obfuscation/30466
Honeypots From the Skeptical Beginner to the Tactical Enthusiast
https://isc.sans.edu/diary/Honeypots%3A%20From%20the%20Skeptical%20Beginner%20to%20the%20Tactical%20Enthusiast/30468
Bluetooth Weakness CVE-2023-45866
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
Syrus 4 IoT Gateway Vulnerability CVE-2023-6248
https://socradar.io/syrus4-iot-gateway-vulnerability-could-allow-code-execution-on-thousands-of-vehicles-simultaneously-cve-2023-6248/
Microsoft Edge Vulnerability CVE-2023-35618
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#december-7-2023
]]> 6:15 microsoft, edge, syrus, iot, gateway, bluetooth, keyboard, honeypots, ipv4, ipv6, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8770 5G Vulnerabilities; QR Codes; Windows 10 EOS; Apache Struts RCE Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 5G Vulnerabilities; QR Codes; Windows 10 EOS; Apache Struts RCE Vuln https://traffic.libsyn.com/securitypodcast/8770.mp3 https://isc.sans.edu/podcastdetail/8770 Fri, 08 Dec 2023 02:00:01 GMT https://isc.sans.edu/diary/5Ghoul%3A%20Impacts%2C%20Implications%20and%20Next%20Steps/30462
Revealing the hidden Risks of QR Codes
https://isc.sans.edu/diary/Revealing%20the%20Hidden%20Risks%20of%20QR%20Codes%20%5BGuest%20Diary%5D/30458
Window 10 End of Support
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/plan-for-windows-10-eos-with-windows-11-windows-365-and-esu/ba-p/4000414
Apache Struts 2 Vulnerability CVE-2023-50164
https://cwiki.apache.org/confluence/display/WW/S2-066
]]> 6:14 apache, struts, windows 10, end of support, qr codes, 5g vulnerabilities, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8768 Research Scan Attribution; MLFlow and Atlasian Vulns; AWS STS; #holidayhack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Research Scan Attribution; MLFlow and Atlasian Vulns; AWS STS; #holidayhack https://traffic.libsyn.com/securitypodcast/8768.mp3 https://isc.sans.edu/podcastdetail/8768 Thu, 07 Dec 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Whose%20packet%20is%20it%20anyway%3A%20a%20new%20RFC%20for%20attribution%20of%20internet%20probes/30456/
MLFlow Vulnerability
https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security
https://mlflow.org/category/news/index.html
Abusing STS Tokens
https://redcanary.com/blog/aws-sts/
Atlasian Vulnerabilities
https://confluence.atlassian.com/security/security-advisories-bulletins-1236937381.html
Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge-2023/
]]> 5:50 holiday hack challenge, atlasian, sts tokens, aws, mlflow, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8766 Cobalt Strike Analysis; ColdFusion Exploited; Atos Unify Vuln; ExteremXOS Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cobalt Strike Analysis; ColdFusion Exploited; Atos Unify Vuln; ExteremXOS Vuln https://traffic.libsyn.com/securitypodcast/8766.mp3 https://isc.sans.edu/podcastdetail/8766 Wed, 06 Dec 2023 02:00:02 GMT https://isc.sans.edu/diary/Cobalt%20Strike%27s%20%22Runtime%20Configuration%22/30426
Adobe ColdFusion Exploit Abused
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a
Atos Unify OpenScape Vulnerability
https://sec-consult.com/vulnerability-lab/advisory/argument-injection-vulnerability-in-multiple-atos-unify-openscape-products/
ExtremeXOS Vulnerabilities
https://rhinosecuritylabs.com/research/extreme-networks-extremexos-vulnerabilities/
]]> 5:34 extremexos, atos, unify, openscape, adobe, coldfusion, cobalt strike, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8764 Zarya Hacktivists; ICAN RDRS; Android and Gitlab Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Zarya Hacktivists; ICAN RDRS; Android and Gitlab Updates https://traffic.libsyn.com/securitypodcast/8764.mp3 https://isc.sans.edu/podcastdetail/8764 Tue, 05 Dec 2023 02:00:02 GMT https://isc.sans.edu/diary/Zarya%20Hacktivists%3A%20More%20than%20just%20Sharepoint./30450
ICANN Registration Data Request Service (RDRS)
https://rdrs.icann.org/
Android Updates
https://source.android.com/docs/security/bulletin/2023-12-01
GitLab Patches
https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/
]]> 6:00 gitlab, android, icann, rdrs, zarya, hacktivists, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8762 LogoFail; Fake WordPress Exploit; Qlik Sense Exploited; VMWare Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LogoFail; Fake WordPress Exploit; Qlik Sense Exploited; VMWare Patch https://traffic.libsyn.com/securitypodcast/8762.mp3 https://isc.sans.edu/podcastdetail/8762 Mon, 04 Dec 2023 02:00:02 GMT https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html
Fake Phishing Scan Tricks Users into Installing Backdoor Plugin
https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/
Qlik Sense Exploited by Cactus Ransomware
https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/
https://www.praetorian.com/blog/qlik-sense-technical-exploit/
VMWare Vulnerability Patched
https://www.vmware.com/security/advisories/VMSA-2023-0026.html
]]> 6:01 vmware, qlik, ransomware, phishing, wordpress, uefi, logofail, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8760 Apple Updates; Mirai Expansion; Zyxel Vulns; Solarwinds Update; DNS Looking Glass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; Mirai Expansion; Zyxel Vulns; Solarwinds Update; DNS Looking Glass https://traffic.libsyn.com/securitypodcast/8760.mp3 https://isc.sans.edu/podcastdetail/8760 Fri, 01 Dec 2023 03:08:45 GMT https://isc.sans.edu/diary/Apple+Patches+Exploited+WebKit+Vulnerabilitiues+in+iOSiPadOSmacOS/30444
Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
https://isc.sans.edu/forums/diary/Prophetic+Post+by+Intern+on+CVE20231389+Foreshadows+Mirai+Botnet+Expansion+Today/30442/
Zyxel Vulnerabilities
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products
Solarwinds Update
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4_release_notes.htm#link3
DNS Looking Glass
https://isc.sans.edu/tools/dnslookup/
]]> 5:35 dns, looking glass, solarwinds, zyxel, mirai, apple, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8758 3 Months Honeypot Summary; Arcserver PoC; Hikvision Vuln; Custom GPT Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 3 Months Honeypot Summary; Arcserver PoC; Hikvision Vuln; Custom GPT Vuln https://traffic.libsyn.com/securitypodcast/8758.mp3 https://isc.sans.edu/podcastdetail/8758 Thu, 30 Nov 2023 02:00:02 GMT https://isc.sans.edu/diary/Decoding%20the%20Patterns%3A%20Analyzing%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30428
Arcserve Unified Data Protection Multiple Vulnerabilities
https://www.tenable.com/security/research/tra-2023-37
Hikvision Vulnerabilities
https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/
Assessing Prompt Injection Risks in 200+ Custom GPTs
https://arxiv.org/pdf/2311.11538.pdf
]]> 5:31 gpt, prompt injection, hikvision, arserve, dshield, honeypot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8756 Sharepoint Attack; MSFT removes Defender App Guard for Office; Synology , Tomcat and Chrome Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sharepoint Attack; MSFT removes Defender App Guard for Office; Synology , Tomcat and Chrome Vuln; https://traffic.libsyn.com/securitypodcast/8756.mp3 https://isc.sans.edu/podcastdetail/8756 Wed, 29 Nov 2023 02:00:02 GMT https://isc.sans.edu/diary/Pro%20Russian%20Attackers%20Scanning%20for%20Sharepoint%20Servers%20to%20Exploit%20CVE-2023-29357/30436
Microsoft Deprecates Microsoft Defender Application Guard for Office
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
Synology Vulnerability
https://www.synology.com/en-global/security/advisory/Synology_SA_23_16
Apache Tomcat Request Smuggling Vulnerability CVE-2023-46589
https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
]]> 5:36 apache, tomcat, synology, microsoft, defender, application guard, sharepoint, russia, ukraine, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8754 OwnCloud Exploited; Fingerprint Reader Weakness Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OwnCloud Exploited; Fingerprint Reader Weakness https://traffic.libsyn.com/securitypodcast/8754.mp3 https://isc.sans.edu/podcastdetail/8754 Tue, 28 Nov 2023 02:00:02 GMT https://isc.sans.edu/diary/Scans%20for%20ownCloud%20Vulnerability%20%28CVE-2023-49103%29/30432
Windows Hello Fingerprint Reader Weakness
https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/
]]> 6:37 windows, hello, fingerprint, owncloud, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8752 DShield Birthday; Mirai Exploits; OVA Files; OpenCart Vuln; Holiday Hack Challenge Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DShield Birthday; Mirai Exploits; OVA Files; OpenCart Vuln; Holiday Hack Challenge https://traffic.libsyn.com/securitypodcast/8752.mp3 https://isc.sans.edu/podcastdetail/8752 Mon, 27 Nov 2023 02:00:02 GMT https://isc.sans.edu/diary/Happy%20Birthday%20DShield/30420
Mirai uses CVE-2023-1389
https://isc.sans.edu/diary/CVE-2023-1389%3A%20A%20New%20Means%20to%20Expand%20Botnets/30418
More Mirai Vulnerabilities
https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
Analyzing OVA Files
https://isc.sans.edu/diary/OVA%20Files/30424
Static Code Injections in OpenCart (CVE-2023-47444)
https://github.com/opencart/opencart/issues/12947
Holiday Hackchallenge
https://www.sans.org/mlp/holiday-hack-challenge-2023/
]]> 6:01 holiday, hackchallenge, opencart, ova, ovf, mirai, nvr, dvr, tplink, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8750 Faster tcpdump; Zimbra Exploit Details; FortiSIEM Vuln; AI-Exploits; CrushFTP and FortiSIEM Patches; @sans_edu Research: Scott Poley; Storing Less Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Faster tcpdump; Zimbra Exploit Details; FortiSIEM Vuln; AI-Exploits; CrushFTP and FortiSIEM Patches; @sans_edu Research: Scott Poley; Storing Less https://traffic.libsyn.com/securitypodcast/8750.mp3 https://isc.sans.edu/podcastdetail/8750 Fri, 17 Nov 2023 02:00:01 GMT https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/
Zimbra 0-day used to target international government organizations
https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
FortiSIEM OS command injection in Report Server
https://www.fortiguard.com/psirt/FG-IR-23-135
AI Exploit Collection
https://github.com/protectai/ai-exploits
CrushFTP Remote Code Execution
https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/
Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More
https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/
]]> 15:24 crushftp, ai, exploit, fortisiem, zimbra, 0-day, tcpdump, scott poley, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8748 MSIX to Redline; ChatGPT Code Interpreter vuln; Aruba and Netty Vulns; HARArmor @FronteggForSaaS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSIX to Redline; ChatGPT Code Interpreter vuln; Aruba and Netty Vulns; HARArmor @FronteggForSaaS https://traffic.libsyn.com/securitypodcast/8748.mp3 https://isc.sans.edu/podcastdetail/8748 Thu, 16 Nov 2023 02:00:02 GMT https://isc.sans.edu/diary/Redline%20Dropped%20Through%20MSIX%20Package/30404
ChatGPT Code Interpreter Security Hole
https://www.tomshardware.com/news/chatgpt-code-interpreter-security-hole
Directory Traversal in Reactor Netty CVE-2023-34062
https://spring.io/security/cve-2023-34062
Aruba Networking Product Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt
HARArmor
https://harmor.dev/
]]> 5:57 harmor, aruba, netty, reactor, chatgpt, interpreter, code, redline, msix, msi, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8746 Microsoft Patches; Adobe Patches; Intel CPU Glitch State Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Adobe Patches; Intel CPU Glitch State Patch https://traffic.libsyn.com/securitypodcast/8746.mp3 https://isc.sans.edu/podcastdetail/8746 Wed, 15 Nov 2023 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20November%202023/30400
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
Intel CPU Glitch State Patch
https://lock.cmpxchg8b.com/reptar.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
]]> 7:10 intel, cpu, glitch, adobe, microsoft, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8744 Discovering DNS C&C; Passive SSH Key Compromise; Juniper Vuln Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Discovering DNS C&C; Passive SSH Key Compromise; Juniper Vuln Exploited https://traffic.libsyn.com/securitypodcast/8744.mp3 https://isc.sans.edu/podcastdetail/8744 Tue, 14 Nov 2023 02:00:01 GMT https://isc.sans.edu/diary/Noticing%20command%20and%20control%20channels%20by%20reviewing%20DNS%20protocols/30396
Passive SSH Key Compromise via Lattices
https://eprint.iacr.org/2023/1711.pdf
Juniper Vulnerabilities Exploited
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
]]> 5:04 juniper, passive, ssh, dns, secret key, rsa, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8742 Gafgyt Update; ScreenConnect Healthcare Breach; Fake Assessment Websites Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Gafgyt Update; ScreenConnect Healthcare Breach; Fake Assessment Websites https://traffic.libsyn.com/securitypodcast/8742.mp3 https://isc.sans.edu/podcastdetail/8742 Mon, 13 Nov 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Routers%20Targeted%20for%20Gafgyt%20Botnet%20%5BGuest%20Diary%5D/30390/
ScreenConnect used to Attack Healthcare
https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack
Fake Skills Assessment Portals Associated with Sapphire Sleet
https://twitter.com/MsftSecIntel/status/1722316019920728437
OpenVPN Access Server Vulnerabilities
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
]]> 5:46 openvpn, saphire sleet, job portals, assessment, screen connect, healthcare, rotuers, gafgyt, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8740 Visualizing Code Injection; SysAid Exploit; WS_FTP Update; CPU-Z Impersonation; pyArrow Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Visualizing Code Injection; SysAid Exploit; WS_FTP Update; CPU-Z Impersonation; pyArrow Vulnerability https://traffic.libsyn.com/securitypodcast/8740.mp3 https://isc.sans.edu/podcastdetail/8740 Fri, 10 Nov 2023 02:00:02 GMT https://isc.sans.edu/diary/Visual%20Examples%20of%20Code%20Injection/30388
SysAid Exploited by Cl0p Ransomware (CVE-2023-47246)
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
WS_FTP Server Update CVE-2023-42659
https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023
Malvertiser copies PC news site to delivery infostealer
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
pyArrow/Apache Arrow Vulnerability
https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
]]> 5:25 pyarrow, apache, arrow, cpu-z, malvertiser, google, ws_ftp, moveit, sysaid, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8738 Project Phishing; Azure Automation Mining; Windows Firewall Changes; SLP DoS Vuln added to KEV; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Project Phishing; Azure Automation Mining; Windows Firewall Changes; SLP DoS Vuln added to KEV; https://traffic.libsyn.com/securitypodcast/8738.mp3 https://isc.sans.edu/podcastdetail/8738 Thu, 09 Nov 2023 02:00:02 GMT https://isc.sans.edu/diary/Example%20of%20Phishing%20Campaign%20Project%20File/30384
Cryptomining with Microsoft Azure Automation Services
https://www.safebreach.com/blog/cryptocurrency-miner-microsoft-azure
Windows 11 Insider Changing Firewall Behaviour
https://blogs.windows.com/windows-insider/2023/11/08/announcing-windows-11-insider-preview-build-25992-canary-channel/
CISA Adds SLP Vulnerability to Known Exploited Vulnerabilty List
https://www.cisa.gov/news-events/alerts/2023/11/08/cisa-adds-one-known-exploited-vulnerability-catalog
]]> 5:21 cisa, slp, windows 11, smb, ntlm, firewall, cryptomining, azure, automation, phishing, project, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8736 Discovery of Designated Resolvers; BlueNoroff macOS Malware; MSFT hardens MFA; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Discovery of Designated Resolvers; BlueNoroff macOS Malware; MSFT hardens MFA; https://traffic.libsyn.com/securitypodcast/8736.mp3 https://isc.sans.edu/podcastdetail/8736 Wed, 08 Nov 2023 02:00:02 GMT https://isc.sans.edu/diary/What%27s%20Normal%3A%20New%20uses%20of%20DNS%2C%20Discovery%20of%20Designated%20Resolvers%20%28DDR%29/30380
BlueNoroff macOS Malware
https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/
Emphasizing Security by Default wiht Advanced Microsoft Authenticator Features
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/emphasizing-security-by-default-with-advanced-microsoft/ba-p/3773130
]]> 6:22 microsoft, authenticator, macos, malware, bluenoroff, dns, ddr, designated resolvers, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8734 Confluence CVE-2023-22518 Exploited; Calender Data Exfil; Veeam and QNAP Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Confluence CVE-2023-22518 Exploited; Calender Data Exfil; Veeam and QNAP Patches https://traffic.libsyn.com/securitypodcast/8734.mp3 https://isc.sans.edu/podcastdetail/8734 Tue, 07 Nov 2023 02:00:02 GMT https://isc.sans.edu/diary/Exploit%20Activity%20for%20CVE-2023-22518%2C%20Atlassian%20Confluence%20Data%20Center%20and%20Server/30376
Google Threat Horizons Report
https://services.google.com/fh/files/blogs/gcat_threathorizons_full_oct2023.pdf
https://www.sans.edu/cyber-research/bookmark-bruggling-novel-data-exfiltration-with-brugglemark/
Veeam Update
https://www.veeam.com/kb4508
QNAP Update
https://www.qnap.com/de-de/security-advisory/qsa-23-35
]]> 6:11 qnap, veeam, google, horizons, calendar, confluence, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8732 Possible Exchange Flaws; Sriped Fly Botnet; Send My Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Possible Exchange Flaws; Sriped Fly Botnet; Send My https://traffic.libsyn.com/securitypodcast/8732.mp3 https://isc.sans.edu/podcastdetail/8732 Mon, 06 Nov 2023 02:00:02 GMT https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/
StripedFly: Perennially Flying under the Radar
https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/
Send My: Sending Data over Apple's Find My Network
https://github.com/positive-security/send-my
]]> 7:07 send my, apple, find my, stripedfly, miner, exchange, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8730 Inflated PE Files; ActiveMQ Exploit; Firepower Vuln; Malicious NPM; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Inflated PE Files; ActiveMQ Exploit; Firepower Vuln; Malicious NPM; https://traffic.libsyn.com/securitypodcast/8730.mp3 https://isc.sans.edu/podcastdetail/8730 Fri, 03 Nov 2023 02:00:02 GMT https://isc.sans.edu/diary/Quick%20Tip%20For%20Artificially%20Inflated%20PE%20Files/30370
Apache ActiveMQ Flaw Exploited
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/
Critical Firepower Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/
]]> 5:22 reverse shell, npm, rsh.js, firepower, activemq, apache, pe files, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8728 ZPAQ Archives; CVSS 4.0; Slack Impersonation; MOZI Demise; URL Shorteners Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ZPAQ Archives; CVSS 4.0; Slack Impersonation; MOZI Demise; URL Shorteners https://traffic.libsyn.com/securitypodcast/8728.mp3 https://isc.sans.edu/podcastdetail/8728 Thu, 02 Nov 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Malware%20Dropped%20Through%20a%20ZPAQ%20Archive/30366/
CVSS 4.0 Now Official
https://www.first.org/cvss/v4-0/index.html
MOZI Botnet Killswitch
https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
URL Shorteners in .us
https://securityonline.info/infoblox-uncovers-malicious-wave-in-us-domain-registrations/
Impersonating Slack Users
https://falconspy.org/redteam/tradecraft/2023/10/05/2023-10-05-Slack-Impersonation.html
]]> 5:43 slack, url, us, mozi, botnet, cvss, zpaq, malware, archive, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8726 Anti-Sandboxing; Confluence Vuln; PyCharm Malvertisement; Thorn SFTP Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Anti-Sandboxing; Confluence Vuln; PyCharm Malvertisement; Thorn SFTP Vuln; https://traffic.libsyn.com/securitypodcast/8726.mp3 https://isc.sans.edu/podcastdetail/8726 Wed, 01 Nov 2023 02:00:02 GMT https://isc.sans.edu/diary/Multiple%20Layers%20of%20Anti-Sandboxing%20Techniques/30362
CVE-2023-22518 Improper Authorization Vulnerability in Confluence Data Center and Server
https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html
Malvertisement Promotes Malicious PyCharm Version
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza
Thorn SFTP Gateway Java Deserialization RCE CVE-2016-1000027 CVE-2023-47174
https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/
]]> 4:11 thron, sftp, pycharm, malvertisement, confluence, anti-sandboxing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8724 Multicast DNS; Kubernetes ingress-nginx; HTTPS Upgrade; Wordpad PoC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Multicast DNS; Kubernetes ingress-nginx; HTTPS Upgrade; Wordpad PoC https://traffic.libsyn.com/securitypodcast/8724.mp3 https://isc.sans.edu/podcastdetail/8724 Tue, 31 Oct 2023 00:05:28 GMT https://isc.sans.edu/forums/diary/Flying%20under%20the%20Radar%3A%20The%20Privacy%20Impact%20of%20multicast%20DNS/30358/
Kubernetes ingress-nginx vulnerability
https://github.com/kubernetes/ingress-nginx/issues/10571
Google Chrome HTTPS Upgrade
https://github.com/dadrian/https-upgrade/blob/main/explainer.md
Wordpad POC CVE-2023-36563
https://www.dillonfrankesecurity.com/posts/cve-2023-36563-wordpad-analysis/
]]> 6:14 wordpad, google, chrome, https, kubernetes, ingress-nginx, mdns, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8722 Size Matters; Spam or Phishing; iOS MAC Leaks; ZDI Summary; Octo Tempest Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Size Matters; Spam or Phishing; iOS MAC Leaks; ZDI Summary; Octo Tempest https://traffic.libsyn.com/securitypodcast/8722.mp3 https://isc.sans.edu/podcastdetail/8722 Mon, 30 Oct 2023 01:43:13 GMT https://isc.sans.edu/diary/Size%20Matters%20for%20Many%20Security%20Controls/30352
Spam or Phishing? Looking for Credentials and Passwords
https://isc.sans.edu/diary/Spam%20or%20Phishing%3F%20Looking%20for%20Credentials%20%26%20Passwords/30354
iOS Leaks MAC Address
https://www.youtube.com/watch?v=T3XABxNogTA
Zero Day Initiative Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2023/10/24/pwn2own-toronto-2023-day-one-results
https://www.zerodayinitiative.com/blog/2023/10/25/pwn2own-toronto-2023-day-two-results
https://www.zerodayinitiative.com/blog/2023/10/26/pwn2own-toronto-2023-day-three-results
Microsoft Octo Tempest Writeup
https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/
]]> 6:07 octo, tempest, microsoft, zdi, pwn2own, apple, mac address, privacy, size, spam, phishing, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8720 IPv4 Addresses; F5 BigIP Vuln; Apple iLeakage; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IPv4 Addresses; F5 BigIP Vuln; Apple iLeakage; https://traffic.libsyn.com/securitypodcast/8720.mp3 https://isc.sans.edu/podcastdetail/8720 Fri, 27 Oct 2023 10:45:02 GMT https://isc.sans.edu/forums/diary/Adventures%20in%20Validating%20IPv4%20Addresses/30348/
BIG-IP Configuration Utility Unauthenticated Remote Code Execution
https://my.f5.com/manage/s/article/K000137353
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
iLeakage Vulnerability
https://ileakage.com/
]]> 6:03 ileakage, big-ip, f5, ipv4, addresses, input, validation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8718 Apple Updates; Confluence Server Scans; Critical VMWare Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; Confluence Server Scans; Critical VMWare Patch https://traffic.libsyn.com/securitypodcast/8718.mp3 https://isc.sans.edu/podcastdetail/8718 Thu, 26 Oct 2023 00:56:27 GMT https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20Releases%20iOS%2017.1%2C%20MacOS%2014.1%20and%20updates%20for%20older%20versions%20fixing%20exploited%20vulnerability/30344
Confluence Server Scans CVE-2023-22515
https://isc.sans.edu/diary/30342
Critical VMVware vCenter Patch CVE-2023-34048
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
]]> 6:06 vmware, vcenter, confluence, server, apple, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8716 Google Samsung False Positive; OAuth Hijacking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Google Samsung False Positive; OAuth Hijacking https://traffic.libsyn.com/securitypodcast/8716.mp3 https://isc.sans.edu/podcastdetail/8716 Wed, 25 Oct 2023 02:00:02 GMT https://9to5google.com/2023/10/23/samsung-messages-wallet-harmful-app-google/
OAuth Hijacking
https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts
Microsoft Exchange Server CVe-2023-36745 PoC
https://n1k0la-t.github.io/2023/10/24/Microsoft-Exchange-Server-CVE-2023-36745/
Citrix Bleed PoC CVe-2023-4966
https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
VMWare VRealize Exploit CVE-2023-34051 CVE0-2023-34052
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
]]> 6:24 vmware, vrealize, exploit, poc, exchange, citrix, oauth, samsung, google, false positive, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8714 Apple TV IPv6 DoS; Squid Patches; Critical Citrix Patch; Cisco Vuln Updates; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple TV IPv6 DoS; Squid Patches; Critical Citrix Patch; Cisco Vuln Updates; https://traffic.libsyn.com/securitypodcast/8714.mp3 https://isc.sans.edu/podcastdetail/8714 Tue, 24 Oct 2023 02:00:02 GMT https://isc.sans.edu/diary/How%20an%20AppleTV%20may%20take%20down%20your%20%28%23IPv6%29%20network/30336
Squid Patches
https://github.com/squid-cache/squid/security/advisories
Critical Citrix Update
https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/
Cisco Vulnerablity Updates CVE-2023-20198
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
]]> 6:24 cisco, ios xe, apple, tv, ipv6, router advertisements, squid, citrix, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8712 Base64Dump; OAUTH Redirect; Okta Breach; VMWare and Solarwinds Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Base64Dump; OAUTH Redirect; Okta Breach; VMWare and Solarwinds Patches https://traffic.libsyn.com/securitypodcast/8712.mp3 https://isc.sans.edu/podcastdetail/8712 Mon, 23 Oct 2023 02:00:02 GMT https://isc.sans.edu/diary/base64dump.py%20Handles%20More%20Encodings%20Than%20Just%20BASE64/30332
Stealing OAuth Tokens via Open Redirects
https://eval.blog/research/microsoft-account-token-leaks-in-harvest/
VMWare Patches
https://www.vmware.com/security/advisories.html
Solarwinds Patches
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm
]]> 6:39 solarwinds, vmware, oauth, microsoft, harvest, oauth, base64, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8710 honeypot update; Malicious Keepass Ad; JavaScript in Blockchain; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. honeypot update; Malicious Keepass Ad; JavaScript in Blockchain; https://traffic.libsyn.com/securitypodcast/8710.mp3 https://isc.sans.edu/podcastdetail/8710 Fri, 20 Oct 2023 00:37:38 GMT https://github.com/DShield-ISC/dshield/blob/main/README.md
Malicious Keepass Ads
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
Malicious JavaScript in Smart Contracts
https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16
]]> 6:37 javascript, binance, smart contracts, keepass, honeypot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8708 Hex Decode; Oracle CPU; Citrix Vuln Exploited; Exposed Jupyter Notebooks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hex Decode; Oracle CPU; Citrix Vuln Exploited; Exposed Jupyter Notebooks https://traffic.libsyn.com/securitypodcast/8708.mp3 https://isc.sans.edu/podcastdetail/8708 Thu, 19 Oct 2023 02:00:01 GMT https://isc.sans.edu/diary/Hiding%20in%20Hex/30322
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2023.html
Citrix Vulnerability Exploited CVE-2023-4966
https://www.mandiant.com/resources/blog/remediation-netscaler-adc-gateway-cve-2023-4966
Exposed Jupyter Notebooks Exploited
https://www.cadosecurity.com/qubitstrike-an-emerging-malware-campaign-targeting-jupyter-notebooks/
]]> 5:41 jupyter, citrix, oracle, cpu, hex, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8706 SMS Phishing; Fake Paper Ticket QR Codes; Synology Random; Milesight Routers Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SMS Phishing; Fake Paper Ticket QR Codes; Synology Random; Milesight Routers Vuln; https://traffic.libsyn.com/securitypodcast/8706.mp3 https://isc.sans.edu/podcastdetail/8706 Wed, 18 Oct 2023 02:00:02 GMT https://isc.sans.edu/diary/Changes%20to%20SMS%20Delivery%20and%20How%20it%20Effects%20MFA%20and%20Phishing/30320
Fake Traffic Tickets with QR Code
https://twitter.com/polizeiberlin/status/1713867011837567411
Synology NAS DSM Account Takeover: Not Random Randomnumbers
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure
Milesight Routers CVe-2023-43261
https://github.com/win3zz/CVE-2023-43261
]]> 6:46 milesight, routers, synology, random, qr code, traffic tickets, sms, spam, smishing, qishing, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8704 Phishing and Typos; Cisco IOS XE 0-Day; LEMMINGS; SAMBA Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phishing and Typos; Cisco IOS XE 0-Day; LEMMINGS; SAMBA Update https://traffic.libsyn.com/securitypodcast/8704.mp3 https://isc.sans.edu/podcastdetail/8704 Tue, 17 Oct 2023 02:00:01 GMT https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316
Active Exploitation of Cisco ISO XE Software Web Management User Interface Vuln
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
Mail traffic to cancelled domain names
https://www.sidn.nl/en/nl-domain-name/mail-traffic-to-cancelled-domain-names
SAMBA Update
https://www.samba.org/samba/history/security.html
]]> 5:28 samba, email, domains, netherlands, nl, lemmings, cisco, 0day, typos, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8702 Odd MAC Addresses; Domains as Passwords; PoC for WebKit Vuln; AvosLocker; Darkgate Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd MAC Addresses; Domains as Passwords; PoC for WebKit Vuln; AvosLocker; Darkgate https://traffic.libsyn.com/securitypodcast/8702.mp3 https://isc.sans.edu/podcastdetail/8702 Mon, 16 Oct 2023 02:00:01 GMT https://isc.sans.edu/forums/diary/What's%20Normal%3A%20MAC%20Addresses/30310/
Domain Name Used as Password Captured by DShield Sensor
https://isc.sans.edu/forums/diary/Domain%20Name%20Used%20as%20Password%20Captured%20by%20DShield%20Sensor/30312/
PoC Exploit for CVE-2023-41993
https://github.com/po6ix/POC-for-CVE-2023-41993
AvosLocker Ransomware Details
https://www.cisa.gov/sites/default/files/2023-10/aa23-284a-joint-csa-stopransomware-avoslocker-ransomware-update.pdf
DarkGate Spreading via Skype and Teams
https://www.trendmicro.com/en_ph/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
]]> 5:25 darkcate, avoslocker, poc, ios, ipados, mac addresses, domain names, passwords, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8700 SeroXen RAT in nuGet; Hex IPs; Juniper Patches; Unpatched Squid Issues; @bsidexjax Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SeroXen RAT in nuGet; Hex IPs; Juniper Patches; Unpatched Squid Issues; @bsidexjax https://traffic.libsyn.com/securitypodcast/8700.mp3 https://isc.sans.edu/podcastdetail/8700 Fri, 13 Oct 2023 02:00:02 GMT https://blog.phylum.io/phylum-discovers-seroxen-rat-in-typosquatted-nuget-package/
Hexadecimal IP Addresses
https://asec.ahnlab.com/en/57635/
Juniper Vulnerabilities
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories]
Unpatched Squid Vulnerabilities
https://joshua.hu/squid-security-audit-35-0days-45-exploits
BSIDES Jacksonville
https://bsidesjax.org
]]> 6:13 bsides, jacksonville, squid, juniper, hexadecimal, shellbot, seroxen, rat, nuget, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8698 Atlasian Exploited; curl vuln; Acrobat Exploited; Goolge Passkey Advances; VBScript Deprectated Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Atlasian Exploited; curl vuln; Acrobat Exploited; Goolge Passkey Advances; VBScript Deprectated https://traffic.libsyn.com/securitypodcast/8698.mp3 https://isc.sans.edu/podcastdetail/8698 Thu, 12 Oct 2023 02:00:01 GMT https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
curl SOCKS5 oversized hostname vulnerability CVe-2023-38545
https://isc.sans.edu/diary/CVE-2023-38545%3A%20curl%20SOCKS5%20oversized%20hostname%20vulnerability.%20How%20bad%20is%20it%3F/30304
Adobe Acrobat Vulnerablity Actively Exploited CVE-2023-21608
https://www.cisa.gov/news-events/alerts/2023/10/10/cisa-adds-five-known-vulnerabilities-catalog
Google Makes Passkey the Default
https://blog.google/technology/safety-security/passkeys-default-google-accounts/
VBScript Deprecated from Windows
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
]]> 5:28 atlassian, curl, vbscript adobe, acrobat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8696 Rapid Reset; Microsoft Patch Tuesday Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Rapid Reset; Microsoft Patch Tuesday https://traffic.libsyn.com/securitypodcast/8696.mp3 https://isc.sans.edu/podcastdetail/8696 Wed, 11 Oct 2023 02:00:01 GMT https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
microsoft patch tuesday
https://isc.sans.edu/diary/October%202023%20Microsoft%20Patch%20Tuesday%20Summary/30300
]]> 7:55 microsoft, patch, tuesday, http2, rapid reset, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8694 ZIP DOSTIME and DATE; Updated Magecart Trick; Sophos Exim Flaw; WatchGuard "Feature"; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ZIP DOSTIME and DATE; Updated Magecart Trick; Sophos Exim Flaw; WatchGuard "Feature"; https://traffic.libsyn.com/securitypodcast/8694.mp3 https://isc.sans.edu/podcastdetail/8694 Tue, 10 Oct 2023 02:00:02 GMT https://isc.sans.edu/diary/ZIP%27s%20DOSTIME%20%26%20DOSDATE%20Formats/30296
New Magecart Campaign Abusing 404 Pages
https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer
Sophos Effected by Exim Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20231005-exim-vuln
Turn OFF This WatchGuard Feature: GuardLapse
https://projectblack.io/blog/turn-off-this-watchguard-feature-guardlapse/
]]> 5:23 watchguard, guardlaps, sophos, exim, magecart, 404, dosdate, dostime, zip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8692 Binary IPv6; Wireshark Updates; GitHub Secret Scanning; Prerooted Android Devices; curl update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Binary IPv6; Wireshark Updates; GitHub Secret Scanning; Prerooted Android Devices; curl update https://traffic.libsyn.com/securitypodcast/8692.mp3 https://isc.sans.edu/podcastdetail/8692 Mon, 09 Oct 2023 02:00:02 GMT https://isc.sans.edu/diary/Binary%20IPv6%20Addresses/30290
Wireshark Updates
https://www.wireshark.org/

Improved GitHub Secret Scanning
https://github.blog/2023-10-04-introducing-secret-scanning-validity-checks-for-major-cloud-services/
Prerooted Android Devices
https://arstechnica.com/security/2023/10/thousands-of-android-devices-come-with-unkillable-backdoor-preinstalled/
curl update
https://github.com/curl/curl/discussions/12026
]]> 6:11 curl, android, github, secrets, wireshark, binary, ipv6, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8690 le-hex-to-ip; Cisco Emergency Responder; Loony Tunables PoC; Malicious Python; SMC BMC Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. le-hex-to-ip; Cisco Emergency Responder; Loony Tunables PoC; Malicious Python; SMC BMC Vuln; https://traffic.libsyn.com/securitypodcast/8690.mp3 https://isc.sans.edu/podcastdetail/8690 Fri, 06 Oct 2023 02:00:02 GMT https://isc.sans.edu/diary/New%20tool%3A%20le-hex-to-ip.py/30284
Cisco Emergency Responder Static Credentials Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9
Loony Tunables PoC CVE-2023-4911
https://haxx.in/files/gnu-acme.py
Malicious Python Packages
https://checkmarx.com/blog/the-evolutionary-tale-of-a-persistent-python-threat/
Supermicro BMC Vulnerability
https://binarly.io/posts/Binarly_REsearch_Uncovers_Major_Vulnerabilities_in_Supermicro_BMCs/index.html
]]> 5:23 supermicro, bmc, python, loony, tunables, cve, poc, cisco, 911, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8688 Normal Connections; Apple Patches; Looney Tunables; Atlasian Confluence 0-day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Normal Connections; Apple Patches; Looney Tunables; Atlasian Confluence 0-day https://traffic.libsyn.com/securitypodcast/8688.mp3 https://isc.sans.edu/podcastdetail/8688 Thu, 05 Oct 2023 02:00:02 GMT https://isc.sans.edu/diary/Whats+Normal+Connection+Sizes/30278/
Apple Patches
https://isc.sans.edu/diary/Apple%20fixes%20vulnerabilities%20in%20iOS%20and%20iPadOS./30280
Looney Tunables Linux Privilege Escalation
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so
Atlasian Confluence Server Vulnerability
https://jira.atlassian.com/browse/CONFSERVER-92475
]]> 5:30 atlasian, confluence, 0-day, looney toonables, linux, qualys, apple, patches, normal, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8686 LLMs for IR; Pytorch Vuln; BING Reads Captchas; Evilproxy and Indeed; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LLMs for IR; Pytorch Vuln; BING Reads Captchas; Evilproxy and Indeed; https://traffic.libsyn.com/securitypodcast/8686.mp3 https://isc.sans.edu/podcastdetail/8686 Wed, 04 Oct 2023 02:00:02 GMT https://isc.sans.edu/diary/Are%20Local%20LLMs%20Useful%20in%20Incident%20Response%3F/30274
Pytorch Vulnerability
https://github.com/advisories/GHSA-4mqg-h5jf-j9m7
BING Reads Captchas
https://twitter.com/literallydenis/status/1708283962399846459
Evilproxy vs. Microsoft 365
https://www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/
]]> 5:36 evilproxy, microsoft, indeed, phishing, bing, captchas, pytorch, llm, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8684 ZIP Metadata; EXIM Update; ARM GPU Driver Vuln; Bing Malicious Ads; robots.txt AI restrictions; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ZIP Metadata; EXIM Update; ARM GPU Driver Vuln; Bing Malicious Ads; robots.txt AI restrictions; https://traffic.libsyn.com/securitypodcast/8684.mp3 https://isc.sans.edu/podcastdetail/8684 Tue, 03 Oct 2023 02:00:02 GMT https://isc.sans.edu/diary/Friendly%20Reminder%3A%20ZIP%20Metadata%20is%20Not%20Encrypted/30268
EXIM New Version Released
https://www.exim.org/static/doc/security/CVE-2023-zdi.txt
Mail GPU Kernel Driver Allows Improper GPU Memory Processing Operations
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
Bing AI Serves Malicous Ads
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot
Google Announces Robots.txt Ad-Restrictions
https://developers.google.com/search/docs/crawling-indexing/overview-google-crawlers#adsbot-mobile-web-android
]]> 5:41 arm, gpu, mali, exim, bing, google, robots.txt, malicious ads, zip, encrypted, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8682 MIME File Analysis; Infostealer; MIME Files; EXIM Update; WS_FTP Exploit; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MIME File Analysis; Infostealer; MIME Files; EXIM Update; WS_FTP Exploit; https://traffic.libsyn.com/securitypodcast/8682.mp3 https://isc.sans.edu/podcastdetail/8682 Mon, 02 Oct 2023 10:10:02 GMT https://isc.sans.edu/diary/Analyzing%20MIME%20Files%3A%20a%20Quick%20Tip/30266
Infostealers Looking for Password Files
https://isc.sans.edu/diary/Are+You+Still+Storing+Passwords+In+Plain+Text+Files/30262/
Simple Netcat Backdoor
https://isc.sans.edu/diary/Simple+Netcat+Backdoor+in+Python+Script/30264/
EXIM Response to the ZDI Release
https://exim.org/static/doc/security/CVE-2023-zdi.txt
Exploit for WS_FTP Vulnerability
https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044
]]> 5:09 ws_ftp, exploit, exim, vulnerability, mime, infostealer, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8680 Windows IPs; Chrome 0-Day; Unpatched EXIM Vuln; WS-FTP Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows IPs; Chrome 0-Day; Unpatched EXIM Vuln; WS-FTP Patches https://traffic.libsyn.com/securitypodcast/8680.mp3 https://isc.sans.edu/podcastdetail/8680 Fri, 29 Sep 2023 02:15:02 GMT https://isc.sans.edu/diary/IPv4%20Addresses%20in%20Little%20Endian%20Decimal%20Format/30256
Chrome Update fixes 0-day Vulnerability
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
Unpatched EXIM Vulnerabilities
https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
WS_FTP Vulnerabilities
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
]]> 4:46 ws-ftp, exim, chrome, 0-day, ipv4, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8678 GPU Sidechannels; Compromised Routers; More libwebp Confusion; Fake Dependabot Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GPU Sidechannels; Compromised Routers; More libwebp Confusion; Fake Dependabot https://traffic.libsyn.com/securitypodcast/8678.mp3 https://isc.sans.edu/podcastdetail/8678 Thu, 28 Sep 2023 02:00:02 GMT https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
Router Firmware Compromised for Persistent Access
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a
More libwebp vulnerability confusion
https://www.cve.org/CVERecord?id=CVE-2023-5129
https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/
Fake Dependabot Commits
https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/
]]> 6:56 dependabot, libwebp, router, persistent, backdoor, sidechannel, GPU, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8676 ZeroFont Phishing; Apple Updates; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ZeroFont Phishing; Apple Updates; https://traffic.libsyn.com/securitypodcast/8676.mp3 https://isc.sans.edu/podcastdetail/8676 Wed, 27 Sep 2023 02:00:02 GMT https://isc.sans.edu/diary/A%20new%20spin%20on%20the%20ZeroFont%20phishing%20technique/30248
macOS Sonoma Updates
https://isc.sans.edu/diary/Apple%20Releases%20MacOS%20Sonoma%20Including%20Numerous%20Security%20Patches/30252
]]> 6:31 macos, sonoma, zerofont, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8674 LuaJIT Malware; NPM systeminformation; Team City Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LuaJIT Malware; NPM systeminformation; Team City Vulnerability https://traffic.libsyn.com/securitypodcast/8674.mp3 https://isc.sans.edu/podcastdetail/8674 Tue, 26 Sep 2023 12:10:02 GMT https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/
NPM systeminformation flaw
https://systeminformation.io/security.html
Team City Authentication Bypass
https://twitter.com/ptswarm/status/1706223917008834748
]]> 5:06 team city, jetbrains, npm, systeminformation, luajit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8672 Laravel Scans; Backdoored WinRAR PoC; Fake Booking.com; @BSidesJAX Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Laravel Scans; Backdoored WinRAR PoC; Fake Booking.com; @BSidesJAX https://traffic.libsyn.com/securitypodcast/8672.mp3 https://isc.sans.edu/podcastdetail/8672 Mon, 25 Sep 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Scanning%20for%20Laravel%20-%20a%20PHP%20Framework%20for%20Web%20Artisants/30242/
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
Unmasking a Sophistiacted Phishing Campaign That Targets Hotel Guests
https://www.akamai.com/blog/security-research/sophisticated-phishing-campaign-targeting-hospitality
BSides JAX October 14th
https://www.bsidesjax.org/
tickets: https://www.eventbrite.com/e/bsides-jacksonville-2023-registration-566463807497?aff=oddtdtcreator
]]> 7:08 bsides, jax, phishing, hotels, booking, venomrat, winrar, laravel, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8670 Apple 0-Days; WebP Vuln Details; MoveIT Vuln; Win11 Improved Passkeys Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple 0-Days; WebP Vuln Details; MoveIT Vuln; Win11 Improved Passkeys https://traffic.libsyn.com/securitypodcast/8670.mp3 https://isc.sans.edu/podcastdetail/8670 Fri, 22 Sep 2023 02:00:01 GMT https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238
WebP Vulnerability
https://blog.isosceles.com/the-webp-0day/
MOVEit Transfer Service Pack
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023
Improved Passkey Support in Windows 11
https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/
]]> 6:03 moveit, windows 11, passkeys, apple, webp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8668 DNS TTls; Snatch Ransomware; npm packages; nagios xi vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS TTls; Snatch Ransomware; npm packages; nagios xi vuln; https://traffic.libsyn.com/securitypodcast/8668.mp3 https://isc.sans.edu/podcastdetail/8668 Thu, 21 Sep 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/What's%20Normal%3F%20DNS%20TTL%20Values/30234/
CISA Highlights Snatch Ransomware
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a
npm packages caught exfiltrating Kubernetes config, SSH keys
https://blog.sonatype.com/npm-packages-caught-exfiltrating-kubernetes-config-ssh-keys
Nagios XI Vulnerabilities
https://outpost24.com/blog/nagios-xi-vulnerabilities/
]]> 5:58 nagios, npm, kubernetes, ssh, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8666 Adobe Experience Manager; Trend Micro 0-Day; SprySOCKS Backdoor; Gitlab Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Adobe Experience Manager; Trend Micro 0-Day; SprySOCKS Backdoor; Gitlab Patches; https://traffic.libsyn.com/securitypodcast/8666.mp3 https://isc.sans.edu/podcastdetail/8666 Wed, 20 Sep 2023 02:00:01 GMT https://isc.sans.edu/diary/Obfuscated%20Scans%20for%20Older%20Adobe%20Experience%20Manager%20Vulnerabilities/30230
Trend Micro Apex One 0-day
https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US
SprySOCKS Backdoor
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
GitLab Patches
https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
]]> 5:23 gitlab, sprysocks, backdoor, trend micro, apex one, adobe, experience, manager, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8664 VPN Recon Scans; iOS Update; Juniper Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VPN Recon Scans; iOS Update; Juniper Exploit https://traffic.libsyn.com/securitypodcast/8664.mp3 https://isc.sans.edu/podcastdetail/8664 Tue, 19 Sep 2023 02:00:02 GMT https://isc.sans.edu/diary/Internet%20Wide%20Multi%20VPN%20Search%20From%20Single%20%2024%20Network/30226
iOS/iPadOS/tvOS/WatchOS Updates
https://support.apple.com/en-us/HT201222
Juniper Vuln Details/Exploit CVE-2023-36845
https://vulncheck.com/blog/juniper-cve-2023-36845
]]> 5:26 juniper, exploit, ios, apple, ipados, vpn, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8662 MFA Issue; QNAP Patches; Keychain Passkey Access; Fortinet and vBulletin XSS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MFA Issue; QNAP Patches; Keychain Passkey Access; Fortinet and vBulletin XSS https://traffic.libsyn.com/securitypodcast/8662.mp3 https://isc.sans.edu/podcastdetail/8662 Mon, 18 Sep 2023 02:00:02 GMT https://retool.com/blog/mfa-isnt-mfa/
QNAP Patches
https://www.qnap.com/en/security-advisories?ref=security_advisory_details
Chrome able to use Apple Keychain Passkeys
https://9to5google.com/2023/09/14/chrome-118-icloud-passkey/
Fortinet XSS
https://fortiguard.fortinet.com/psirt/FG-IR-23-106
vBulletin XSS
https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c
]]> 5:47 vbulletin, fortinet, xss, chrome, passkeys, keychain, qnap, mfa, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8660 qemu rPi emulation; ncurses vuln; windows themes PoC; 3AM ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. qemu rPi emulation; ncurses vuln; windows themes PoC; 3AM ransomware https://traffic.libsyn.com/securitypodcast/8660.mp3 https://isc.sans.edu/podcastdetail/8660 Fri, 15 Sep 2023 02:00:02 GMT https://isc.sans.edu/diary/DShield%20and%20qemu%20Sitting%20in%20a%20Tree%3A%20L-O-G-G-I-N-G/30216
Uncursing the ncurses memory corruption vulnerabilities
https://www.microsoft.com/en-us/security/blog/2023/09/14/uncursing-the-ncurses-memory-corruption-vulnerabilities-found-in-library/
Arbitrary code execution via Windows Themes (CVE-2023-38146)
https://exploits.forsale/themebleed/
3AM Ransomware used if LockBit Fails
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
]]> 5:37 dshield, qemu, raspberry pi, ncurses, windows themes, lockbit, 3am, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8658 Fake FreeDownloadManager; Foxit PDF Reader Update; macOS Metastealer; blocking NTML Hashes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake FreeDownloadManager; Foxit PDF Reader Update; macOS Metastealer; blocking NTML Hashes https://traffic.libsyn.com/securitypodcast/8658.mp3 https://isc.sans.edu/podcastdetail/8658 Thu, 14 Sep 2023 02:00:01 GMT https://securelist.com/backdoored-free-download-manager-linux-malware/110465/
Foxit PDF Reader Updates
https://www.foxit.com/support/security-bulletins.html
macOS MetaStealer: New Family of Obfuscated Go Infostealers
https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/
Windows 11 to Support Blocking SMB NTLM Hashes
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206
]]> 5:42 macos, metastealer, windows 11, smb, ntlm, downloadmanager, foxit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8656 Microsoft Patch Tuesday; OpenSSL 1.1.1 EoL; Adobe Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; OpenSSL 1.1.1 EoL; Adobe Patches https://traffic.libsyn.com/securitypodcast/8656.mp3 https://isc.sans.edu/podcastdetail/8656 Wed, 13 Sep 2023 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20September%202023%20Patch%20Tuesday/30214
OpenSSL 1.1.1 End of Life
https://www.openssl.org/blog/blog/2023/09/11/eol-111/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
]]> 5:58 adobe, openssl, microsoft, patch, tuesday, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8654 More Apple Patches; Wiki Eve Attack; Google Looker Studio Phish; HPE One View Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Apple Patches; Wiki Eve Attack; Google Looker Studio Phish; HPE One View Vuln; https://traffic.libsyn.com/securitypodcast/8654.mp3 https://isc.sans.edu/podcastdetail/8654 Tue, 12 Sep 2023 10:10:01 GMT https://isc.sans.edu/diary/Apple%20fixes%200-Day%20Vulnerability%20in%20Older%20Operating%20Systems/30210
Wi-Fi Enabled Practical Keystroke Eavesdropping
https://arxiv.org/pdf/2309.03492.pdf
Phishing via Google Looker Studio
https://blog.checkpoint.com/security/phishing-via-google-looker-studio
HPE One View Authentication Bypass
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us
]]> 5:52 apple, patches, ios, macos, wifi, keystroke logging, phishing, google, looker, phe, oneview, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8652 Honeypot Data and Powershell; Apple 0-Day Details; Cisco 0-Day Exploited; Odd Password Solution Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Honeypot Data and Powershell; Apple 0-Day Details; Cisco 0-Day Exploited; Odd Password Solution https://traffic.libsyn.com/securitypodcast/8652.mp3 https://isc.sans.edu/podcastdetail/8652 Mon, 11 Sep 2023 03:25:01 GMT https://isc.sans.edu/diary/%3FAnyone%20get%20the%20ASN%20of%20the%20Truck%20that%20Hit%20Me%3F!%3F%3A%20Creating%20a%20PowerShell%20Function%20to%20Make%203rd%20Party%20API%20Calls%20for%20Extending%20Honeypot%20Information%20%5BGuest%20Diary%5D/30204
More details about Apple 0-day
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC#fs
Odd Password Solution
https://notpickard.com/@rdp/111009868239846779
]]> 6:50 password, cisco, taiwan, keyboard, honeypot, logs, augmentation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8650 Apple Patches 0-Days; iOS Scareware; Aruba and TP Link Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Patches 0-Days; iOS Scareware; Aruba and TP Link Patches https://traffic.libsyn.com/securitypodcast/8650.mp3 https://isc.sans.edu/podcastdetail/8650 Fri, 08 Sep 2023 02:00:01 GMT https://isc.sans.edu/diary/30200
https://support.apple.com/en-us/HT201222
iOS Fleezeware/Scareware
https://isc.sans.edu/diary/Fleezeware%20Scareware%20Advertised%20via%20Facebook%20Tags%3B%20Available%20in%20Apple%20App%20Store/30198
Aruba Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt
TP Link Vulnerabilities
https://jvn.jp/en/vu/JVNVU99392903/
]]> 5:07 tplink, aruba, ios, fleezeware, scareware, apple, 0-day, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8648 DNS Security; MSFT Key Loss Details; Android Updates; Chrome Updates; Atlas VPN Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS Security; MSFT Key Loss Details; Android Updates; Chrome Updates; Atlas VPN Vuln; https://traffic.libsyn.com/securitypodcast/8648.mp3 https://isc.sans.edu/podcastdetail/8648 Thu, 07 Sep 2023 02:00:01 GMT https://isc.sans.edu/diary/Security%20Relevant%20DNS%20Records/30194
Microsoft Reveleas Details about Key Loss
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
September Android Updates
https://source.android.com/docs/security/bulletin/2023-09-01
Google Chrome Update
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
Atlas VPN Tunnel Termination Vulnerability
https://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/
]]> 5:43 atlas, vpn, google, chrome, android, microsoft, key loss, dns, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8646 Honeypot Usernames; TPM LUKS Bypass; Social Engineering Helpdesks for MFA Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Honeypot Usernames; TPM LUKS Bypass; Social Engineering Helpdesks for MFA Bypass https://traffic.libsyn.com/securitypodcast/8646.mp3 https://isc.sans.edu/podcastdetail/8646 Wed, 06 Sep 2023 02:00:02 GMT https://isc.sans.edu/diary/Common%20usernames%20submitted%20to%20honeypots/30188
TPM LUKS Bypass
https://pulsesecurity.co.nz/advisories/tpm-luks-bypass
Cross Tenant Impersonation Prevention and Detection
https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection
]]> 5:34 2fa, impersonation, social engineering, luks, tpm, usernames, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8644 Password Origins; YARA Rules for Obfuscated Strings; VMware Aria Keys; Windows TLS 1.0/1.1; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Password Origins; YARA Rules for Obfuscated Strings; VMware Aria Keys; Windows TLS 1.0/1.1; https://traffic.libsyn.com/securitypodcast/8644.mp3 https://isc.sans.edu/podcastdetail/8644 Tue, 05 Sep 2023 02:00:02 GMT https://isc.sans.edu/diary/What%20is%20the%20origin%20of%20passwords%20submitted%20to%20honeypots%3F/30182
Creating a YARA Rule to Detect Obfuscated Strings
https://isc.sans.edu/diary/Creating%20a%20YARA%20Rule%20to%20Detect%20Obfuscated%20Strings/30186
VMware Aria Operations for Networks Hardcoded Keys 2023-34039
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/
https://github.com/sinsinology/CVE-2023-34039/
Windows will Disable TLS 1.0/1.1
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center
]]> 6:17 windows, tls, vmware, aira, ssh, keys, yara, passwords, origins, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8642 Cheap Phishing; Unpinnable Actions; Cisco Brute Force; Splunk Vuln; TLD issues Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cheap Phishing; Unpinnable Actions; Cisco Brute Force; Splunk Vuln; TLD issues https://traffic.libsyn.com/securitypodcast/8642.mp3 https://isc.sans.edu/podcastdetail/8642 Fri, 01 Sep 2023 02:00:01 GMT https://isc.sans.edu/forums/diary/The%20low%2C%20low%20cost%20of%20%28committing%29%20cybercrime/30176/
Unpinnable Github Actions
https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-github-security/
Exploitation of Cisco ASA SSL VPNs
https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/
Splunk Vulnerabilities
https://advisory.splunk.com/advisories
Top Level Domain Issues
https://blog.talosintelligence.com/whats-in-a-name/
]]> 6:20 tld, splunk, cisco, asa, ssl vpn, github, phishing, actions, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8640 Hurricane Prep; Notepad++ Vulns; 7zip Vuln; BGP Error Handling; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hurricane Prep; Notepad++ Vulns; 7zip Vuln; BGP Error Handling; https://traffic.libsyn.com/securitypodcast/8640.mp3 https://isc.sans.edu/podcastdetail/8640 Thu, 31 Aug 2023 02:00:01 GMT https://isc.sans.edu/diary/Home%20Office%20%20%20Small%20Business%20Hurricane%20Prep/30166
Notepad++ Vulnerabilities
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/
7-Zip Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
BGP Error Handling Issues
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
]]> 5:34 bgp, 7zip, notepad++, hurricane, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8638 Website Survivaltime; ActiveMime Maldocs; RocketMQ Exploited; ManageEnging Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Website Survivaltime; ActiveMime Maldocs; RocketMQ Exploited; ManageEnging Vuln; https://traffic.libsyn.com/securitypodcast/8638.mp3 https://isc.sans.edu/podcastdetail/8638 Wed, 30 Aug 2023 02:00:01 GMT https://isc.sans.edu/diary/Survival%20time%20for%20web%20sites/30170
PDF/ActiveMime Polyglot Maldocs
https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html
https://blog.didierstevens.com/2023/08/29/quickpost-pdf-activemime-maldocs-yara-rule/
RocketMQ Vulnerability Exploited
https://blogs.juniper.net/en-us/threat-research/dreambus-botnet-resurfaces-targets-rocketmq-vulnerability
ManageEngine Vulnerabilty
https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html

]]> 6:03 manageengine, zoho, vulnerability, rocketmq, exploit, pdf, activemime, polyglot, survival time, websites, certificate transparency, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8636 WINRAR Exploit Analysis; Juniper PoC; Exchange EP Default; Rust Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WINRAR Exploit Analysis; Juniper PoC; Exchange EP Default; Rust Malware https://traffic.libsyn.com/securitypodcast/8636.mp3 https://isc.sans.edu/podcastdetail/8636 Tue, 29 Aug 2023 02:00:01 GMT https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164
Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847
https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/
Microsoft Will Enabled Extended Protection for Exchange Server by Default
https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849
Rust Malware Stages on Crates.io
https://blog.phylum.io/rust-malware-staged-on-crates-io/

SANS Community Night London Signup
https://www.sans.org/mlp/community-night-cloud-security-london-september-2023]]> 6:31 rar, winrar, exploit, juniper, poc, exchange, ep, cu, rust, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8634 Postgresql C2; MacOS Network Connections; Fake/Bad CVEs; Windows Cert Confusion; Bad NPM Package Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Postgresql C2; MacOS Network Connections; Fake/Bad CVEs; Windows Cert Confusion; Bad NPM Package https://traffic.libsyn.com/securitypodcast/8634.mp3 https://isc.sans.edu/podcastdetail/8634 Mon, 28 Aug 2023 02:00:01 GMT https://isc.sans.edu/diary/Python%20Malware%20Using%20Postgresql%20for%20C2%20Communications/30158
macOS: Who is Behind This Network Connection?
https://isc.sans.edu/diary/macOS%3A%20Who%3Fs%20Behind%20This%20Network%20Connection%3F/30160
CVE-2020-19909 Is Everything that is Wrong with CVEs
https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/
Windows Certificate Confusion
https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/
NPM E-Mail Validator Package Malware
https://blog.phylum.io/npm-emails-validator-package-malware/
]]> 6:37 npm, windows, certificate, cve-2020-19909, curl, macos, python, postgresql, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8632 Keyboard Walk; Barracuda ESG Warning; Ivanti Sentry Update; Smoke Loader Geolocation Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Keyboard Walk; Barracuda ESG Warning; Ivanti Sentry Update; Smoke Loader Geolocation https://traffic.libsyn.com/securitypodcast/8632.mp3 https://isc.sans.edu/podcastdetail/8632 Fri, 25 Aug 2023 02:00:01 GMT https://isc.sans.edu/diary/How%20I%20made%20a%20qwerty%20%3Fkeyboard%20walk%3F%20password%20generator%20with%20ChatGPT%20%20%5BGuest%20Diary%5D/30152
FBI Warns of Persistent Barracuda Backdoors
https://www.ic3.gov/Media/News/2023/230823.pdf
Ivanti Sentry Athentication Bypass Deep Diver CVE-2023-38035
https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/
Smoke Loader Drops Whiffy Recon WiFi Scanning and Geolocation Malware
https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware
]]> 5:52 smoke loader, whiffy, recon, wifi, ivanty, sentry, fbi, barracuda, qwerty, sans.edu, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8630 XLAM Files; WinRAR 0-Day (new!); Aruba Vulnerablities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. XLAM Files; WinRAR 0-Day (new!); Aruba Vulnerablities https://traffic.libsyn.com/securitypodcast/8630.mp3 https://isc.sans.edu/podcastdetail/8630 Thu, 24 Aug 2023 02:00:02 GMT https://isc.sans.edu/diary/More%20Exotic%20Excel%20Files%20Dropping%20AgentTesla/30150
CVE-2023-38831 WinRAR Vulnerability Exploited
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
Aruba Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
]]> 5:20 aruba, winrar, xlam, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8628 Fernet Encryption; inotify triage; Coldfusion Exploit; Openfire Exploit; New XLoader; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fernet Encryption; inotify triage; Coldfusion Exploit; Openfire Exploit; New XLoader; https://traffic.libsyn.com/securitypodcast/8628.mp3 https://isc.sans.edu/podcastdetail/8628 Wed, 23 Aug 2023 02:00:01 GMT https://isc.sans.edu/forums/diary/Have%20You%20Ever%20Heard%20of%20the%20Fernet%20Encryption%20Algorithm%3F/30146/
Malware Triage With Inotify Tools
https://isc.sans.edu/diary/Quick+Malware+Triage+With+Inotify+Tools/30142/
Adobe Coldfusion Exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Openfire Admin Console Vulnerability Exploited
https://vulncheck.com/blog/openfire-cve-2023-32315
XLoader Mac Malware Updates
https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
]]> 6:02 xloader, mac, openfire, adobe, coldfusion, malwre, inotify, triage, fernet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8626 SystemBC Scans; Exchange SU Rerelease; Ivanti Exploit; DUO Outages; mTLS vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SystemBC Scans; Exchange SU Rerelease; Ivanti Exploit; DUO Outages; mTLS vulnerabilities https://traffic.libsyn.com/securitypodcast/8626.mp3 https://isc.sans.edu/podcastdetail/8626 Tue, 22 Aug 2023 02:00:02 GMT https://isc.sans.edu/diary/SystemBC%20Malware%20Activity%20/30138
https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware
Exchange Server Security Update Re-Release
https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025
Ivanti Sentry Vulnerability Exploited
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
DUO Security Outage
https://status.duo.com/incidents/rw7g0q7ztj8f
mTLS Vulnerabilities
https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
]]> 6:07 mtls, duo, ivanti, sentry, exchange, rerelease, update, systembc, proxy, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8624 Zalando Phish/RAT; WinRAR Code Exec; Hotmail SPF Fail; Ivacy VPN Cert Abused; Chrome Extension Warning; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Zalando Phish/RAT; WinRAR Code Exec; Hotmail SPF Fail; Ivacy VPN Cert Abused; Chrome Extension Warning; https://traffic.libsyn.com/securitypodcast/8624.mp3 https://isc.sans.edu/podcastdetail/8624 Mon, 21 Aug 2023 02:00:01 GMT https://isc.sans.edu/diary/From%20a%20Zalando%20Phishing%20to%20a%20RAT/30136
RARLAB WinRAR Recovery Volume Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
Hotmail SPF Record Error Leads to spam false positives
https://www.bleepingcomputer.com/news/microsoft/hotmail-email-delivery-fails-after-microsoft-misconfigures-dns/
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/
Google Chrome to Warn Users of Malicious Extensions
https://betanews.com/2023/08/17/google-chrome-to-warn-users-about-problematic-extensions/
]]> 5:35 chrome, extensions, warning, vpn, cert, winrar, zelando, phishing, spf, hotmail, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8622 Whitespaces; Fake Airplane Mode; LinkedIn Attacks; Robot Vacuum Privacy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Whitespaces; Fake Airplane Mode; LinkedIn Attacks; Robot Vacuum Privacy https://traffic.libsyn.com/securitypodcast/8622.mp3 https://isc.sans.edu/podcastdetail/8622 Fri, 18 Aug 2023 02:00:02 GMT https://isc.sans.edu/diary/Command%20Line%20Parsing%20-%20Are%20These%20Really%20Unique%20Strings%3F/30126
iOS 16 Fake Airplane Mode
https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/
LinkedIn Attacks
https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/
Robot Vacuum Privacy Issues
https://dontvacuum.me/talks/DEFCON31/DEFCON31-vacuum-robots-final.pdf
https://dontvacuum.me/
]]> 5:44 robots, vacuum, privacy, linkedin, ios, airplane mode, whitespaces, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8620 PowerShell Gallery Malware; Windows Time Issues; Malicious QR Codes; Citrix Scanner Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PowerShell Gallery Malware; Windows Time Issues; Malicious QR Codes; Citrix Scanner https://traffic.libsyn.com/securitypodcast/8620.mp3 https://isc.sans.edu/podcastdetail/8620 Thu, 17 Aug 2023 02:00:02 GMT https://www.darkreading.com/application-security/powershell-gallery-prone-to-typosquatting-other-supply-chain-attacks
Windows Random Time Issues
https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/
Energy Company Targeted in QR Code Campaign
https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/
New Citrix Scanner from Mandiant
https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner
]]> 6:40 citrix, energey, qr, time, windows, powershell, gallery, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8618 macOS Background Task Manager; Ivanti Avalanche Vuln; Synology Cloud Access Vuln; Fake Beta Crypto Apps Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. macOS Background Task Manager; Ivanti Avalanche Vuln; Synology Cloud Access Vuln; Fake Beta Crypto Apps https://traffic.libsyn.com/securitypodcast/8618.mp3 https://isc.sans.edu/podcastdetail/8618 Wed, 16 Aug 2023 02:00:02 GMT https://www.wired.com/story/apple-mac-background-task-management-flaw/
Ivanti Avalanche Vulnerability
https://www.tenable.com/security/research/tra-2023-27
Exploiting Synology NAS Cloud Connectivity
https://claroty.com/team82/research/a-pain-in-the-nas-exploiting-cloud-connectivity-to-pwn-your-nas-synology-ds920-edition
Fake Crypto Currency Apps Offered as "Beta" versions
https://www.ic3.gov/Media/Y2023/PSA230814
]]> 5:53 fbi, crypto, apps, beta, synology, nas, cloud, ivanti, avalanche, macos, background task manager, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8616 PDFiD False Pos; CVE-2023-32019 Fix Update; CyberPower/Dataprobe Vulns; Ford Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PDFiD False Pos; CVE-2023-32019 Fix Update; CyberPower/Dataprobe Vulns; Ford Vuln; https://traffic.libsyn.com/securitypodcast/8616.mp3 https://isc.sans.edu/podcastdetail/8616 Tue, 15 Aug 2023 02:00:01 GMT https://isc.sans.edu/diary/PDFiD%3A%20False%20Positives%20Revisited/30122
CVE-2023-32019 Fix Enabled by Default;
https://support.microsoft.com/en-us/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080
CyberPower and Dataprobe Vulnerabilities
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html
Ford WiFi Driver Vulnerability
https://www.ti.com/lit/er/swra773/swra773.pdf?ts=1691717352391&ref_url=https%253A%252F%252Fmedia.ford.com%252F
]]> 5:51 ford, wifi, cyberpower, dataprobe, cve-2023-32019, microsoft, pdfid, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8614 Python Anti-Debugging; Zoom Zero Touch Vuln; DNS Spoofing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python Anti-Debugging; Zoom Zero Touch Vuln; DNS Spoofing https://traffic.libsyn.com/securitypodcast/8614.mp3 https://isc.sans.edu/podcastdetail/8614 Mon, 14 Aug 2023 02:00:02 GMT https://isc.sans.edu/diary/Show%20me%20All%20Your%20Windows!/30116
Zero Touch Pwn
https://blog.syss.com/posts/zero-touch-pwn/
Maginot DNS Spoofing Attack
https://www.usenix.org/conference/usenixsecurity23/presentation/li-xiang
]]> 5:30 windows, python, anti-debugging, zero touch, zoom, dns, spoofing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8612 SQL Auth Weakness; Windows Defender Pretender; Dell Compellent Static Key; Sogou Keyboard Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SQL Auth Weakness; Windows Defender Pretender; Dell Compellent Static Key; Sogou Keyboard Vuln; https://traffic.libsyn.com/securitypodcast/8612.mp3 https://isc.sans.edu/podcastdetail/8612 Fri, 11 Aug 2023 02:00:02 GMT https://isc.sans.edu/diary/Some%20things%20never%20change%20%3F%20such%20as%20SQL%20Authentication%20%3Fencryption%3F/30112
Defender Pretender: When Windows Defender Updates Become a Security Risk
https://www.blackhat.com/us-23/briefings/schedule/#defender-pretender-when-windows-defender-updates-become-a-security-risk-32706
Dell Compellent Hardcoded Key
https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities
Vulnerabilities in Sogou Keyboard
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
]]> 6:01 sogou, keyboard, dell, compellent, hardcoded, defender, pretender, sql, sql server, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8610 Tunnelcrack VPN vuln; Mozilla VPN Issue; Exchange Patch Trouble; VSCode Secrets Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Tunnelcrack VPN vuln; Mozilla VPN Issue; Exchange Patch Trouble; VSCode Secrets https://traffic.libsyn.com/securitypodcast/8610.mp3 https://isc.sans.edu/podcastdetail/8610 Thu, 10 Aug 2023 02:00:02 GMT https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf
Mozilla VPN Vulnerablity
https://www.openwall.com/lists/oss-security/2023/08/03/1
Non English Exchange Server Patch Issues
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/bc-p/3894481/highlight/true
VSCode Token Security
https://cycode.com/blog/exposing-vscode-secrets/
Weekly Updates for Google Chrome
https://security.googleblog.com/2023/08/an-update-on-chrome-security-updates.html
]]> 6:14 google, chrome, updates, vscode, token, security, exhcnage, patch, problems, vpn, mozilla, tunnelcrack, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8608 Microsoft Patch Tuesday; Adobe Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Updates https://traffic.libsyn.com/securitypodcast/8608.mp3 https://isc.sans.edu/podcastdetail/8608 Wed, 09 Aug 2023 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20August%202023%20Patch%20Tuesday/30106
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
]]> 6:02 adobe, adobe commerce, reader, acrobat, microsoft, patch tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8606 Research Scan IPs; OpenBullet Malware; Cloudflare Tunnel Abuse; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Research Scan IPs; OpenBullet Malware; Cloudflare Tunnel Abuse; https://traffic.libsyn.com/securitypodcast/8606.mp3 https://isc.sans.edu/podcastdetail/8606 Tue, 08 Aug 2023 02:00:01 GMT https://isc.sans.edu/diary/Update%3A%20Researchers%20scanning%20the%20Internet/30102
Malicious OpenBullet Configuration Files
https://www.kasada.io/threat-intel-openbullet-malware/
Abusing Cloudflare Tunnels
https://www.guidepointsecurity.com/blog/tunnel-vision-cloudflared-abused-in-the-wild/
]]> 6:27 cloudflare, cloudflared, openbullet, internet, scanning, research, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8604 Leaked Credentials; PaperCut RCE Vuln; MSFT Fixes Power Platform Bug; Token Theft Playbook; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Leaked Credentials; PaperCut RCE Vuln; MSFT Fixes Power Platform Bug; Token Theft Playbook; https://traffic.libsyn.com/securitypodcast/8604.mp3 https://isc.sans.edu/podcastdetail/8604 Mon, 07 Aug 2023 02:00:02 GMT https://isc.sans.edu/diary/Are%20Leaked%20Credentials%20Dumps%20Used%20by%20Attackers%3F/30098
New PaperCut RCE Vulnerability
https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/
Microsoft mitigates Power Platform Custom Code information disclosure vulnerability
https://msrc.microsoft.com/blog/2023/08/microsoft-mitigates-power-platform-custom-code-information-disclosure-vulnerability/
Microsoft Publishes Token theft Playbook
https://learn.microsoft.com/en-us/security/operations/token-theft-playbook
]]> 5:16 microsoft, cloud, azure, playbook, tokens, power platform, papercut, rce, credential dump, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8602 From LNK to BAT; MSFT Teams Scams; MSFT Office LOLBAS; Android App Versioning; Aruba; Mitel Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. From LNK to BAT; MSFT Teams Scams; MSFT Office LOLBAS; Android App Versioning; Aruba; Mitel https://traffic.libsyn.com/securitypodcast/8602.mp3 https://isc.sans.edu/podcastdetail/8602 Fri, 04 Aug 2023 02:00:02 GMT https://isc.sans.edu/diary/From%20small%20LNK%20to%20large%20malicious%20BAT%20file%20with%20zero%20VT%20score/30094
Social Engineering via Microsoft Teams
https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/
Automating the Search for LOLBAS
https://pentera.io/resources/whitepapers/the-lolbas-odyssey-finding-new-lolbas-and-how-you-can-too/
Sneaky Versioning Used to Bypass Scanners
https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt
Mitel Patches
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008
]]> 5:35 versioning, android, google play store, aruba, mitel, lolbas, teams, lnk, bat, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8600 Zeek on Windows; More Ivanti Vulns; Salesforce Phishing; AWS SSM Agent Abuse; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Zeek on Windows; More Ivanti Vulns; Salesforce Phishing; AWS SSM Agent Abuse; https://traffic.libsyn.com/securitypodcast/8600.mp3 https://isc.sans.edu/podcastdetail/8600 Thu, 03 Aug 2023 02:00:01 GMT https://isc.sans.edu/diary/Zeek%20and%20Defender%20Endpoint/30088
New Ivanti MobileIron Core Vulnerability
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US
Salesforce Phishing
https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa
Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan
https://www.mitiga.io/blog/abusing-the-amazon-web-services-ssm-agent-as-a-remote-access-trojan
]]> 6:08 Amazone, AWS, EC2, SSM, RAT, salesforce, meta, phishing, ivanti, mobileiron, zeek, defender, endpoint, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8598 DNS over HTTPS; Airgap Bridging Malware; Google Inactive Accounts; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS over HTTPS; Airgap Bridging Malware; Google Inactive Accounts; https://traffic.libsyn.com/securitypodcast/8598.mp3 https://isc.sans.edu/podcastdetail/8598 Wed, 02 Aug 2023 02:00:01 GMT https://isc.sans.edu/diary/Summary%20of%20DNS%20over%20HTTPS%20requests%20against%20our%20honeypots./30084
Malware Infects Airgapped Networks
https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments
Google Deleting Inactive Accounts
https://support.google.com/accounts/answer/12418290?visit_id=638264210155158507-1346504535&p=inactive_account_policy_blog&rd=1
Google AMP Service Used for Phishing
https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
]]> 5:18 google, amp, phishing, inactive accounts, airgap, dns, https, http, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8596 Ivanti Patches New 0-Day; Redis Malware; Android 0-Day Summary; Wiping Canon Printers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ivanti Patches New 0-Day; Redis Malware; Android 0-Day Summary; Wiping Canon Printers https://traffic.libsyn.com/securitypodcast/8596.mp3 https://isc.sans.edu/podcastdetail/8596 Tue, 01 Aug 2023 02:00:02 GMT https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
New Redis Malware Uses Unknown Initial Access Vector
https://www.cadosecurity.com/redis-p2pinfect/
https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/
Google Android 0-Day Summary
https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html
Wiping Sensitive Data from Printers
https://psirt.canon/advisory-information/cp2023-003/
]]> 5:51 canon, printers, google, android, 0-day, redis, malware, replication, ivanti, manager, 0day, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8594 iMessage Phish; IPv6 Attacks; Steganography in Python; Mobileiron Exploit Released Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. iMessage Phish; IPv6 Attacks; Steganography in Python; Mobileiron Exploit Released https://traffic.libsyn.com/securitypodcast/8594.mp3 https://isc.sans.edu/podcastdetail/8594 Mon, 31 Jul 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/USPS+Phishing+Scam+Targeting+iOS+Users/30078/
Do Attackers Pay More Attention to IPv6
https://isc.sans.edu/diary/Do%20Attackers%20Pay%20More%20Attention%20to%20IPv6%3F/30076
Shell Code in Images
https://isc.sans.edu/diary/ShellCode%20Hidden%20with%20Steganography/30074
Ivanti Mobileiron Exploit Public
https://github.com/vchan-in/CVE-2023-35078-Exploit-POC/blob/main/cve_2023_35078_poc.py
]]> 5:19 ivanti, mobileiron, exploit, shell code, ipv6, usps, phishing, imessage, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8592 OverlayFS Ubuntu Vuln; CISA warns of IDOR; Sophos UTM Patch; Aruba Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OverlayFS Ubuntu Vuln; CISA warns of IDOR; Sophos UTM Patch; Aruba Patches https://traffic.libsyn.com/securitypodcast/8592.mp3 https://isc.sans.edu/podcastdetail/8592 Fri, 28 Jul 2023 02:00:01 GMT https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
CISA Warns of Insecure Direct Option Reference Vulnerabilities
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
Sophos UTM Patch
https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=utm&versionID=9.7
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt
]]> 5:47 Aruba, Sophos, CISA, IDOR, Ubuntu, OverlayFS, patches, vulnerabilities, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8590 Malware Blocked IPs; MLS Protocol; PySecDB; MacOS Infostealer Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Blocked IPs; MLS Protocol; PySecDB; MacOS Infostealer https://traffic.libsyn.com/securitypodcast/8590.mp3 https://isc.sans.edu/podcastdetail/8590 Thu, 27 Jul 2023 02:00:02 GMT https://isc.sans.edu/diary/Suspicious%20IP%20Addresses%20Avoided%20by%20Malware%20Samples/30068
Messaging Layer Security (MLS) Protocol
https://datatracker.ietf.org/doc/html/rfc9420
PySecDB: Security Commit Dataset in Python
https://github.com/SunLab-GMU/PySecDB
MacOS Infostealer
https://www.sentinelone.com/blog/apple-crimeware-massive-rust-infostealer-campaign-aiming-for-macos-sonoma-ahead-of-public-release/
]]> 5:58 malware, ips, mls, encryption, pysecdb, macos, realst, infostealer, rust, sonoma, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8588 Ivanti Patch; Atlassian Patches; AMD Zen-2 Vuln; VMWare Tanzu Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ivanti Patch; Atlassian Patches; AMD Zen-2 Vuln; VMWare Tanzu Vuln; https://traffic.libsyn.com/securitypodcast/8588.mp3 https://isc.sans.edu/podcastdetail/8588 Wed, 26 Jul 2023 02:00:02 GMT https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
Atlassian Patches
https://confluence.atlassian.com/security/security-bulletin-july-18-2023-1251417643.html
AMD Zen-2 Vulnerability
https://lock.cmpxchg8b.com/zenbleed.html
VMWare CVE-2023-20891
https://socradar.io/vmwares-response-to-the-critical-cve-2023-20891-vulnerability-exposing-cf-api-admin-credentials/

]]> 5:00 iventi, atlassian, amd, zen2, vmware, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8586 Apple Updates; jq parsing; TETRA Radio Backdoor; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; jq parsing; TETRA Radio Backdoor; https://traffic.libsyn.com/securitypodcast/8586.mp3 https://isc.sans.edu/podcastdetail/8586 Tue, 25 Jul 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20%28again%29/30062/
https://support.apple.com/en-us/HT201222
Parsing Data with jq
https://isc.sans.edu/diary/JQ%3A%20Another%20Tool%20We%20Thought%20We%20Knew/30060
TETRA Radio Backdoor
https://www.wired.com/story/tetra-radio-encryption-backdoor/
]]> 6:06 tetra, radio, backdoor, apple, jq, updates, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8584 Shodan API; MSFT Stolen Key Scope; Okta Logs; Citrix Exploits Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Shodan API; MSFT Stolen Key Scope; Okta Logs; Citrix Exploits https://traffic.libsyn.com/securitypodcast/8584.mp3 https://isc.sans.edu/podcastdetail/8584 Mon, 24 Jul 2023 02:00:01 GMT https://isc.sans.edu/diary/Shodan%27s%20API%20For%20The%20%28Recon%29%20Win!/30050
Stolen Microsoft Key May Have Opened Up a lot more than US Government E-Mail Inboxes
https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr
https://www.theregister.com/2023/07/21/microsoft_key_skeleton/
Okta Logs Decoded
https://www.rezonate.io/blog/okta-logs-decoded-unveiling-identity-threats-through-threat-hunting/
Threat Actors Exploiting Citrix CVE-2023-3519
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
https://github.com/securekomodo/citrixInspector
]]> 6:13 citrix, okta, microsoft, key, wiz, shodan, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8582 Obfuscated .bat file; Citrix CVE-2023-3519 IoCs; ssh-agent exploit; MegaRAC Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscated .bat file; Citrix CVE-2023-3519 IoCs; ssh-agent exploit; MegaRAC Vuln; https://traffic.libsyn.com/securitypodcast/8582.mp3 https://isc.sans.edu/podcastdetail/8582 Fri, 21 Jul 2023 02:00:01 GMT https://isc.sans.edu/diary/Deobfuscation%20of%20Malware%20Delivered%20Through%20a%20.bat%20File/30048
Citrix CVE-2023-3519 Indicators of Compromise
https://www.deyda.net/index.php/en/2023/07/19/checklist-for-citrix-adc-cve-2023-3519/
ssh-agent vulnerability
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Spring Security: WebFlux Security Bypass with Un-Prefixed Double Wildcard Pattern
https://spring.io/security/cve-2023-34034
American Megatrends (AMI) MegaRAC BMC Vulnerabilities
https://eclypsium.com/research/bmcc-lights-out-forever/
]]> 3:31 .bat, obfuscation, citrix, ios, ssh-agent, megarac, megatrend, ami, bmc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8580 Citrix Vulnerability; Enigma Challenge; Oracle CPU; Microsoft Expanding Cloud Logging Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Citrix Vulnerability; Enigma Challenge; Oracle CPU; Microsoft Expanding Cloud Logging https://traffic.libsyn.com/securitypodcast/8580.mp3 https://isc.sans.edu/podcastdetail/8580 Thu, 20 Jul 2023 02:00:01 GMT https://isc.sans.edu/forums/diary/Citrix%20ADC%20Vulnerability%20CVE-2023-3519%2C%203466%20and%203467%20-%20Patch%20Now!/30044/
HAM Radio Enigma Machine Challenge
https://isc.sans.edu/diary/HAM%20Radio%20%2B%20Enigma%20Machine%20Challenge/30042
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2023.html
Microsoft Expanding Cloud Logging
https://www.microsoft.com/en-us/security/blog/2023/07/19/expanding-cloud-logging-to-give-customers-deeper-security-visibility/
]]> 3:10 microsoft, cloud, logging, oracle, cpu, ham radio, enigma, citrix, adc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8578 Jira Plugin Exploit; Citrix Vulnerabilities; Google Cloud Build Service Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Jira Plugin Exploit; Citrix Vulnerabilities; Google Cloud Build Service Vuln; https://traffic.libsyn.com/securitypodcast/8578.mp3 https://isc.sans.edu/podcastdetail/8578 Wed, 19 Jul 2023 11:30:02 GMT https://isc.sans.edu/diary/Exploit%20Attempts%20for%20%22Stagil%20navigation%20for%20Jira%20Menus%20%26%20Themes%22%20CVE-2023-26255%20and%20CVE-2023-26256/30038
Citrix Vulnerabilities
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
Google Cloud Build Service Vulnerability
https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability
]]> 5:45 stagil, jira, plugin, directory traversal, citrix, google, cloud, build, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8576 Exploited Vulnerabilities in Zimbra, WooCommerce, Coldfusion; CISA free cloud tools; Jumpcloud Breach Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exploited Vulnerabilities in Zimbra, WooCommerce, Coldfusion; CISA free cloud tools; Jumpcloud Breach https://traffic.libsyn.com/securitypodcast/8576.mp3 https://isc.sans.edu/podcastdetail/8576 Tue, 18 Jul 2023 02:00:01 GMT https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15
Woocommerce Vulnerability Actively Being Exploited
https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/
Adobe Coldfusion Flaws exploited
https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-coldfusion-rce-bug-exploited-in-attacks/
CISA Cloud Security Fact Sheet: Free Tools for Cloud Environments
https://www.cisa.gov/sites/default/files/2023-07/Free%20Tools%20for%20Cloud%20Environments_508c.pdf
JumpCloud Breach
https://arstechnica.com/security/2023/07/jumpcloud-says-nation-state-hacker-breach-targeted-some-of-its-customers/
]]> 5:12 zimbra, coldfusion, woocommerce, adobe, cisa, cloud, jumpcloud, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8574 MSFT Driver Certs Details; Threads Threats; CVSS 4.0 Preview Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Driver Certs Details; Threads Threats; CVSS 4.0 Preview https://traffic.libsyn.com/securitypodcast/8574.mp3 https://isc.sans.edu/podcastdetail/8574 Mon, 17 Jul 2023 02:00:02 GMT https://blog.talosintelligence.com/old-certificate-new-signature/
Threads App Lures
https://www.helpnetsecurity.com/2023/07/14/threads-app-lure/
First Releases CVSS 4.0 Preview
https://www.first.org/cvss/
]]> 7:09 first, cvss, threads, microsoft, driver, signatures, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8572 Honeypot Logs; MSFT Outlook 365 compromise; Fake PoC; Ghostscript PoC; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Honeypot Logs; MSFT Outlook 365 compromise; Fake PoC; Ghostscript PoC; https://traffic.libsyn.com/securitypodcast/8572.mp3 https://isc.sans.edu/podcastdetail/8572 Fri, 14 Jul 2023 02:00:02 GMT https://isc.sans.edu/diary/DShield%20Honeypot%20Maintenance%20and%20Data%20Retention/30024
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a
PoC Exploit: Fake Proof of Concept with Backdoor Malware
https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware
GhostScript CVE-2023-36664 PoC Exploit
https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability
]]> 5:37 ghostscript, poc, malware, backdoor, github, apt, outlook, online, honeypot, dshield, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8570 Apple Fixes Patch; Formbook QM18; Adobe Patches; Fortinet Patches; Citrix Patches; Sonicwall Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Fixes Patch; Formbook QM18; Adobe Patches; Fortinet Patches; Citrix Patches; Sonicwall Patches https://traffic.libsyn.com/securitypodcast/8570.mp3 https://isc.sans.edu/podcastdetail/8570 Thu, 13 Jul 2023 02:00:02 GMT https://support.apple.com/HT201224
Loader Activity For Formbook "QM18"
https://isc.sans.edu/diary/Loader%20activity%20for%20Formbook%20%22QM18%22/30020
Adobe Patches
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html
FortiOS/FortiProxy Stack Based Overflow
https://www.fortiguard.com/psirt/FG-IR-23-183
Citrix Secure Access Client for Ubuntu
https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492
Sonicwall Updates
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
]]> 6:09 sonicwall, citrix, fortios, forinet, fortiproxy, adobe, coldfusion, formbook, qm18, macos, ios, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8568 Microsoft Patch Tuesday; Apple Withdraws Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Apple Withdraws Update https://traffic.libsyn.com/securitypodcast/8568.mp3 https://isc.sans.edu/podcastdetail/8568 Wed, 12 Jul 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/July%202023%20Microsoft%20Patch%20Update/30018/
https://blog.talosintelligence.com/old-certificate-new-signature/
Apple Withdraws Rapid Security Response Update
https://support.apple.com/en-us/HT213827
]]> 6:33 apple, withdraws, rsr, rapid security response, microsoft, patch tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8566 Apple 0-Day Patch; Edgerouter/Aircube PoC; Firefox Quarantined Domains/Extensions Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple 0-Day Patch; Edgerouter/Aircube PoC; Firefox Quarantined Domains/Extensions https://traffic.libsyn.com/securitypodcast/8566.mp3 https://isc.sans.edu/podcastdetail/8566 Tue, 11 Jul 2023 02:00:02 GMT https://isc.sans.edu/diary/Apple%20Rapid%20Security%20Update%20Patches%20Three%20Exploited%20Vulnerabilities/30012
Ubiquity Edgerouter and AirCube miniupnpd Heap Overflow
https://ssd-disclosure.com/ssd-advisory-edgerouters-and-aircube-miniupnpd-heap-overflow/
Mozilla Restricting Extensions on Quarantined Domains
https://support.mozilla.org/en-US/kb/quarantined-domains
https://www.mozilla.org/en-US/firefox/115.0/releasenotes/
https://lapcatsoftware.com/articles/2023/7/1.html
]]> 5:43 mozilla, firefox, ubiquity, edgerouter, aircube, miniupnd, apple, ios, macos, security, update, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8564 DSSuite Update; New MoveIT Flaw; Nexus 9000 Flaw; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DSSuite Update; New MoveIT Flaw; Nexus 9000 Flaw; https://traffic.libsyn.com/securitypodcast/8564.mp3 https://isc.sans.edu/podcastdetail/8564 Mon, 10 Jul 2023 02:00:02 GMT https://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008
More MoveIT Flaws and new Service Pack
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023
Cisco Nexus 9000 Flaw
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
]]> 4:16 nexus, 9000, encryption, moveit, sql injection, sqli, dssuite, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8562 IDS Honeypot Logs; Truebot vs Netwrix Auditor; Stackrot; TeamsPhisher Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IDS Honeypot Logs; Truebot vs Netwrix Auditor; Stackrot; TeamsPhisher https://traffic.libsyn.com/securitypodcast/8562.mp3 https://isc.sans.edu/podcastdetail/8562 Fri, 07 Jul 2023 02:00:02 GMT https://isc.sans.edu/diary/IDS%20Comparisons%20with%20DShield%20Honeypot%20Data/30002
Truebot Exploits Netwrix Auditor
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
Stackrot Linux Priviledge Escalation Vulnerability
https://www.openwall.com/lists/oss-security/2023/07/05/1
TeamsPhisher Exploit
https://github.com/Octoberfest7/TeamsPhisher
VMWare Update
https://www.vmware.com/security/advisories/VMSA-2023-0015.html
]]> 5:52 ids, honeypot, suricata, pan, truebot, netwrix, auditor, Teamsphisher, vmware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8560 DShield pfSense Client; Exposed ICS; Custom Encoding; SNAPPY; RUSTBUCKET Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DShield pfSense Client; Exposed ICS; Custom Encoding; SNAPPY; RUSTBUCKET https://traffic.libsyn.com/securitypodcast/8560.mp3 https://isc.sans.edu/podcastdetail/8560 Thu, 06 Jul 2023 02:00:02 GMT https://isc.sans.edu/diary/DShield%20pfSense%20Client%20Update/29994
Exposed Industrial Control Systems
https://isc.sans.edu/diary/Controlling%20network%20access%20to%20ICS%20systems/30000
Analysis Method for Custom Encoding
https://isc.sans.edu/diary/Analysis%20Method%20for%20Custom%20Encoding/29946
SNAPPY: Detecting Rogue WiFi Access Points
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-points-through-fingerprinting-beacon-management-frames/
RUSTBUCKET Mac Malware
https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket
]]> 6:57 rustbucket, snappy, encoding, ics, hmi, dshield, pfsense, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8558 From Adobe Remcos RAT; ArcServe PoC Exploit; Sysmon Update; Drone Security Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. From Adobe Remcos RAT; ArcServe PoC Exploit; Sysmon Update; Drone Security https://traffic.libsyn.com/securitypodcast/8558.mp3 https://isc.sans.edu/podcastdetail/8558 Fri, 30 Jun 2023 02:00:01 GMT https://isc.sans.edu/diary/GuLoader-%20or%20DBatLoader%20ModiLoader-style%20infection%20for%20Remcos%20RAT/29990
CVE-2023-26258 Remote Code Execution in Arcserve UDP Backup
https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/
Sysmon Update
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
https://medium.com/@olafhartong/sysmon-15-0-file-executable-detected-40fd64349f36
Drone Security and Fault Injection Attacks
https://labs.ioactive.com/2023/06/applying-fault-injection-to-firmware.html
]]> 6:42 drone, sysmon, arcserve, udp, backup, guloader, batloader, remcos rat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8556 SSLv2 Survey; NPM manifests; Mockingjay; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SSLv2 Survey; NPM manifests; Mockingjay; https://traffic.libsyn.com/securitypodcast/8556.mp3 https://isc.sans.edu/podcastdetail/8556 Thu, 29 Jun 2023 02:00:02 GMT https://isc.sans.edu/diary/Kazakhstan%20-%20the%20world%27s%20last%20SSLv2%20superpower...%20and%20a%20country%20with%20potentially%20vulnerable%20last-mile%20internet%20infrastructure/29988
npm manifest issues
https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution
]]> 5:39 mockingjay, rwx, npm, manifest, sslv2, ssl2, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8554 Malware Triage; RowPress Attack; Dell BIOS Update; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Triage; RowPress Attack; Dell BIOS Update; https://traffic.libsyn.com/securitypodcast/8554.mp3 https://isc.sans.edu/podcastdetail/8554 Wed, 28 Jun 2023 02:00:02 GMT https://isc.sans.edu/diary/The+Importance+of+Malware+Triage/29984/
RowPress: Amplifying Read Disturbance in Modern DRAM Chips
https://dl.acm.org/doi/abs/10.1145/3579371.3589063
Dell BIOS Updates
https://www.dell.com/support/kbdoc/de-de/000214778/dsa-2023-174-dell-client-bios-security-update-for-an-out-of-bounds-write-vulnerability
Google Chrome Update
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
]]> 5:10 malware, triage, rowpress, dell, bios, google chrome, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8552 BlackLotus Mitigation; Camaro Dragon; Grafana Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BlackLotus Mitigation; Camaro Dragon; Grafana Vuln; https://traffic.libsyn.com/securitypodcast/8552.mp3 https://isc.sans.edu/podcastdetail/8552 Tue, 27 Jun 2023 02:00:02 GMT https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF
Camaro Dragon Infects USB Drives as well as Network Drives
https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/
Grafana Security Release
https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/
]]> 5:15 grafana, microsoft ad, oauth, camaro, dragon, usb, blacklotos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8550 Modiloader Spam; Word Templates; Quakbot Obama271; MSFT Teams Phishing; Free Smart Watches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Modiloader Spam; Word Templates; Quakbot Obama271; MSFT Teams Phishing; Free Smart Watches; https://traffic.libsyn.com/securitypodcast/8550.mp3 https://isc.sans.edu/podcastdetail/8550 Mon, 26 Jun 2023 02:00:02 GMT https://isc.sans.edu/diary/Email%20Spam%20with%20Attachment%20Modiloader/29978
Word Document with an Online Attached Template
https://isc.sans.edu/diary/Word%20Document%20with%20an%20Online%20Attached%20Template/29976
Quakbot Activity Obama271 Distrubution Tag
https://isc.sans.edu/diary/Qakbot%20%28Qbot%29%20activity%2C%20obama271%20distribution%20tag/29968
Microsoft Teams External Tenant Confusion
https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/
Free Smart Watches
https://www.darkreading.com/threat-intelligence/suspicious-smartwatches-mailed-us-army-personnel
]]> 6:56 obama, qbot, qakbot, smart watches, microsoft, teams, email, office, word, template, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8548 Apple Updates; VCenter Vuln.; GitHub RepoJacking; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; VCenter Vuln.; GitHub RepoJacking; https://traffic.libsyn.com/securitypodcast/8548.mp3 https://isc.sans.edu/podcastdetail/8548 Fri, 23 Jun 2023 02:00:02 GMT https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerabilities%20in%20iOS%20iPadOS%2C%20macOS%2C%20watchOS%20and%20Safari/29972
Heap Buffer Overflow in VMWare VCenter
https://www.vmware.com/security/advisories/VMSA-2023-0014.html
GitHub RepoJacking
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
]]> 5:26 apple, ios, ipados, macos, vmware, vcenter, github, repojacking, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8546 YouTube Creator Phishing; Autodesk Maya Malware; Zyxel, Asus and Huawei Vuln; VMware Aria Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. YouTube Creator Phishing; Autodesk Maya Malware; Zyxel, Asus and Huawei Vuln; VMware Aria Exploited https://traffic.libsyn.com/securitypodcast/8546.mp3 https://isc.sans.edu/podcastdetail/8546 Thu, 22 Jun 2023 02:00:02 GMT https://isc.sans.edu/diary/Analyzing%20a%20YouTube%20Sponsorship%20Phishing%20Mail%20and%20Malware%20Targeting%20Content%20Creators/29966
Malicious Code Can Be Anywhere
https://isc.sans.edu/diary/Malicious%20Code%20Can%20Be%20Anywhere/29964
Zyxel Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products
Huawei Vulnerability
https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-thvihr-7015cbae-en
Asus Vulnerability
https://www.asus.com/content/asus-product-security-advisory/
VMWare Aria Vuln Exploited
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
]]> 5:41 vmware, aria, asus, huawei, zyxel, Autodesk, Maya, creators, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8544 More Formbook; ZIP Bruteforcing; .inf Malware; FortiNAC PoCs; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Formbook; ZIP Bruteforcing; .inf Malware; FortiNAC PoCs; https://traffic.libsyn.com/securitypodcast/8544.mp3 https://isc.sans.edu/podcastdetail/8544 Tue, 20 Jun 2023 02:00:01 GMT https://isc.sans.edu/diary/Formbook%20from%20Possible%20ModiLoader%20%28DBatLoader%29%20/29958
Brute-Force ZIP Password Cracking with zipdump.py
https://isc.sans.edu/diary/Brute-Force%20ZIP%20Password%20Cracking%20with%20zipdump.py/29948
Malware Delivered Through .inf File
https://isc.sans.edu/diary/Malware%20Delivered%20Through%20.inf%20File/29960
FortiNAC - Just a few more RCEs
https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
]]> 5:52 fortinac, moveit, inf file, zip, password, formbook, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8542 Vulnerability Management; More MOVEit vulns; Critrix Sharefile; Chromeloader News; npm bignum compromise; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Vulnerability Management; More MOVEit vulns; Critrix Sharefile; Chromeloader News; npm bignum compromise; https://traffic.libsyn.com/securitypodcast/8542.mp3 https://isc.sans.edu/podcastdetail/8542 Fri, 16 Jun 2023 02:00:01 GMT https://isc.sans.edu/diary/Supervision%20and%20Verification%20in%20Vulnerability%20Management/29952
More MOVEit issues
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023
Critical Citrix Sharefile Storagezones Controller
https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489
Chromeloader Malware Update
https://threatresearch.ext.hp.com/shampoo-a-new-chromeloader-campaign/
Bignum NPM Package Compromise
https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers
]]> 5:33 bignum, npm, chromeloader, malware, citrix, sharefile, storagezones, moveit, vulnerability management, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8540 Deobfuscating VBS; Broken OOXML Sigs; CVE-2023-32019 Patch Not Enabled By Default; Fortigate Updates; Zoom Updates; Fake GitHub Exploits Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Deobfuscating VBS; Broken OOXML Sigs; CVE-2023-32019 Patch Not Enabled By Default; Fortigate Updates; Zoom Updates; Fake GitHub Exploits https://traffic.libsyn.com/securitypodcast/8540.mp3 https://isc.sans.edu/podcastdetail/8540 Thu, 15 Jun 2023 02:00:02 GMT https://isc.sans.edu/diary/Deobfuscating%20a%20VBS%20Script%20With%20Custom%20Encoding/29940
Every Signature is Broken: On the Insecurity of Microsoft Office s OOXML Signatures
https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann
How to Manage the Vulnerailbity Associated with CVE-2023-32019
https://support.microsoft.com/en-gb/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080
Fake Security Research GitHub Repos
https://vulncheck.com/blog/fake-repos-deliver-malicious-implant
Fortigate Vuln Details
https://blog.lexfo.fr/xortigate-cve-2023-27997.html
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
]]> 5:56 zoom, fortigate, github, fake exploits, windows, vbs, ooxml signatures, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8538 Microsoft Patch Tuesday; VMWare 0-Day; SAP Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; VMWare 0-Day; SAP Patches https://traffic.libsyn.com/securitypodcast/8538.mp3 https://isc.sans.edu/podcastdetail/8538 Wed, 14 Jun 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/June%202023%20Microsoft%20Patch%20Tuesday/29942/
VMWare 0-Day
https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
https://www.vmware.com/security/advisories/VMSA-2023-0013.html
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
]]> 5:29 patches, tuesday, patch tuesday, microsoft, vmware, 0-day, sap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8536 Geoserver Cryptominer Attacks; Fortinet Update; Bitwarden Key Leak; Western Digital SMART abuse; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Geoserver Cryptominer Attacks; Fortinet Update; Bitwarden Key Leak; Western Digital SMART abuse; https://traffic.libsyn.com/securitypodcast/8536.mp3 https://isc.sans.edu/podcastdetail/8536 Tue, 13 Jun 2023 02:00:02 GMT https://isc.sans.edu/diary/Geoserver%20Attack%20Details%3A%20More%20Cryptominers%20against%20Unconfigured%20WebApps/29936
Fortinet Update CVE-2023-27997
https://www.fortiguard.com/psirt/FG-IR-23-097
Bitwarden Key Accessible By Low Privileged User
https://hackerone.com/reports/1874155
Western Digital SMART Flag Abuse
https://arstechnica.com/gadgets/2023/06/clearly-predatory-western-digital-sparks-panic-anger-for-age-shaming-hdds/
]]> 5:33 western digital, smart, bitwarden, fortinet, geoserver, kensing, cryptominer, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8534 Powershell Profiles; Honeypot Activity; More flaws in MOVEit and Fortinet SSLVPN Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Powershell Profiles; Honeypot Activity; More flaws in MOVEit and Fortinet SSLVPN https://traffic.libsyn.com/securitypodcast/8534.mp3 https://isc.sans.edu/podcastdetail/8534 Mon, 12 Jun 2023 02:00:01 GMT https://isc.sans.edu/diary/Undetected%20PowerShell%20Backdoor%20Disguised%20as%20a%20Profile%20File/29930
DShield Honeypot Activity for May 2023
https://isc.sans.edu/diary/DShield%20Honeypot%20Activity%20for%20May%202023%20/29932
Second MOVEit Vulnerability
https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability
Fortinet Patches CVE-2023-27997
https://twitter.com/cfreal_/status/1667852157536616451
]]> 5:37 fortniet, moveit, dshield, honeypot, powershell, backdoor, patches, vulnerabilities, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8532 Geoserver Scans; Barracuda ESG Replacement; Google Chrome Password Manager; Minecraft Mods; Trend Micro Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Geoserver Scans; Barracuda ESG Replacement; Google Chrome Password Manager; Minecraft Mods; Trend Micro Patch https://traffic.libsyn.com/securitypodcast/8532.mp3 https://isc.sans.edu/podcastdetail/8532 Fri, 09 Jun 2023 02:00:02 GMT https://isc.sans.edu/diary/Ongoing%20scans%20for%20Geoserver/29926
Barracuda Recommends Replacing Compromised Devices
https://www.barracuda.com/company/legal/esg-vulnerability
Google improves Chrome Password Manager
https://www.msn.com/en-us/news/other/chrome-adds-windows-biometric-logins-to-its-password-powers/ar-AA1ciCCf
Minecraft Mods Include Malicious Code
https://www.bleepingcomputer.com/news/security/new-fractureiser-malware-used-curseforge-minecraft-mods-to-infect-windows-linux/
Trend Micro Service Pack
https://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_cp_b12033_EN_Critical_Patch_Readme.html
]]> 5:26 trend micro, minecraft, google, password manager, barracuda, geoserver, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8530 DMARC in .co; VMware Aria Patch; SpinOK Spyware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DMARC in .co; VMware Aria Patch; SpinOK Spyware https://traffic.libsyn.com/securitypodcast/8530.mp3 https://isc.sans.edu/podcastdetail/8530 Thu, 08 Jun 2023 02:00:01 GMT https://isc.sans.edu/diary/Management%20of%20DMARC%20control%20for%20email%20impersonation%20of%20domains%20in%20the%20.co%20TLD%20-%20part%202/29922
Three Vulnerabilities in VMWare Aria Operations for Networks
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
SpinOK Spyware SDK found in Android Apps
https://vms.drweb.com/search/?q=Android.Spy.SpinOk&lng=en
https://www.cloudsek.com/threatintelligence/supply-chain-attack-infiltrates-android-apps-with-malicious-sdk
Cisco Anyconnect Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
RSA Webcast
https://www.rsaconference.com/library/webcast/149-sans-followup-2023
]]> 5:45 rsa, webcast, cisco, anyconnect, spinok, spyware, sdk, android, vmware, ario, dmarc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8528 Copilot vs. Google; Android and Chrome 0-Days; Fake Sextortion; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Copilot vs. Google; Android and Chrome 0-Days; Fake Sextortion; https://traffic.libsyn.com/securitypodcast/8528.mp3 https://isc.sans.edu/podcastdetail/8528 Wed, 07 Jun 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Github%20Copilot%20vs.%20Google%3A%20Which%20code%20is%20more%20secure/29918/
Android Update
https://source.android.com/docs/security/bulletin/2023-06-01
Chrome Updates
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
FBI Warns of Manipulated Photos and Videos For Sextortion
https://www.ic3.gov/Media/Y2023/PSA230605
]]> 6:04 fbi, photos, sextortion, chrom, android, github, copilot, google, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8526 Simple Archive Bruteforcer; Keepass Patch; Splunk Advisories; Chrome Extensions; Symantec Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Simple Archive Bruteforcer; Keepass Patch; Splunk Advisories; Chrome Extensions; Symantec Updates https://traffic.libsyn.com/securitypodcast/8526.mp3 https://isc.sans.edu/podcastdetail/8526 Tue, 06 Jun 2023 02:00:01 GMT https://isc.sans.edu/diary/Brute%20Forcing%20Simple%20Archive%20Passwords/29914
KeePass 2.54 Released
https://keepass.info/news/n230603_2.54.html
Splunk Advisories
https://advisory.splunk.com/advisories
Malicious Google Chrome Extensions
https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/
Symantec Updates
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217
]]> 5:28 symantec, google, chrome, extensions, keepass, brute forcing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8524 MoveIT Transfer Exploited; Atomic Wallet Theft; Magecart Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MoveIT Transfer Exploited; Atomic Wallet Theft; Magecart Update https://traffic.libsyn.com/securitypodcast/8524.mp3 https://isc.sans.edu/podcastdetail/8524 Mon, 05 Jun 2023 02:00:01 GMT https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/
https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft
Atomic Wallet Compromise
https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/
Magecart Update
https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
]]> 5:56 magecart, atomic wallet, moveit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8522 SSLv2 Remnants; iOS Malware; MOVEit and Reportslab PDF Library Vulnerabilities; Brandon Helms (@sans_edu): CTI For Containers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SSLv2 Remnants; iOS Malware; MOVEit and Reportslab PDF Library Vulnerabilities; Brandon Helms (@sans_edu): CTI For Containers https://traffic.libsyn.com/securitypodcast/8522.mp3 https://isc.sans.edu/podcastdetail/8522 Fri, 02 Jun 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet...%20but%20we're%20getting%20there/29908/
Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware
https://securelist.com/operation-triangulation/109842/
MOVEit Transfer Criticial Vulnerability
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Code Injection Vulnerablity in Reportlab Python Library
https://github.com/c53elyas/CVE-2023-33733
]]> 17:09 reportlab, pdf, moveit, ios, 0-Day, sslv2, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8520 Apache NiFi Attacks; Gigabyte Backdoor; SalesForce Ghost Sites; ImageMagick Shell Command Injection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apache NiFi Attacks; Gigabyte Backdoor; SalesForce Ghost Sites; ImageMagick Shell Command Injection https://traffic.libsyn.com/securitypodcast/8520.mp3 https://isc.sans.edu/podcastdetail/8520 Thu, 01 Jun 2023 02:00:02 GMT https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900
Gigabyte App Center Backdoor;
https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Salesforce Ghost Sites
https://www.varonis.com/blog/salesforce-ghost-sites
CVE-2023-34152: Shell Command Injection in ImageMagick
https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/
]]> 6:51 imagemagick, salesforce, ghost sites, gigabyte, app-center, backdoor, apache, nifi, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8518 ModiLoader Sample; MacOS SIP Bypass; OpenSSL Update; Barracuda Vuln Details; Nextcloud, Zyxel Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ModiLoader Sample; MacOS SIP Bypass; OpenSSL Update; Barracuda Vuln Details; Nextcloud, Zyxel Vuln; https://traffic.libsyn.com/securitypodcast/8518.mp3 https://isc.sans.edu/podcastdetail/8518 Wed, 31 May 2023 02:00:01 GMT https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896
MacOS SIP Bypass
https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/
OpenSSL Update
https://www.openssl.org/news/secadv/20230530.txt
Barracuda Email Security Gateway Applicance Vulnerability Details
https://www.barracuda.com/company/legal/esg-vulnerability#:~:text=the%20section%20below.-,Endpoint%20IOCs,-Table%204%20lists
Void Rabisu RomCom Backdoor
https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html
Nextcloud Vulnerability
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54
Zyxel NAS Vulnerability
https://sternumiot.com/iot-blog/ntp-textbox-vulnerability-in-zyxel-nas326-nas540-and-nas542-devices/
Wait Just An Infosec: Higher Ed
https://www.youtube.com/watch?v=ufEuo-096yc&list=PLtgaAEEmVe6B2kqkE9KdgPJdtbqNiaiOn&index=8
]]> 5:54 ed, higher ed, zyxel, nas, nextcloud, romcom, barracuda, sip, apple, modiloader, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8516 Word in PPT; DocuSign Malspam; Archiver in Browser; Casandra and MXsecurity Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Word in PPT; DocuSign Malspam; Archiver in Browser; Casandra and MXsecurity Vulnerabilities https://traffic.libsyn.com/securitypodcast/8516.mp3 https://isc.sans.edu/podcastdetail/8516 Tue, 30 May 2023 02:00:02 GMT https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894
DocuSign Themed Email Leads to Script-Based Infection
https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888
File Archiver In The Browser
https://mrd0x.com/file-archiver-in-the-browser/
Securing PyPI accounts via Two-Factor Authentication
https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/
Apache Casandra Vulnerabilities
https://lists.apache.org/thread/mwd02nrw2go8shg29rnp3o4hgompvkp5
MOXA MXsecurity Vulerabilities
https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities
]]> 5:50 pypi, zip, tld, docusign, office, powerpoint, word, ppt, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8514 IR Case/Alert Mgnmt; GitLab Exploit; Expo OAUTH Vuln Details; Mitel MiVoice and DLink Vulnerabilities; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IR Case/Alert Mgnmt; GitLab Exploit; Expo OAUTH Vuln Details; Mitel MiVoice and DLink Vulnerabilities; https://traffic.libsyn.com/securitypodcast/8514.mp3 https://isc.sans.edu/podcastdetail/8514 Fri, 26 May 2023 02:00:02 GMT https://isc.sans.edu/diary/IR%20Case%20Alert%20Management/29880
Exploit for CVE-2023-2825 GitLab Vulnerability
https://github.com/Occamsec/CVE-2023-2825
Expo Framework OAUTH Vulnerability CVE-2023-28131
https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services
Mitel MiVoice Vulnerability CVE-2023-31457 CVE-2023-32748
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004
D-Link Vulnerabilities
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332
]]> 5:22 dlink, d-link, mitel, mivoice, expo, oauth, gitlab, ir, case, alert, management, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8512 Enriching Cowrie; Volt Typhoon; Android Spy App; Zyxel, Baracuda and GitLab Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Enriching Cowrie; Volt Typhoon; Android Spy App; Zyxel, Baracuda and GitLab Patches; https://traffic.libsyn.com/securitypodcast/8512.mp3 https://isc.sans.edu/podcastdetail/8512 Thu, 25 May 2023 02:00:02 GMT https://isc.sans.edu/diary/More%20Data%20Enrichment%20for%20Cowrie%20Logs/29878
Volt Typhoon: Living of the Land
https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
Android App Breaking Bad
https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
Zyxel Updates
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls
Baracuda Email Security Gateway Vulnerability
https://status.barracuda.com/incidents/34kx82j5n4q9
Gitlab Patch
https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/
]]> 5:31 gitlab, baracuda, email, zyxel, android, breaking bad, app, volt typhoon, cowrie, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8510 Apache NiFi Scans; Samsung 0-Day Fix; Lenovo Bricked; Dell VX Rail; BrutePrint Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apache NiFi Scans; Samsung 0-Day Fix; Lenovo Bricked; Dell VX Rail; BrutePrint https://traffic.libsyn.com/securitypodcast/8510.mp3 https://isc.sans.edu/podcastdetail/8510 Wed, 24 May 2023 02:00:01 GMT https://isc.sans.edu/diary/Help+us+figure+this+out+Scans+for+Apache+Nifi/29874/
Samsung Updates fix 0-Day
https://security.samsungmobile.com/securityUpdate.smsb
Lenovo All-In One Bricked by Windows Update
https://www.reddit.com/r/Lenovo/comments/136tatm/lenovo_firmware_10055_bricking_thinkcentre_v53024/
Dell VxRail Security Update
https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450
BrutePrint: Expose Smartphone Fingerprint Authentication to Brute-force Attack
https://arxiv.org/pdf/2305.10791.pdf
]]> 6:18 bruteprint, android, ios, fingerprint, dell, vxrail, lenovo, samsung, nifi, apache, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8508 ABUS Camera Vuln; .ZIP vs Virustotal; Nissan Car Key Replay; Synology DSM 6.2; Jenkins Plugins; PyPi Suspension Lifted; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ABUS Camera Vuln; .ZIP vs Virustotal; Nissan Car Key Replay; Synology DSM 6.2; Jenkins Plugins; PyPi Suspension Lifted; https://traffic.libsyn.com/securitypodcast/8508.mp3 https://isc.sans.edu/podcastdetail/8508 Tue, 23 May 2023 02:00:02 GMT https://isc.sans.edu/diary/Probes%20for%20recent%20ABUS%20Security%20Camera%20Vulnerability%3A%20Attackers%20keep%20an%20eye%20on%20everything./29870
.ZIP Domains Confuse Virustotal
https://twitter.com/imohanasundaram/status/1660678184977805316
Synology DSM 6.2 Patch
https://www.synology.com/en-global/security/advisory/Synology_SA_22_25
Jenkins Fixes Multiple Plugin Vulnerabilities
https://www.jenkins.io/security/advisory/2023-05-16/
PyPi Suspension Lifted
https://status.python.org/incidents/qy2t9mjjcc7g
Nissan Sylphy Classic Key Vulnerability
https://vulmon.com/vulnerabilitydetails?qid=CVE-2023-33281
]]> 5:13 nissan, sylphy, key, pypi, jenkins, synology, abus, virustotal, zip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8506 HTA Analysis; Encoding Mistakes; PyPi Attack; PyPi PGP Signatures; npm RATs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HTA Analysis; Encoding Mistakes; PyPi Attack; PyPi PGP Signatures; npm RATs https://traffic.libsyn.com/securitypodcast/8506.mp3 https://isc.sans.edu/podcastdetail/8506 Mon, 22 May 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%203/29678/
When the Phisher Messes Up With Encoding
https://isc.sans.edu/diary/When%20the%20Phisher%20Messes%20Up%20With%20Encoding/29864
PyPi Suspends New Users and Projects
https://status.python.org/incidents/qy2t9mjjcc7g
PGP Signatures on PyPi: Worse than useless
https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless
RATs found hiding in the npm attic
https://www.reversinglabs.com/blog/rats-found-hiding-in-the-npm-attic
]]> 5:30 RATs, npm, pgp, pypi, phishing, encoding, HTA, reverse analysis, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8504 Apple Updates; .zip Survey; Dell/EMC Networker Vuln; Keepass Master PW Exposure Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; .zip Survey; Dell/EMC Networker Vuln; Keepass Master PW Exposure https://traffic.libsyn.com/securitypodcast/8504.mp3 https://isc.sans.edu/podcastdetail/8504 Fri, 19 May 2023 02:00:01 GMT https://isc.sans.edu/diary/Apple%20Updates%20Everything/29860
A Quick Survey of .zip Domains
https://isc.sans.edu/diary/A%20Quick%20Survey%20of%20.zip%20Domains%3A%20Your%20highest%20risk%20is%20running%20into%20Rick%20Astley./29858
Dell NetWorker Security Update
https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability?lwp=rt
KeePass 2.X Master Password Dumper
https://github.com/vdohney/keepass-password-dumper
]]> 6:51 keepass, dell, networker, backup, .zip, domains, apple, updates, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8502 RAR SFX Files; Wemo Vuln; Wago Vuln; Router Vuln to Proxies; TP-Link Malicous Firmware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RAR SFX Files; Wemo Vuln; Wago Vuln; Router Vuln to Proxies; TP-Link Malicous Firmware https://traffic.libsyn.com/securitypodcast/8502.mp3 https://isc.sans.edu/podcastdetail/8502 Thu, 18 May 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Increase%20in%20Malicious%20RAR%20SFX%20files/29852/
FriendlyName Buffer Overflow in Wemo Smartplug
https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/
Wago License Page Exploit
https://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution/
Routers Turned Into Proxies
https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
]]> 5:47 tp-link, routers, wago, wemo, rar, sfx, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8500 Testing Faraday Bags; Sharepoint Scans Encrypted Files; vm2 Escape; geocon for MacOS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Testing Faraday Bags; Sharepoint Scans Encrypted Files; vm2 Escape; geocon for MacOS https://traffic.libsyn.com/securitypodcast/8500.mp3 https://isc.sans.edu/podcastdetail/8500 Wed, 17 May 2023 02:00:01 GMT https://isc.sans.edu/forums/diary/Signals%20Defense%20With%20Faraday%20Bags%20%26%20Flipper%20Zero/29840/
Microsoft Sharepoint Scans Password Protected Files
https://infosec.exchange/@threatresearch/110373860063222707#
Critical Sandbox Escape Vulnerability in VM2
https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5
Geacon Brings Cobalt Strike Capabilities to MacOS Threat Actors
https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/
]]> 5:36 geacon, cobalt strike, macos, vm2, sandbox escape, sharepoint av scanning, fraday bag, flipper zero, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8498 Facebook Phish; No Intel Microcode Vuln; Fake Trezor Wallets; TP-Link Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Facebook Phish; No Intel Microcode Vuln; Fake Trezor Wallets; TP-Link Exploited https://traffic.libsyn.com/securitypodcast/8498.mp3 https://isc.sans.edu/podcastdetail/8498 Tue, 16 May 2023 02:00:01 GMT https://isc.sans.edu/diary/Ongoing%20Facebook%20phishing%20campaign%20without%20a%20sender%20and%20%28almost%29%20without%20links/29848
Intel Microcode Updates Do Not Patch Vulnerability
https://www.theregister.com/2023/05/15/intel_mystery_microcode/
Fake Trezor Hardware Crypto Wallet
https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/
TP-Link Archer AX-21 Command Injection CVE-2023-1389 Exploited
https://www.fortiguard.com/threat-signal-report/5157/tp-link-archer-ax-21-command-injection-vulnerability-cve-2023-1389-exploited-in-the-wild
]]> 5:19 facebook, phishing, intel, microcode, trezor, wallet, fake, tp-link, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8496 .zip/.mov domains; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. .zip/.mov domains; https://traffic.libsyn.com/securitypodcast/8496.mp3 https://isc.sans.edu/podcastdetail/8496 Mon, 15 May 2023 02:00:01 GMT https://isc.sans.edu/forums/diary/The+zip+gTLD+Risks+and+Opportunities/29838/
Brave Forgetful Browsing
https://brave.com/privacy-updates/25-forgetful-browsing/
Intel Mystery Microcode Patch
https://www.phoronix.com/news/Intel-12-May-2023-Microcode
Netgear Updates
https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348
Synology Updates
https://www.synology.com/en-global/security/advisory/Synology_SA_23_04
https://claroty.com/team82/research/chaining-five-vulnerabilities-to-exploit-netgear-nighthawk-rax30-routers-at-pwn2own-toronto-2022
]]> 7:06 zip, mov, brave, forgetful, browsing, intel, microcode, netgear, synology, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8494 Geolocation Difficulties; Pre-Infected Phones; Dragos Breach; Ruckus Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Geolocation Difficulties; Pre-Infected Phones; Dragos Breach; Ruckus Exploited https://traffic.libsyn.com/securitypodcast/8494.mp3 https://isc.sans.edu/podcastdetail/8494 Fri, 12 May 2023 02:00:02 GMT https://isc.sans.edu/diary/Geolocating%20IPs%20is%20harder%20than%20you%20think/29834
Pre-Infected Mobile Phones
https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/
Dragos Breach
https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/
AndoryuBot Targets Ruckus Admin RCE Vulnerability
https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
]]> 6:20 geolocation, mobile phones, android, dragos, andoryubot, ruckus, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8492 CISSM Data Anlysis; Outlook "re-patch"; Snake Malware; Fake System Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CISSM Data Anlysis; Outlook "re-patch"; Snake Malware; Fake System Updates https://traffic.libsyn.com/securitypodcast/8492.mp3 https://isc.sans.edu/podcastdetail/8492 Thu, 11 May 2023 02:00:01 GMT https://isc.sans.edu/diary/Exploratory%20Data%20Analysis%20with%20CISSM%20Cyber%20Attacks%20Database%20-%20Part%202/29828
Microsoft Patched Outlook (actually Windows) vulnerability again
https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api
Law Enforcement and Intelligence Agencies Disable "Snake" Malware
https://media.defense.gov/2023/May/09/2003218554/-1/-1/1/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF
Fake System Update Drop Malware
https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
]]> 5:52 fake updates, system updates, snake, malware, outlook, patch, cissm, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8490 Microsoft Patch Tuesday; GitHub Push Protection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; GitHub Push Protection https://traffic.libsyn.com/securitypodcast/8490.mp3 https://isc.sans.edu/podcastdetail/8490 Wed, 10 May 2023 02:00:01 GMT https://isc.sans.edu/diary/Microsoft%20May%202023%20Patch%20Tuesday/29826
GitHub "Push Protection" now out of Beta
https://github.blog/2023-05-09-push-protection-is-generally-available-and-free-for-all-public-repositories/
]]> 5:57 microsoft patch tuesday, push protection, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8488 QR Code Threats; Microsoft Edge Update; Fake ChatGPT Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. QR Code Threats; Microsoft Edge Update; Fake ChatGPT https://traffic.libsyn.com/securitypodcast/8488.mp3 https://isc.sans.edu/podcastdetail/8488 Tue, 09 May 2023 02:00:02 GMT https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/
Microsoft Edge Update
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel
Facebook Sees More Fake ChatGPT
https://about.fb.com/news/2023/05/metas-q1-2023-security-reports/
CyberGhost VPN Vulnerability
https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/
]]> 6:21 qr codes, microsoft, edge, facebook, chatgpt, cyberghost, vpn, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8486 Decoding PPAMs; Exploratory Analysis; Colorcpl.exe LOLBIN; Leaked MSI Keys; PHP Packages Compromised; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Decoding PPAMs; Exploratory Analysis; Colorcpl.exe LOLBIN; Leaked MSI Keys; PHP Packages Compromised; https://traffic.libsyn.com/securitypodcast/8486.mp3 https://isc.sans.edu/podcastdetail/8486 Mon, 08 May 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Quickly+Finding+Encoded+Payloads+in+Office+Documents/29818/
Exploratory Data Analysis with CISSM Cyber Attacks Database Part 1
https://isc.sans.edu/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/
Guildma is now Abusing Colorcpl.exe LOLBIN
https://isc.sans.edu/forums/diary/Guildma+is+now+abusing+colorcplexe+LOLBIN/29814/
Leaked MSI Keys
https://github.com/binarly-io/SupplyChainAttacks/blob/main/MSI/ImpactedDevices.md
https://twitter.com/matrosov/status/1654560343295934464
PHP Packages Compromised
https://blog.packagist.com/packagist-org-maintainer-account-takeover/
]]> 6:02 php, msi, safe boot, keys, guildma, lolbin, colocpl.exe, decoding, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8484 Word Infostealer; Cisco SPA-112; Fortinet May Updates; PaperCut New Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Word Infostealer; Cisco SPA-112; Fortinet May Updates; PaperCut New Exploit https://traffic.libsyn.com/securitypodcast/8484.mp3 https://isc.sans.edu/podcastdetail/8484 Fri, 05 May 2023 02:05:02 GMT https://isc.sans.edu/diary/Infostealer%20Embedded%20in%20a%20Word%20Document/29810
Cisco SPA-112 Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW
Fortinet May Updates
https://www.fortiguard.com/psirt?date=05-2023
PaperCut exploitation - A Different Path to Code Execution
https://vulncheck.com/blog/papercut-rce
]]> 6:00 papercut, protinet, cisco, spa-112, infostealer, word, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8482 Config File Scans; Google Enables Passkeys; Chrome Dropping TLS Lock; AMD TPM Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Config File Scans; Google Enables Passkeys; Chrome Dropping TLS Lock; AMD TPM Attacks https://traffic.libsyn.com/securitypodcast/8482.mp3 https://isc.sans.edu/podcastdetail/8482 Thu, 04 May 2023 02:00:02 GMT https://isc.sans.edu/diary/Increased%20Number%20of%20Configuration%20File%20Scans/29806
Google Enabling Passkeys
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
Chrome to Drop Lock Icon from HTTPS
https://blog.chromium.org/2023/05/an-update-on-lock-icon.html
Attack Against AMD TPM Implementation
https://arxiv.org/abs/2304.14717
]]> 7:37 amd, tpm, https, google, passkeys, file scans, configuration files, lock icon, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8480 VBA Project References; FRRouting Vuln; JWT ECDSA Algo Confusion Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VBA Project References; FRRouting Vuln; JWT ECDSA Algo Confusion https://traffic.libsyn.com/securitypodcast/8480.mp3 https://isc.sans.edu/podcastdetail/8480 Wed, 03 May 2023 02:00:02 GMT https://isc.sans.edu/diary/VBA%20Project%20References/29800
BGP Message Parsing Vulnerabilities in FRRouting
https://www.forescout.com/blog/three-new-bgp-message-parsing-vulnerabilities-disclosed-in-frrouting-software/
JWT ECDSA Algorithm Confusion
https://blog.pentesterlab.com/exploring-algorithm-confusion-attacks-on-jwt-exploiting-ecdsa-23f7ff83390f
]]> 5:49 jwt, ecdsa, bpg, routing, dos, vba, project references, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8478 Passive Phish Analysis; Apple Rapid Security Response; Grafana Vuln; Illumina Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Passive Phish Analysis; Apple Rapid Security Response; Grafana Vuln; Illumina Vuln; https://traffic.libsyn.com/securitypodcast/8478.mp3 https://isc.sans.edu/podcastdetail/8478 Tue, 02 May 2023 02:00:02 GMT https://isc.sans.edu/diary/%22Passive%22%20analysis%20of%20a%20phishing%20attachment/29798
Apple Rapid Security Response
https://www.macrumors.com/2023/05/01/rapid-security-response-16-4-1/
Grafana Security Release
https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/
Illumina Vulnerability
https://www.fda.gov/medical-devices/letters-health-care-providers/illumina-cybersecurity-vulnerability-affecting-universal-copy-service-software-may-present-risks
]]> 5:40 illumina, grafana, dna sequencing, apple, rapid security response, passive analysis, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8476 Loki in Docker; UTF-16 Encoded Malware; AT&T Email Compromise; MacOS Crypto Stealer; Zyxel Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Loki in Docker; UTF-16 Encoded Malware; AT&T Email Compromise; MacOS Crypto Stealer; Zyxel Vuln https://traffic.libsyn.com/securitypodcast/8476.mp3 https://isc.sans.edu/podcastdetail/8476 Mon, 01 May 2023 02:00:01 GMT https://isc.sans.edu/diary/Quick%20IOC%20Scan%20With%20Docker/29788
Dobfuscation Scripts When Encodings Help
https://isc.sans.edu/diary/Deobfuscating%20Scripts%3A%20When%20Encodings%20Help/29792
Hackers Are Breaking Into AT&T Email Accounts To Steal Cryptocurrency
https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/
Trheat Actor Selling New Atomic MacOS AMOS Stealer on Telegram
https://blog.cyble.com/2023/04/26/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram/
Zyxel Firewall Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
]]> 5:26 loki, docker, malware, utf-16, att, macos, crypto, zyxel, vulnerability, firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8474 Veeam Vuln Ransomware; Google Authenticator Sync; Keycloak Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Veeam Vuln Ransomware; Google Authenticator Sync; Keycloak Vuln; https://traffic.libsyn.com/securitypodcast/8474.mp3 https://isc.sans.edu/podcastdetail/8474 Fri, 28 Apr 2023 02:00:02 GMT https://www.computerweekly.com/news/365535586/Ransomware-gang-exploiting-unpatched-Veeam-backup-products
Google Authenticator Sync Encryption
https://security.googleblog.com/2023/04/google-authenticator-now-supports.html
Keycloak Vulnerability
https://out.reddit.com/t3_130km04?url=https%3A%2F%2Fwww.offensity.com%2Fen%2Fblog%2Fuser-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264%2F&token=AQAAjSdLZJTzQM37107hVzYY-tbz6ak81pMNqN9qv3m2SWXEOMIm&app_name=web2x&user_id=33629461&web_redirect=true
]]> 6:15 keycloak, google, authenticator, ransomwre, veeam, backup, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8472 Hunting Phishing Sites; RSA Top Attack Panel; @sans_edu research journal Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hunting Phishing Sites; RSA Top Attack Panel; @sans_edu research journal https://traffic.libsyn.com/securitypodcast/8472.mp3 https://isc.sans.edu/podcastdetail/8472 Thu, 27 Apr 2023 02:00:02 GMT https://isc.sans.edu/diary/Strolling%20through%20Cyberspace%20and%20Hunting%20for%20Phishing%20Sites/29780
RSA Panel: Five most dangerous new attack techniques
https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques
SANS.edu Research Journal
https://www.sans.edu/cyber-security-research
]]> 5:45 sans.edu, research journal, rsa panel, attack techniques, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8470 ChatGPT CVSS Scores; SLP Amplification; Apache Superset RCE; Sophos Web Appliance PoC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ChatGPT CVSS Scores; SLP Amplification; Apache Superset RCE; Sophos Web Appliance PoC https://traffic.libsyn.com/securitypodcast/8470.mp3 https://isc.sans.edu/podcastdetail/8470 Wed, 26 Apr 2023 02:00:01 GMT https://isc.sans.edu/diary/Calculating%20CVSS%20Scores%20with%20ChatGPT/29774
Amplifying SLP Traffic
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp
Insecure Default Configuration in Apache Superset
https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/ SLP Amplification; Apache Superset RCE;
PoC Exploit for Sophos Web Appliciance
https://github.com/W01fh4cker/CVE-2023-1671-POC
]]> 6:21 sophos, poc, exploit, apache, superset, slp, dos, amplification, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8468 Aukill BYOVD Ransomware; Papercut Exploit; Solarwinds Patch; APC UPS Software Patch; Virustotal Code Insight Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Aukill BYOVD Ransomware; Papercut Exploit; Solarwinds Patch; APC UPS Software Patch; Virustotal Code Insight https://traffic.libsyn.com/securitypodcast/8468.mp3 https://isc.sans.edu/podcastdetail/8468 Tue, 25 Apr 2023 05:20:43 GMT https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/
Papercut Vulnerability Deep Dive
https://www.horizon3.ai/papercut-cve-2023-27350-deep-dive-and-indicators-of-compromise
Solarwinds Patches
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm
Schneider Electric Update
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security%20and%20Safety%20Notice&p_File_Name=SEVD-2023-101-04.pdf
Virustotal Code Insight
https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
]]> 6:05 virustotal, code, insight, ups, apc, schneider electric, solarwinds, papercut, driver, process explorer, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8466 DMARC in .co; X_Trader Fallout; Car Hacking; DNS Decoy Dog Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DMARC in .co; X_Trader Fallout; Car Hacking; DNS Decoy Dog https://traffic.libsyn.com/securitypodcast/8466.mp3 https://isc.sans.edu/podcastdetail/8466 Mon, 24 Apr 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+1/29768/
X_Trader Supply Chain Attack Fallout
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain
Car Hacking with Old Nokia Phones
https://www.vice.com/en/article/v7beyj/car-thieves-tech-hidden-old-nokia-phones-bluetooth-speakers-emergency-engine-start-keyless
Dog Hunt Finding Decoy Dog Toolkit
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
]]> 5:45 dog, decoy dog, dns, car hacking, nokia, x_trader, dmarc, columbia, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8464 Password Expiry; 3CX Update; Google Ghosttokens; PyPi Trusted Publishers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Password Expiry; 3CX Update; Google Ghosttokens; PyPi Trusted Publishers https://traffic.libsyn.com/securitypodcast/8464.mp3 https://isc.sans.edu/podcastdetail/8464 Fri, 21 Apr 2023 02:00:02 GMT https://isc.sans.edu/diary/Taking%20a%20Bite%20Out%20of%20Password%20Expiry%20Helpdesk%20Calls/29758
3CX Software Supply Chain Compromise
https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
Google Ghost Tokens
https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/
PyPi Trusted Publishers
https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/
]]> 6:35 pypi, google, ghost tokens, 3xc, password, expiration, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8462 Chrome 0-Day; Oracle CPU; Github npm Prvenance; MSFT Threat Actor Naming; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Chrome 0-Day; Oracle CPU; Github npm Prvenance; MSFT Threat Actor Naming; https://traffic.libsyn.com/securitypodcast/8462.mp3 https://isc.sans.edu/podcastdetail/8462 Thu, 20 Apr 2023 10:10:54 GMT https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Oracle Critical Patch Update April 2023
https://www.oracle.com/security-alerts/cpuapr2023.html
Github Provenance Action for npm Packages
https://www.theregister.com/2023/04/19/github_actions_npm_origins/
Microsoft Revises Threat Actor Naming
https://learn.microsoft.com/de-de/microsoft-365/security/intelligence/microsoft-threat-actor-naming
]]> 4:49 microsoft, github, threat actors, npm, provenance, oracle, cpu, chrome 0-day, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8460 UDDIExplorer; SNMP Against Routers; Data from Discarded Routers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. UDDIExplorer; SNMP Against Routers; Data from Discarded Routers https://traffic.libsyn.com/securitypodcast/8460.mp3 https://isc.sans.edu/podcastdetail/8460 Wed, 19 Apr 2023 02:00:01 GMT https://isc.sans.edu/diary/UDDIs%20are%20back%3F%20Attackers%20rediscovering%20old%20exploits./29754UDDIExplorer;
UDDIExplorer;
Russian Attacks against Routers
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108
Information Leakage on Discarded Routers
https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/
]]> 5:22 routers, snmp, leaks, ebay, russia, uddi, exploits, weblogic, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8458 Increase in Honeypots in China; Mac Ransomware; GC2 in Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Increase in Honeypots in China; Mac Ransomware; GC2 in Malware https://traffic.libsyn.com/securitypodcast/8458.mp3 https://isc.sans.edu/podcastdetail/8458 Tue, 18 Apr 2023 02:00:02 GMT https://isc.sans.edu/diary/The%20strange%20case%20of%20Great%20honeypot%20of%20China/29750
The LockBit ransomware (kinda) comes for macOS
https://objective-see.org/blog/blog_0x75.html
Google Cloud Used as C&C
https://thehackernews.com/2023/04/google-uncovers-apt41s-use-of-open.html
]]> 5:23 GC3, C2, malware, taiwan, china, lockbit, macos, honeypot, medical devices, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8456 Fake Chrome Errors; Chromium 0-Day; LAPS Compatibility Issues; Manage Engine Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake Chrome Errors; Chromium 0-Day; LAPS Compatibility Issues; Manage Engine https://traffic.libsyn.com/securitypodcast/8456.mp3 https://isc.sans.edu/podcastdetail/8456 Mon, 17 Apr 2023 02:00:02 GMT https://insight-jp.nttsecurity.com/post/102icvb/attack-campaign-that-uses-fake-google-chrome-error-to-distribute-malware-from-com
Chromium Publishes Emergency Update
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
LAPS Update Errors
https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview
Manage Engine Vulnerability
https://hnd3884.github.io/posts/CVE-2023-29084-Command-injection-in-ManageEngine-ADManager-plus/
]]> 5:25 manage engine, laps, chromium, chorme, errors, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8454 OCSP Messages; NTP Vuln Update; SecurePoint Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OCSP Messages; NTP Vuln Update; SecurePoint Vuln; https://traffic.libsyn.com/securitypodcast/8454.mp3 https://isc.sans.edu/podcastdetail/8454 Fri, 14 Apr 2023 02:00:02 GMT https://isc.sans.edu/diary/HTTP%3A%20What%27s%20Left%20of%20it%20and%20the%20OCSP%20Problem/29744
NTP Vulnerability Update
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321
SecurePoint UTM Vulnerability CVE-2023-22897
https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/
https://www.rcesecurity.com/2023/04/securepwn-part-2-leaking-remote-memory-contents-cve-2023-22897/
Google Cloud Assured Open Source Software Services
https://cloud.google.com/blog/products/identity-security/google-cloud-assured-open-source-software-service-now-ga
]]> 6:29 google, assured open source software, open source, securepoint, utm, ntp, http, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8452 IcedID (Bokbot); MSMQ Vuln Details; ntpd vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IcedID (Bokbot); MSMQ Vuln Details; ntpd vulnerability https://traffic.libsyn.com/securitypodcast/8452.mp3 https://isc.sans.edu/podcastdetail/8452 Thu, 13 Apr 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Recent%20IcedID%20%28Bokbot%29%20activity/29740/
Microsoft Message Queue Vulnerabilities Details
https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/
NTP Vulnerabilities
https://github.com/spwpun/ntp-4.2.8p15-cves
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0938
]]> 6:20 ntp, ntp.org, microsoft, msmq, icedid, bokbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8450 Microsoft Patch Tuesday; Windows LAPS Update; SAP and Adobe Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Windows LAPS Update; SAP and Adobe Patches https://traffic.libsyn.com/securitypodcast/8450.mp3 https://isc.sans.edu/podcastdetail/8450 Wed, 12 Apr 2023 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20April%202023%20Patch%20Tuesday/29736
Windows LAPS Available as part of Windows
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
]]> 6:03 adobe, sap, patches, windows, laps, micorsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8448 Analysising HTA Files; Apple Updates; MSI Attacks; MSFT Altered Netlogon Update Schedule Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analysising HTA Files; Apple Updates; MSI Attacks; MSFT Altered Netlogon Update Schedule https://traffic.libsyn.com/securitypodcast/8448.mp3 https://isc.sans.edu/podcastdetail/8448 Tue, 11 Apr 2023 02:00:01 GMT https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%202/29676
Apple Updates for Older Operating Systems
https://support.apple.com/en-us/HT201222
MSI Attack May Affect BIOS Updates
https://www.msi.com/news/detail/MSI-Statement-141688
KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023
https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25
]]> 5:39 netlogon, msi, bios, firmware, apple, hta, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8446 YARA API Usage Rules; Apple 0-Day; VM2 Library Vuln; Netlogon Changes Coming Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. YARA API Usage Rules; Apple 0-Day; VM2 Library Vuln; Netlogon Changes Coming https://traffic.libsyn.com/securitypodcast/8446.mp3 https://isc.sans.edu/podcastdetail/8446 Mon, 10 Apr 2023 02:00:01 GMT https://isc.sans.edu/diary/Detecting%20Suspicious%20API%20Usage%20with%20YARA%20Rules/29724
Apple Patching Two 0-Day Vulnerabilities in iOS and macOS
https://isc.sans.edu/diary/Apple%20Patching%20Two%200-Day%20Vulnerabilities%20in%20iOS%20and%20macOS/29726
VM2 Sandbox Escape
https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv
https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d
Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023
https://isc.sans.edu/diary/Microsoft%20Netlogon%3A%20Potential%20Upcoming%20Impacts%20of%20CVE-2022-38023/29728
]]> 6:55 microsoft, netlogon, vm2, apple, ios, macos, safari, webkit, 0-day, api, yara, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8444 Malicious SFX Files; loldrivers; Trellix Priv Esc; HP LasterJet Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious SFX Files; loldrivers; Trellix Priv Esc; HP LasterJet Vuln https://traffic.libsyn.com/securitypodcast/8444.mp3 https://isc.sans.edu/podcastdetail/8444 Fri, 07 Apr 2023 02:00:02 GMT https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/
loldrivers
https://www.loldrivers.io
Trellix Privilege Escalation
https://kcm.trellix.com/corporate/index?page=content&id=SB10396
HP LaserJet Vuln.
https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838
]]> 6:37 hp, lasterjet, trellix, loldrivers, sfx, self extracting archives, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8442 jq and cowrie; NEXX Vulnerability; OneNote Changes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. jq and cowrie; NEXX Vulnerability; OneNote Changes https://traffic.libsyn.com/securitypodcast/8442.mp3 https://isc.sans.edu/podcastdetail/8442 Thu, 06 Apr 2023 02:00:02 GMT https://isc.sans.edu/diary/Exploration%20of%20DShield%20Cowrie%20Data%20with%20jq/29714
NEXX Garage Door Vulnerability
https://medium.com/@samsabetan/the-uninvited-guest-idors-garage-doors-and-stolen-secrets-e4b49e02dadc
OneNote Changes
https://learn.microsoft.com/en-us/deployoffice/security/onenote-extension-block
MSFT Changes to Auto-Update
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3060
NPM Spam DDoS Attacks
https://www.helpnetsecurity.com/2023/04/05/flood-of-malicious-packages-results-in-npm-registry-dos/
]]> 6:52 npm, spam, ddos, microsoft, patching, one note, nexx, jq, cowrie, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8440 efile.com Malware; Veritas Backup Exploited; Sophos Web Applicance; Zimbra Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. efile.com Malware; Veritas Backup Exploited; Sophos Web Applicance; Zimbra Attacks https://traffic.libsyn.com/securitypodcast/8440.mp3 https://isc.sans.edu/podcastdetail/8440 Wed, 05 Apr 2023 02:00:02 GMT https://isc.sans.edu/diary/Analyzing+the+efilecom+Malware+efail/29712
ALPHV Ransomware Targets Backup Installations
https://www.mandiant.com/resources/blog/alphv-ransomware-backup
Sophos Web Appliance Vulnerability (and EoL)
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce
Zimbra Exploited in Targeted Attacks
https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability
]]> 6:18 zimbra, sophos, alphv, ransomware, backups, veritas, efile.com, malware, phython, php, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8438 efile.com Compromise; MyCloud Breach; 3CX GoPuram Backdoor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. efile.com Compromise; MyCloud Breach; 3CX GoPuram Backdoor https://traffic.libsyn.com/securitypodcast/8438.mp3 https://isc.sans.edu/podcastdetail/8438 Tue, 04 Apr 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Supply%20Chain%20Compromise%20or%20False%20Positive%3A%20The%20Intriguing%20Case%20of%20efile.com%20%5Bupdated%20-%20confirmed%20malicious%20code%5D/29708/
Western Digital MyCloud Breach
https://www.bleepingcomputer.com/news/security/western-digital-discloses-network-breach-my-cloud-service-down/
3CX Compromise Affected Cryptocoin Exchanges
https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
]]> 7:46 efile.com, irs, taxes, western digital, 3cx, crypto, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8436 Preventing Framing; Oledump Supports MSI; 3CX Update; PinDuoDuo App Issues; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Preventing Framing; Oledump Supports MSI; 3CX Update; PinDuoDuo App Issues; https://traffic.libsyn.com/securitypodcast/8436.mp3 https://isc.sans.edu/podcastdetail/8436 Mon, 03 Apr 2023 02:00:02 GMT https://isc.sans.edu/diary/Use%20of%20X-Frame-Options%20and%20CSP%20frame-ancestors%20security%20headers%20on%201%20million%20most%20popular%20domains/29698
oledump supporting MSI Files
https://isc.sans.edu/diary/Update+oledump+MSI+Files/29700/
3CX Update
https://www.3cx.com/blog/news/chrome-blocks-latest-msi/
PinDuoDuo App shows anomalous behaviour
https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html
]]> 5:57 pinduoduo, temu, 3cx, oledump, msi, x-frame-options, csp, frame-ancestors, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8434 Malicious 3CX Desktop App Update; Reverse Engineering Obfuscated Powershell via Debugger Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious 3CX Desktop App Update; Reverse Engineering Obfuscated Powershell via Debugger https://traffic.libsyn.com/securitypodcast/8434.mp3 https://isc.sans.edu/podcastdetail/8434 Fri, 31 Mar 2023 02:00:02 GMT Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY
3CX Update: https://www.3cx.com/blog/news/desktopapp-security-alert/
SentinelOne: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
Objective-See Blog Post: https://objective-see.org/blog/blog_0x73.html
Crowdstrike: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
Bypassing PowerShell Strong Obfuscation
https://isc.sans.edu/diary/Bypassing%20PowerShell%20Strong%20Obfuscation/29692
]]> 6:10 3cx, voip, supply chain, powershell, obfuscation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8432 Multi Stream Extraction; 3CX Compromise; MSFT Defender False Positive; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Multi Stream Extraction; 3CX Compromise; MSFT Defender False Positive; https://traffic.libsyn.com/securitypodcast/8432.mp3 https://isc.sans.edu/podcastdetail/8432 Thu, 30 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688
3CXDesktop App Compromise
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
Microsoft Defender False Positives
https://twitter.com/MSFT365Status/status/1641048649525260289
https://admin.microsoft.com/Adminportal/Home?ref=/servicehealth/:/alerts/DZ534539 (requires login)
Active Exploitation of IBM Aspera Faspex CVE-2022-47986
https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/
QNAP Patch for sudo vulnerablity
https://www.qnap.com/en/security-advisory/qsa-23-11
]]> 5:29 qnap, aspera, ibm, faspex, microsoft, false positives, 3cx, voip, supply chain, excel, multiple stream, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8430 Sensor Placement; Exchange Online Throtteling Exchange; WiFi Vulnerablity; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sensor Placement; Exchange Online Throtteling Exchange; WiFi Vulnerablity; https://traffic.libsyn.com/securitypodcast/8430.mp3 https://isc.sans.edu/podcastdetail/8430 Wed, 29 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078
Bypassing Wi-Fi Encryption by Manipulating Transmit Queues
https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
]]> 5:17 wifi, throttling, exchange server, network monitor, sniffer, span, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8428 Reversing HTA Files Part 1; Apple Patches; New MacStealer Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reversing HTA Files Part 1; Apple Patches; New MacStealer https://traffic.libsyn.com/securitypodcast/8428.mp3 https://isc.sans.edu/podcastdetail/8428 Tue, 28 Mar 2023 02:20:01 GMT https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Updates%20Everything%20%28including%20Studio%20Display%29/29682
MacStealer Malware Exfiltrates Mac Secrets
https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
]]> 5:13 macstealer, apple, ipados, ios, macos, watchos, tvos, hta, reversing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8426 Windows Snipping Tool Updates; GitHub SSH Key Leaked; Redis-py/ChatGPT Vuln; YouTube Hacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows Snipping Tool Updates; GitHub SSH Key Leaked; Redis-py/ChatGPT Vuln; YouTube Hacks https://traffic.libsyn.com/securitypodcast/8426.mp3 https://isc.sans.edu/podcastdetail/8426 Mon, 27 Mar 2023 02:00:01 GMT https://isc.sans.edu/diary/Microsoft%20Released%20an%20Update%20for%20Windows%20Snipping%20Tool%20Vulnerability/29670
GitHub Rotates SSH Keys
https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
redis-py vulnerability leads to mixed up sessions, affects ChatGPT
https://openai.com/blog/march-20-chatgpt-outage
Linux Tech Tips YouTube Hack
https://www.theverge.com/2023/3/23/23653115/linus-tech-tips-youtube-hack-crypto-scam
https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434
CyberChef Update
https://github.com/gchq/CyberChef/wiki/Character-encoding,-EOL-separators,-and-editor-features
]]> 4:59 windows snipping tool, image cropping, github, ssh, redis-py, chatgpt, youtube hacks, cyber chef update, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8424 Safe Redactions; Untitled Goose; Veeam Vulnerability; Python Unicode Evasion; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Safe Redactions; Untitled Goose; Veeam Vulnerability; Python Unicode Evasion; https://traffic.libsyn.com/securitypodcast/8424.mp3 https://isc.sans.edu/podcastdetail/8424 Fri, 24 Mar 2023 02:00:01 GMT https://isc.sans.edu/diary/Cropping%20and%20Redacting%20Images%20Safely/29666
Untitled Goose Tool
https://github.com/cisagov/untitledgoosetool
Veeam Vulnerability Details
https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/
Unicode Support in Python used to Evade Detection
https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection
]]> 5:39 redactions, untitled goose, veeam, python unicode, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8422 Detecting Badly Cropped PNGs; WooCommerce Skimmer; Orbi Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Detecting Badly Cropped PNGs; WooCommerce Skimmer; Orbi Vuln; https://traffic.libsyn.com/securitypodcast/8422.mp3 https://isc.sans.edu/podcastdetail/8422 Thu, 23 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/Windows%2011%20Snipping%20Tool%20Privacy%20Bug%3A%20Inspecting%20PNG%20Files/29660
Acropalypse Detection and Sanitization Tools
https://github.com/infobyte/CVE-2023-21036
WooCommerce Skimmer Reveals Tampered Gateway Plugin
https://blog.sucuri.net/2023/03/woocommerce-skimmer-reveals-tampered-gateway-plugin.html
Netgear Orbi Router Vulnerable
https://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-router-vulnerable-to-arbitrary-command-execution/
]]> 5:43 netgear, orbi, woocommerce, acropalypse, detection, pngdump, snipping, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8420 Character Pair Reversal; Windows Snipping Tool Bug; Malicious .Net; Spring Vuln; Snappy PHP Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Character Pair Reversal; Windows Snipping Tool Bug; Malicious .Net; Spring Vuln; Snappy PHP Vuln; https://traffic.libsyn.com/securitypodcast/8420.mp3 https://isc.sans.edu/podcastdetail/8420 Wed, 22 Mar 2023 02:00:01 GMT https://isc.sans.edu/diary/String%20Obfuscation%3A%20Character%20Pair%20Reversal/29654
Windows 11 Snipping Tool Privacy Bug
https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/
Malicious .Net Packages
https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/
Spring Framework Vulnerability
https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861
Snappy Vulnerability
https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
]]> 5:54 snappy, php, spring, .Net, nuget, windows 11, cropping images, obfuscation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8418 More Telegram Phishing; Emotet OneNote; WSUS Update; DOTRUNPEX; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Telegram Phishing; Emotet OneNote; WSUS Update; DOTRUNPEX; https://traffic.libsyn.com/securitypodcast/8418.mp3 https://isc.sans.edu/podcastdetail/8418 Tue, 21 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/From%20Phishing%20Kit%20To%20Telegram...%20or%20Not!/29650
Emotet uses OneNote
https://cofense.com/blog/emotet-sending-malicious-emails-after-three-month-hiatus/
WSUS Update
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment#uup-considerations
DOTRUNPEX .Net Injector
https://research.checkpoint.com/2023/dotrunpex-demystifying-new-virtualized-net-injector-used-in-the-wild/
]]> 5:11 telegram, emotet, onenote, wsus, update, dotrunpex, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8416 Obfuscated Backdoor; Samsung Exynos Vuln; Android Image Cropping Problem; Bitwarden PIN Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscated Backdoor; Samsung Exynos Vuln; Android Image Cropping Problem; Bitwarden PIN https://traffic.libsyn.com/securitypodcast/8416.mp3 https://isc.sans.edu/podcastdetail/8416 Mon, 20 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/Old%20Backdoor%2C%20New%20Obfuscation/29646
Samsung Exynos Chip Vulnerability
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
Android Image Cropping Problem
https://twitter.com/ItsSimonTime/status/1636857478263750656/photo/1
https://acropalypse.app/
Bitwarden Pins
https://ambiso.github.io/bitwarden-pin/
]]> 6:47 bitwarden, android, image cropping, redaction, samsung, exynos, backdoor, obfuscation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8414 Dissecting Shellcode; Telerik Exploit; Adobe Acrobat Sign Abuse; Patches for Zoom, Array Networks and Aruba Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dissecting Shellcode; Telerik Exploit; Adobe Acrobat Sign Abuse; Patches for Zoom, Array Networks and Aruba https://traffic.libsyn.com/securitypodcast/8414.mp3 https://isc.sans.edu/podcastdetail/8414 Fri, 17 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/Simple%20Shellcode%20Dissection/29642
Threat Actors Exploit Progress Telerik Vulnerablity
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a
Abusing Adobe Acrobat Sign to Distribute Malware
https://blog.avast.com/adobe-acrobat-sign-malware
Zoom Patches
https://explore.zoom.us/en/trust/security/security-bulletin/
Array Networks Advisory
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf
Aruba Patches
https://www.arubanetworks.com/support-services/security-bulletins/
]]> 7:12 array, advisorsy, zoom, aruba, adobe, acrobat sign, malware, telerik, shellcode, excel, equation editor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8412 IPFS Phishing and iFrames; CVE-2023-23997 Exploit; Windows ICMP RCE; 90 Day Cert Limit; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IPFS Phishing and iFrames; CVE-2023-23997 Exploit; Windows ICMP RCE; 90 Day Cert Limit; https://traffic.libsyn.com/securitypodcast/8412.mp3 https://isc.sans.edu/podcastdetail/8412 Thu, 16 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/IPFS%20phishing%20and%20the%20need%20for%20correctly%20set%20HTTP%20security%20headers/29638
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
CVE-2023-23415 ICMP RCE
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415
Chromium Certificate Proposals
https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/
]]> 6:36 certificates, lifetime, icmp, rce, outlook, exploit, ipfs, phishing, iframes, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8410 Microsoft Patches; Adobe Patches; SAP Patches; Firefox Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Adobe Patches; SAP Patches; Firefox Patches https://traffic.libsyn.com/securitypodcast/8410.mp3 https://isc.sans.edu/podcastdetail/8410 Wed, 15 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20March%202023%20Patch%20Tuesday/29634
Adobe Cold Fusion and Magento (Adobe Commerce) patches
https://helpx.adobe.com/security/products/magento/apsb23-17.html
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Firefox Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/
]]> 6:25 firefox, SAP, Adobe, Cold Fusion, Magento, Adobe Commerce, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8408 #SVB Scams; CISO KEV List Additions; FortiOS Vuln Exploited; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #SVB Scams; CISO KEV List Additions; FortiOS Vuln Exploited; https://traffic.libsyn.com/securitypodcast/8408.mp3 https://isc.sans.edu/podcastdetail/8408 Tue, 14 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/Incoming%20Silicon%20Valley%20Bank%20Related%20Scams/29630
CISA Adds Older PLEX and VMWare Vulnerablities to Known-Exploited List
https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/
FortiOS Vulnerability Exploited
https://www.fortiguard.com/psirt/FG-IR-22-369
]]> 5:18 fortios, cisa, svb, scams, domains, plex, vmware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8406 AsynRAT Trojan; Mirai Payload Generator; Browser Hijack; OneNote Embeded File Protection; No more Chrome Cleanup Tool Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AsynRAT Trojan; Mirai Payload Generator; Browser Hijack; OneNote Embeded File Protection; No more Chrome Cleanup Tool https://traffic.libsyn.com/securitypodcast/8406.mp3 https://isc.sans.edu/podcastdetail/8406 Mon, 13 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/AsynRAT+Trojan+Bill+Payment+Pago+de+la+factura/29626
Mirai Payload Generator
https://isc.sans.edu/diary/Overview%20of%20a%20Mirai%20Payload%20Generator/29624
Multi-Technology Script Leading to Browser Hijacking
https://isc.sans.edu/diary/Multi-Technology%20Script%20Leading%20to%20Browser%20Hijacking/29620
OneNote will warn users of embeded content
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=OneNote%2CIn%20development&searchterms=122277
Google Removing Chrome Cleanup Tool
https://security.googleblog.com/2023/03/thank-you-and-goodbye-to-chrome-cleanup.html
]]> 5:41 google, chrome, clenaup tool, onenote, browser hijacking, mirai, asynrat, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8404 Sonicwall Backdoor; WebLogic "Crypter"; Home Assistant Vuln; Fake ChatGPT Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sonicwall Backdoor; WebLogic "Crypter"; Home Assistant Vuln; Fake ChatGPT https://traffic.libsyn.com/securitypodcast/8404.mp3 https://isc.sans.edu/podcastdetail/8404 Fri, 10 Mar 2023 02:00:02 GMT https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall
Old Cyber Gang Uses New Crypted - ScrubCrypt
https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt
Home Assistant Supervisor Security Vulnerability
https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/
Fake ChatGPT Chrome Extensions
https://www.helpnetsecurity.com/2023/03/09/fake-chatgpt-extension/
Criminals Steal Crytocurrency through Play-to-Earn Games
https://www.ic3.gov/Media/Y2023/PSA230309
]]> 6:23 crytocurrency, gold farming, play-to-earn, chatgpt, home assistant, scrybcrypt, sonicwall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8402 Joomla Exploits; Jenkins RCE Vuln; Bitwarden Vuln; FortiOS Update; Veeam Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Joomla Exploits; Jenkins RCE Vuln; Bitwarden Vuln; FortiOS Update; Veeam Update https://traffic.libsyn.com/securitypodcast/8402.mp3 https://isc.sans.edu/podcastdetail/8402 Thu, 09 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/Increase%20in%20exploits%20agains%20Joomla%20%28CVE-2023-23752%29/29614
Jenkins RCE Vulnerability
https://blog.aquasec.com/jenkins-server-vulnerabilities
Bitwarden: The Curious Use-Case of Password Pilfering
https://flashpoint.io/blog/bitwarden-password-pilfering/
FortiOS Vulnerabilities
https://www.fortiguard.com/psirt/FG-IR-23-001
Veeam Backup Vulnerabilities
https://www.veeam.com/kb4245
]]> 6:23 veeam, fortios, bitwarden, jenkins, joomla, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8400 VSCode SFTP Creds Leak; Clipboard Protection; Sys01 Facebook Info Stealer Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VSCode SFTP Creds Leak; Clipboard Protection; Sys01 Facebook Info Stealer https://traffic.libsyn.com/securitypodcast/8400.mp3 https://isc.sans.edu/podcastdetail/8400 Wed, 08 Mar 2023 02:00:01 GMT https://isc.sans.edu/diary/Hackers%20Love%20This%20VSCode%20Extension%3A%20What%20You%20Can%20Do%20to%20Stay%20Safe/29610
Protecting Android Clipboard Content from Unintended Exposure
https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/
SYS01 Stealer Targeting Facebook Accounts
https://blog.morphisec.com/sys01stealer-facebook-info-stealer
]]> 5:40 sys01 stealer, facebook, android, clipboard, vscode, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8398 S3 Scanning; Router Malware; SonicWall Vuln; Word RCE PoC; Remcos RAT Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. S3 Scanning; Router Malware; SonicWall Vuln; Word RCE PoC; Remcos RAT Update https://traffic.libsyn.com/securitypodcast/8398.mp3 https://isc.sans.edu/podcastdetail/8398 Tue, 07 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/Scanning%20s3%20buckets/29606
HiatusRAT Router Malware
https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/
SonicWall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004
Windows Word RCE Proof-of-Concept
https://twitter.com/jduck/status/1632471544935923712
https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md
DBatLoader and Remcos RAT
https://www.sentinelone.com/blog/dbatloader-and-remcos-rat-sweep-eastern-europe/
]]> 5:06 dbatloader, remcos rat, windows, word, rce, poc, sonicwall, hiatusrat, s3 buckets, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8396 SANS.edu Commencement; SCARLETEEL Cloud Attacks; Preventing OneNote Exploits; Redis Exploits Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS.edu Commencement; SCARLETEEL Cloud Attacks; Preventing OneNote Exploits; Redis Exploits https://traffic.libsyn.com/securitypodcast/8396.mp3 https://isc.sans.edu/podcastdetail/8396 Mon, 06 Mar 2023 02:00:01 GMT https://www.linkedin.com/feed/update/urn:li:activity:7037794067266625536/
SCARLETEEL: Operation Leverating Terraform, Kubernetes and AWS for data theft
https://sysdig.com/blog/cloud-breach-terraform-data-theft/
Preventing Malicious OneNote Files
https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/
Redis Miner Leverages Command Line File Hosting Service
https://www.cadosecurity.com/redis-miner-leverages-command-line-file-hosting-service/
]]> 5:06 redis, miner, onenote, scarleteel, sans.edu, commencement, crypto miner, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8394 Malicious OneNote and YARA; DroneID Security; OAuth Flaw; Marco Gfeller Malware Analysis Pipeline #sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious OneNote and YARA; DroneID Security; OAuth Flaw; Marco Gfeller Malware Analysis Pipeline #sans_edu https://traffic.libsyn.com/securitypodcast/8394.mp3 https://isc.sans.edu/podcastdetail/8394 Fri, 03 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/YARA%3A%20Detect%20The%20Unexpected%20.../29598
Drone Security and the Mysterious Case of DJI's DroneID
https://github.com/RUB-SysSec/DroneSecurity
Booking.com OAuth Flaw
https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com
SANS.edu Student Marco Gfeller: Lightweight Python-Based Malware Analysis Pipeline
https://www.sans.org/white-papers/lightweight-python-based-malware-analysis-pipeline/
]]> 14:14 malware, python, pipeline, sans.edu, booking, oauth, drone, dji, droneid, yara, onenote, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8392 Game Infostealer; DNS Abuse Matrix; BlackLotus; TPM Vuln; Aruba Vuln; Cisco Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Game Infostealer; DNS Abuse Matrix; BlackLotus; TPM Vuln; Aruba Vuln; Cisco Vuln; https://traffic.libsyn.com/securitypodcast/8392.mp3 https://isc.sans.edu/podcastdetail/8392 Thu, 02 Mar 2023 02:05:02 GMT https://isc.sans.edu/diary/Python%20Infostealer%20Targeting%20Gamers/29596
DNS Abuse Techniques Matrix
https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix_v1.1.pdf
BlackLotus UEFI Bootkit
https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/
TCG TPM2.0 implementations vulnerable to memory corruption
https://kb.cert.org/vuls/id/782720
Aruba Vulnerability
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt
Cisco VoIP Phone WebUI RCE
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP
]]> 5:40 Cisco, voip, webui, arbua, tcg, tpm, dns abuse, python, infostealer, gamers, steam, telegram, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8390 BB17 and Qakbot; LastPass Details; CISA RedTeam Lessons; Jailbreak Chat Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BB17 and Qakbot; LastPass Details; CISA RedTeam Lessons; Jailbreak Chat https://traffic.libsyn.com/securitypodcast/8390.mp3 https://isc.sans.edu/podcastdetail/8390 Wed, 01 Mar 2023 02:00:02 GMT https://isc.sans.edu/diary/BB17%20distribution%20Qakbot%20%28Qbot%29%20activity/29592
LastPass Incident Details
https://support.lastpass.com/help/incident-1-additional-details-of-the-attack
https://support.lastpass.com/help/incident-2-additional-details-of-the-attack
CISA Red Team Shares Key Findings
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
Jailbreak Chat
https://www.jailbreakchat.com
]]> 6:05 jailbreak, cisa, lastpass, bb11, qakbot, qbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8388 Phishing Again; Unlocked Phone Stealing; More Fake Auth Apps; Zoneminder Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phishing Again; Unlocked Phone Stealing; More Fake Auth Apps; Zoneminder Vuln; https://traffic.libsyn.com/securitypodcast/8388.mp3 https://isc.sans.edu/podcastdetail/8388 Tue, 28 Feb 2023 02:00:01 GMT https://isc.sans.edu/diary/Phishing%20Again%20and%20Again/29588
Unlocked Phone Stealing
https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a
More Fake Authenticator Apps
https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/
Zoneminder Vulnerability
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr
WebLogic Exploit (not verified) CVE-2023-21839
https://github.com/4ra1n/CVE-2023-21839/blob/master/cmd/main.go
]]> 5:17 weblogic, zoneminder, fake authenticator, unlocked, phone, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8386 WebDav Leads to IcedID; oledump msi plugin; Automatic BEC/Ransomware Discrution; Cisco Vulns; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WebDav Leads to IcedID; oledump msi plugin; Automatic BEC/Ransomware Discrution; Cisco Vulns; https://traffic.libsyn.com/securitypodcast/8386.mp3 https://isc.sans.edu/podcastdetail/8386 Mon, 27 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/URL%20files%20and%20WebDAV%20used%20for%20IcedID%20%28Bokbot%29%20infection/29578
oledump msi file plugin
https://isc.sans.edu/diary/oledump%20%26%20MSI%20Files/29584
Automatic Disruption of Ransomware and BEC attacks with Microsoft 365 Defender
https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatic-disruption-of-ransomware-and-bec-attacks-with/ba-p/3738294
Cisco Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX
]]> 6:24 cisco, ransomware, bec, microsoft 365, defender, oledump, msi, webdav, icedid, bockbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8384 Updated Exchange AV Guidance; Home Network Security; Datacenter Attacks; npm spam; more malicious pypi Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Updated Exchange AV Guidance; Home Network Security; Datacenter Attacks; npm spam; more malicious pypi https://traffic.libsyn.com/securitypodcast/8384.mp3 https://isc.sans.edu/podcastdetail/8384 Fri, 24 Feb 2023 02:00:02 GMT https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464
Best Practices for Securing Your Home Network
https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF
Attacks on Data Center Organizations
https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations
NPM Package Phishing
https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/
Malicious PyPi Packages
https://www.fortinet.com/blog/threat-research/more-supply-chain-attacks-via-new-malicious-python-packages-in-pypi
]]> 5:24 pypi, npm, data centers, home network, av guidance, exchange, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8382 Confluence Scans; Apple Advisories Updates; Odd 2FA Apps in Apple Appstore; VMware Carbon Black Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Confluence Scans; Apple Advisories Updates; Odd 2FA Apps in Apple Appstore; VMware Carbon Black Vuln https://traffic.libsyn.com/securitypodcast/8382.mp3 https://isc.sans.edu/podcastdetail/8382 Thu, 23 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/Internet%20Wide%20Scan%20Fingerprinting%20Confluence%20Servers/29574
Apple Updates Advisories
https://support.apple.com/en-us/HT213606
https://support.apple.com/en-us/HT213605
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
Questionable two-factor Apps
https://twitter.com/mysk_co/status/1627097291063435264
VMWare Carbon Black App Control Vulnerability
https://www.vmware.com/security/advisories/VMSA-2023-0004.html
]]> 5:36 vmware, carbon black, two-factor, apple, vulnerability, confluence, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8380 Customized Phishing; FortiNAC Exploit; Apache Commons FileUpload Fix; VMWare Win Server 2022 Fix Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Customized Phishing; FortiNAC Exploit; Apache Commons FileUpload Fix; VMWare Win Server 2022 Fix https://traffic.libsyn.com/securitypodcast/8380.mp3 https://isc.sans.edu/podcastdetail/8380 Wed, 22 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/Phishing%20Page%20Branded%20with%20Your%20Corporate%20Website/29570
Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
Apache Commons FileUpload Vulnerability
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
VMWare Windows Server 2022 Fix
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues
]]> 4:56 vmware, windows, server, 2022, apache, commons, fileupload, fortinac, fortinet, cve-2022-39952, phishing, thum.io, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8378 OneNote Suricata Rules; New IIS Backdoor; Outlook Spam; Godaddy Breach Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OneNote Suricata Rules; New IIS Backdoor; Outlook Spam; Godaddy Breach https://traffic.libsyn.com/securitypodcast/8378.mp3 https://isc.sans.edu/podcastdetail/8378 Tue, 21 Feb 2023 02:00:01 GMT https://isc.sans.edu/diary/OneNote%20Suricata%20Rules/29564
New IIS Backdoor
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis
Outlook Spam
https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-flooded-with-spam-due-to-broken-email-filters/
Godaddy Breach and Website Redirects
https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
]]> 5:46 godaddy, outlook, iis, onenote, suricata, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8376 Phishing Emails; Twitter 2FA; Fortinet; Cisco Patches related to ClamAV Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phishing Emails; Twitter 2FA; Fortinet; Cisco Patches related to ClamAV https://traffic.libsyn.com/securitypodcast/8376.mp3 https://isc.sans.edu/podcastdetail/8376 Mon, 20 Feb 2023 02:00:01 GMT https://isc.sans.edu/diary/Spear%20Phishing%20Handlers%20for%20Username%20Password/29560
Twitter Alters 2FA
https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter
Fortinet Updates
https://www.fortiguard.com/psirt-monthly-advisory/february-2023-vulnerability-advisories
https://twitter.com/Horizon3Attack/status/1626692778062237713
Cisco ClamAV Patches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy
]]> 5:46 cisco, clamav, fortnet, twitter, 2fa, sms, phishing, ipfs, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8374 Browser in Browser; Windows VM Issues; ESXi Args Update; PHP Updates; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Browser in Browser; Windows VM Issues; ESXi Args Update; PHP Updates; https://traffic.libsyn.com/securitypodcast/8374.mp3 https://isc.sans.edu/podcastdetail/8374 Fri, 17 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/HTML%20phishing%20attachment%20with%20browser-in-the-browser%20technique/29556
Windows Server 2022 Might Not Start Up After Updates
https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#windows-server-2022-might-not-start-up
New ESXiArgs Encryption Routing Outmaneuvers Recovery Methods
https://www.malwarebytes.com/blog/news/2023/02/new-esxiargs-encryption-routine-outmaneuvers-recovery-methods
PHP Updates
https://www.php.net
ClamAV Patches
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
]]> 5:18 clamav, php, esxiargs, windows server 2022, patches, problmes, html, browser in the browser, bib, bitb, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8372 Passive DNS; GitHub Copilot Update; Hyundai Patches; Firefox, Citrix and HAProxy Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Passive DNS; GitHub Copilot Update; Hyundai Patches; Firefox, Citrix and HAProxy Patches https://traffic.libsyn.com/securitypodcast/8372.mp3 https://isc.sans.edu/podcastdetail/8372 Thu, 16 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/DNS%20Recon%20Redux%20-%20Zone%20Transfers%20%28plus%20a%20time%20machine%29%20for%20When%20You%20Can%27t%20do%20a%20Zone%20Transfer/29552
GitHub Copilot Update
https://github.blog/2023-02-14-github-copilot-now-has-a-better-ai-model-and-new-capabilities/
Hyundai Software Update
https://www.hyundaiantitheft.com
Citrix Patches CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and
HA Proxy Patch CVE-2023-25725
https://www.mail-archive.com/haproxy@formilux.org/msg43229.html
Firefox Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
]]> 5:33 firefox, haproxy, citrix, hyundai, github, copilot, dns, passive dns, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8370 Microsoft Patch Tuesday; Adobe Patches; Intel OpenBMC Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Patches; Intel OpenBMC Patches https://traffic.libsyn.com/securitypodcast/8370.mp3 https://isc.sans.edu/podcastdetail/8370 Wed, 15 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20February%202023%20Patch%20Tuesday/29548
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Intel OpenBMC Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html
]]> 6:11 intel, openbmc, adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8368 Apple Patches Everything; Venmo Phish via LinkedIn; Malicious Python; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Patches Everything; Venmo Phish via LinkedIn; Malicious Python; https://traffic.libsyn.com/securitypodcast/8368.mp3 https://isc.sans.edu/podcastdetail/8368 Tue, 14 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/29544
Venmo Phishing Abusing LinkedIn "slink"
https://isc.sans.edu/diary/Venmo+Phishing+Abusing+LinkedIn+slink/29542/
Malicious PyPi Packages Install Browser Extensions
https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
]]> 5:55 python, pypi, chinese, typosquatting, venmo, slink, linkedin, apple, patches, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8366 Script Block Logging Deactivation; Zeek and pcaps; Prompt Injection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Script Block Logging Deactivation; Zeek and pcaps; Prompt Injection https://traffic.libsyn.com/securitypodcast/8366.mp3 https://isc.sans.edu/podcastdetail/8366 Mon, 13 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538
PCAP Data Analysis with Zeek
https://isc.sans.edu/diary/PCAP%20Data%20Analysis%20with%20Zeek/29530
Bing Chat Prompt Injection
https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/
More Malicious Python Packages
https://blog.sonatype.com/malicious-aptx-python-package-drops-meterpreter-shell-deletes-netstat
]]> 5:13 python, bing, pcap, zeek, script block logging, prompt injection, chat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8364 Screenshot Backdoor; Keypass Update; Google Ads AWS Phishing; Kafka Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Screenshot Backdoor; Keypass Update; Google Ads AWS Phishing; Kafka Vuln; https://traffic.libsyn.com/securitypodcast/8364.mp3 https://isc.sans.edu/podcastdetail/8364 Fri, 10 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534
KeePass Patches Issue Allowing Password Export
https://keepass.info/news/n230109_2.53.html
AWS Phishing via Google Ads
https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/
Apache Kafka Vulnerability
https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
]]> 5:24 apache, kafka, aws, google, ads, keepass, patch, backdoor, screenshot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8362 Telegram Phish; ESXIArgs Ransomware Help; IoT Crypto Standard; Sonicwall Filter Issues; Chrome early-stable Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Telegram Phish; ESXIArgs Ransomware Help; IoT Crypto Standard; Sonicwall Filter Issues; Chrome early-stable https://traffic.libsyn.com/securitypodcast/8362.mp3 https://isc.sans.edu/podcastdetail/8362 Thu, 09 Feb 2023 02:00:01 GMT https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/
Recovering from ESXiArgs Ransomware
https://www.cisa.gov/uscert/ncas/alerts/aa23-039a
NIST Standardizes Lightweight Cryptography
https://csrc.nist.gov/Projects/lightweight-cryptography
Sonicwall Web Content Filtering on Windows 11 22H2
https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/
Google Chrome Release Changes
https://developer.chrome.com/blog/early-stable/
]]> 5:44 google, chrome, sonicwall, nist, esxiargs, iot, telegram, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8360 Bluetooth Vuln Trends; OpenSSL Update; GoAnywhere Patch and PoC; Quakbot via OneNote Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Bluetooth Vuln Trends; OpenSSL Update; GoAnywhere Patch and PoC; Quakbot via OneNote https://traffic.libsyn.com/securitypodcast/8360.mp3 https://isc.sans.edu/podcastdetail/8360 Wed, 08 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522
OpenSSL Vulnerabilities / Patches
https://www.openssl.org/news/secadv/20230207.txt
Packet Tuesday: Most Frequent DNS Query ID / DNS Notify
https://www.youtube.com/watch?v=QgCuE_zKyMY
GoAnywhere MFT Patch Available (and PoC)
https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
https://my.goanywhere.com/webclient/Dashboard.xhtml
Qakbot Mechanizes Distribution of Malicous OneNote Notebooks
https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
]]> 6:32 quakbot, onenote, goanywhere, packet tuesday, openssl, bluetooth, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8358 Earthquake Scams; IP Lookup Detection; OpenSSH Vuln Details; Redis Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Earthquake Scams; IP Lookup Detection; OpenSSH Vuln Details; Redis Malware https://traffic.libsyn.com/securitypodcast/8358.mp3 https://isc.sans.edu/podcastdetail/8358 Tue, 07 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518
APIs Used By Bots to Detect Public IP Addresses
https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/
OpenSSH Vulnerablity Details CVE 2023-25136
https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1
A Novel State-of-the-Art Redis Malware
https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
]]> 6:36 redis, openssh, api, ip addresses, earthquake, syria, turkey, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8356 Assemblyline Sandbox; GoAnywhere MFT 0-Day; VMWare ESXi Ransomware; Jira Service Managemnt Server Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Assemblyline Sandbox; GoAnywhere MFT 0-Day; VMWare ESXi Ransomware; Jira Service Managemnt Server Vuln; https://traffic.libsyn.com/securitypodcast/8356.mp3 https://isc.sans.edu/podcastdetail/8356 Mon, 06 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510
GoAnywhere MFT zero-day Exploited
https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
Ransomware targeting VMware ESXi
https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/
Jira Service Managment Server and Data Center Advisory CVE-2023-22501
https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html
OpenSSH Update
https://www.openssh.com/releasenotes.html
F5 BigIP Vulnerability CVE-2023-22374
https://my.f5.com/manage/s/article/K000130415
]]> 5:26 f5, bigip, openssh, jira, vmware, esxi, goanywhere mft, assemblyline, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8354 tcpdump in pfsense; BEC visa Third-Parties; More Malvertising; Cisco Persistence Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. tcpdump in pfsense; BEC visa Third-Parties; More Malvertising; Cisco Persistence https://traffic.libsyn.com/securitypodcast/8354.mp3 https://isc.sans.edu/podcastdetail/8354 Fri, 03 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500
BEC Group Incorporates Secondary Impersonated Personas
https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks
MalVirt .Net Virtualization Thrives in Malvertising Attacks
https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/
Cisco Remote Code Execution with Persistence
https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html
]]> 4:58 packets, pfsense, tcpdump, pec, malvirt, .net, malvertising, cisco, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8352 Detecting OneNote; MSFT Defender and Linux; Chromebook Exploit; ImageMagik Vuln; dompdf vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Detecting OneNote; MSFT Defender and Linux; Chromebook Exploit; ImageMagik Vuln; dompdf vulnerability https://traffic.libsyn.com/securitypodcast/8352.mp3 https://isc.sans.edu/podcastdetail/8352 Thu, 02 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494
Microsoft Defender Device Isolation for Linux
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400
SH1MMER Exploit for Chromebooks
https://sh1mmer.me
DOMPDF SVG Parsing Vulnerability
https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
]]> 6:14 dompdf, svg, sh1mmer, microsoft, defender, linux, onenote, detection, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8350 Honeypot with pfSense; Abusing "Verified Published"; PoS Malware Blocks NFC; Detecting AV Blindspots Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Honeypot with pfSense; Abusing "Verified Published"; PoS Malware Blocks NFC; Detecting AV Blindspots https://traffic.libsyn.com/securitypodcast/8350.mp3 https://isc.sans.edu/podcastdetail/8350 Wed, 01 Feb 2023 02:00:02 GMT https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490
Threat Actors Abusing Microsoft's "Verified Publisher" Status
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
PoS Malware Can Block Contactless Payments
https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/
Detecting Files Exempt from Anti Malware Scans
https://github.com/bananabr/TimeException
]]> 7:43 timeexcept, blindspot, antivirus, pos, contactless, credit card, microsoft, oauth, verified publisher, phishing, honeypot, pfsense, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8348 DoH Scans; GitHub Replaces Signing Cert; GitHub ZIP Algo Changes; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DoH Scans; GitHub Replaces Signing Cert; GitHub ZIP Algo Changes; https://traffic.libsyn.com/securitypodcast/8348.mp3 https://isc.sans.edu/podcastdetail/8348 Tue, 31 Jan 2023 02:00:02 GMT https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488
Action Needed for GitHub Desktop and Atom Users
https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/
GitHub Checksum Mismatches for .tar.gz Files
https://github.com/orgs/community/discussions/45830
Facebook 2FA Bypass
https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c
Fortinet Exploit
https://wzt.ac.cn/2022/12/15/CVE-2022-42475/
QNAP Vulnerability
https://www.qnap.com/en/security-advisory/qsa-23-01
]]> 7:13 facebook, 2fa, qnap, fortinet, github, zip, tar.gz, desktop, dns, https, doh, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8346 MSFT Exchange Patching Hints; FCC vs. Twilio; PlugX Spreads via USB Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Exchange Patching Hints; FCC vs. Twilio; PlugX Spreads via USB https://traffic.libsyn.com/securitypodcast/8346.mp3 https://isc.sans.edu/podcastdetail/8346 Mon, 30 Jan 2023 02:00:02 GMT https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001
FCC Treatens to Take Action Against Twilio over Robocalls
https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners
PlugX Variant Spreads via USB
https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/
Adware in Google Play Store
https://news.drweb.com/show/review/?lng=en&i=14652
Tails 5.9 Update
https://tails.boum.org/news/version_5.9/index.de.html
]]> 5:52 google, play, adware, plugx, usb, fcc, twilio, robocalls, microsoft, exchange, patching, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8344 Unix IR with UAC; Bitwarden Phishing; PY#RATION Websockets; SkyHigh Security Gateway; Win Crypto API; BIND Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Unix IR with UAC; Bitwarden Phishing; PY#RATION Websockets; SkyHigh Security Gateway; Win Crypto API; BIND Update https://traffic.libsyn.com/securitypodcast/8344.mp3 https://isc.sans.edu/podcastdetail/8344 Fri, 27 Jan 2023 02:00:02 GMT https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480
Bitwarden Phishing
https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704
https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/
PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets
https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/
Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin
https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin
Windows Crypto API Vuln PoC
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
BIND Patches
https://kb.isc.org/docs/cve-2022-3094
]]> 6:15 bind, windows, crypto api, poc, skyhigh, xss, sso, py#ration, websocket, bitwarden, phishing, UAC, linux, IR, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8342 Malicious OneNote Expample; Secure Remote Monitoring; Cloud Kerberos Attacks; XLL Block; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious OneNote Expample; Secure Remote Monitoring; Cloud Kerberos Attacks; XLL Block; https://traffic.libsyn.com/securitypodcast/8342.mp3 https://isc.sans.edu/podcastdetail/8342 Thu, 26 Jan 2023 02:05:01 GMT https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470
Guidance for Securing Remote Monitoring and Management Software
https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF
Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts
https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts
Microsoft Blocking XLL Files Downloaded From Internet
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485
Lexmark Vulnerablities
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
VMware VRealize Update
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
]]> 5:46 microsoft, xll, blocking, azure, kerberos, cloud, onenote, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8340 Apple Patch Summary; ManageEngine News; KSMBD News; Bitwarden Weakness; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Patch Summary; ManageEngine News; KSMBD News; Bitwarden Weakness; https://traffic.libsyn.com/securitypodcast/8340.mp3 https://isc.sans.edu/podcastdetail/8340 Wed, 25 Jan 2023 02:00:01 GMT https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/
ManageEngine News;
https://github.com/vonahisec/CVE-2022-47966-Scan
KSMBD Vulnerability
https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/
BitWarden Server Side Iterations
https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/
Packet Tuesday: Neighbor Advertisements
https://www.youtube.com/watch?v=CoaZjuuY1do
]]> 6:49 bitwarden, ksmbd, manageengine, apple, patches, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8338 Who Resolved What? Apple Updates Everything; NSA IPv6 Guidance; Roaming Mantis Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Who Resolved What? Apple Updates Everything; NSA IPv6 Guidance; Roaming Mantis https://traffic.libsyn.com/securitypodcast/8338.mp3 https://isc.sans.edu/podcastdetail/8338 Tue, 24 Jan 2023 02:00:02 GMT https://isc.sans.edu/forums/diary/Who's%20Resolving%20This%20Domain%3F/29462/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
NSA IPv6 Security Guidance
https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF
Roaming Mantis Implements new DNS Changer in tis malicious mobile app
https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html
]]> 5:44 roaming mantis, nsa, ipv6, Apple, patches, dns, resolution sysmon, linux, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8336 Windows Auth Signing; Fanduel/Mailchimp Leak; Malicious OneNotes; Cisco Vuln; Possible KeePass Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows Auth Signing; Fanduel/Mailchimp Leak; Malicious OneNotes; Cisco Vuln; Possible KeePass Vuln https://traffic.libsyn.com/securitypodcast/8336.mp3 https://isc.sans.edu/podcastdetail/8336 Mon, 23 Jan 2023 02:00:02 GMT https://isc.sans.edu/diary/Importance%20of%20signing%20in%20Windows%20environments/29456
FanDuel Discloses Data Breach Caused by Recent Mailchimp Hack
https://www.bleepingcomputer.com/news/security/fanduel-discloses-data-breach-caused-by-recent-mailchimp-hack/
OneNote Documents Used to Embed Malicious Office Documents
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/
Cisco Unified Communications Manager SQL Injection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n
Possible KeePass Vulnerability
https://twitter.com/vomanc/status/1617135599030530054
]]> 6:26 keepass, cisco, sql injection, unified communications manager, onenote, office, macros, signing, windows, ntlm, relay attack, fanduel, mailchimp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8334 Popular Domains and SPF/DMARC; Sysmon Exploit; ManageEngine Exploit; Netcomm Patch; Outdated Office Check Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Popular Domains and SPF/DMARC; Sysmon Exploit; ManageEngine Exploit; Netcomm Patch; Outdated Office Check https://traffic.libsyn.com/securitypodcast/8334.mp3 https://isc.sans.edu/podcastdetail/8334 Fri, 20 Jan 2023 02:00:01 GMT https://isc.sans.edu/diary/SPF%20and%20DMARC%20use%20on%20100k%20most%20popular%20domains/29452
Sysmon Exploit Released CVE-2022-41120, CVE-2022-44704
https://github.com/Wh04m1001/SysmonEoP
ManageEngine CVE-2022-47966 Technical Deep Dive
https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
Netcomm Router Vulnerablities
https://kb.cert.org/vuls/id/986018
Microsoft Pushes Outdated Office Install Check
https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-kb5021751-to-check-for-outdated-office-installs/
]]> 5:35 office, microsoft, netcomm, router, manageengine, sysmon, spf, dmarc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8332 More Malicous Google Ads; Oracle Patches; QT/QML Bug/Vuln; Sudo Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Malicous Google Ads; Oracle Patches; QT/QML Bug/Vuln; Sudo Vuln; https://traffic.libsyn.com/securitypodcast/8332.mp3 https://isc.sans.edu/podcastdetail/8332 Thu, 19 Jan 2023 02:00:01 GMT https://isc.sans.edu/diary/Malicious%20Google%20Ad%20--%3E%20Fake%20Notepad%2B%2B%20Page%20--%3E%20Aurora%20Stealer%20malware/29448
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2023.html
QT QML Vulnerability
https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml/
sudo sudoedit vulnerablity
https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
]]> 6:19 sudo, sudoedit, qt, qml, oracle, google ads, aurora, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8330 Finding GPO Settings; git audit and vulns; Azure SSRF Flaws; Windows 11 Pro Nixes Guest Auth Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Finding GPO Settings; git audit and vulns; Azure SSRF Flaws; Windows 11 Pro Nixes Guest Auth https://traffic.libsyn.com/securitypodcast/8330.mp3 https://isc.sans.edu/podcastdetail/8330 Wed, 18 Jan 2023 02:00:02 GMT https://isc.sans.edu/diary/Finding%20that%20one%20GPO%20Setting%20in%20a%20Pool%20of%20Hundreds%20of%20GPOs/29442
GIT Code Audit
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/
Azure SSRF Flaws
https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/
SMB Insecure Guest Auth Off By Default In Windows 11 Pro
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-insecure-guest-auth-now-off-by-default-in-windows-insider/ba-p/3715014
Packet Tuesday: IPv6 Router Advertisements
https://www.youtube.com/watch?v=uRWpB_lYIZ8
]]> 5:50 Packet tuesday, ipv6, router advertisement, smb, windows 11 pro, ssrf, azure, git, GPO, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8328 Malicious Google Ads; NortonLifeLock Password Manager Bruteforcing; nftables vulnerability; MSI insecure boot; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious Google Ads; NortonLifeLock Password Manager Bruteforcing; nftables vulnerability; MSI insecure boot; https://traffic.libsyn.com/securitypodcast/8328.mp3 https://isc.sans.edu/podcastdetail/8328 Tue, 17 Jan 2023 02:00:02 GMT https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438
NortonLifeLock Password Manager Bruteforcing
https://webcache.googleusercontent.com/search?q=cache%3A91Bmx_jTJIkJ%3Ahttps%3A%2F%2Fago.vermont.gov%2Fwp-content%2Fuploads%2F2023%2F01%2F2023-01-09-NortonLifeLock-Gen-Digital-Data-Breach-Notice-to-Consumers.pdf&cd=3&hl=de&ct=clnk&gl=de
CVE-2023-0179 Linux kernel stack buffer overflow in nftables: PoC and writeup
https://seclists.org/oss-sec/2023/q1/20
MSI (in)Secure Boot
https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
]]> 6:17 msi, secure boot, nftables, linux, kernel, nortonlifelock, password managers, pse, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8326 YouTube Crypto Scam; Voice Impersonation; Missing Start Menu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. YouTube Crypto Scam; Voice Impersonation; Missing Start Menu https://traffic.libsyn.com/securitypodcast/8326.mp3 https://isc.sans.edu/podcastdetail/8326 Mon, 16 Jan 2023 02:00:01 GMT https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434
Microsoft Text to Speech Synthesizer
https://arxiv.org/pdf/2301.02111.pdf
Missing Windows Start Menu
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22H2#2998msgdesc
]]> 5:09 start menu, windows, defender, text to speech, musk, crypto, scan, youtube, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8324 Prowler Cloud Assessments; Pre-Pw0ned Android TV; RevoLTE LTE Sniffing; NGFW Exfiltration; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Prowler Cloud Assessments; Pre-Pw0ned Android TV; RevoLTE LTE Sniffing; NGFW Exfiltration; https://traffic.libsyn.com/securitypodcast/8324.mp3 https://isc.sans.edu/podcastdetail/8324 Fri, 13 Jan 2023 02:00:02 GMT https://isc.sans.edu/diary/Prowler%20v3%3A%20AWS%20%26%20Azure%20security%20assessments/29430
Certified Pre-Pw0ned Android TV
https://github.com/DesktopECHO/T95-H616-Malware
Revolte Attack
https://revolte-attack.net
NGFW Data Exfiltration
https://cymulate.com/blog/data-exfiltration-firewall/
]]> 6:59 ngfw, exfiltration, revolte, lte, decryption, android, tv, malware, prowler, aws, azure, cloud, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8322 Shodan KEV Scans; New KSMBD Issue; Cisco RVx Vulnerabilities; Gootkit Abusing VLC; Zoom Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Shodan KEV Scans; New KSMBD Issue; Cisco RVx Vulnerabilities; Gootkit Abusing VLC; Zoom Updates https://traffic.libsyn.com/securitypodcast/8322.mp3 https://isc.sans.edu/podcastdetail/8322 Thu, 12 Jan 2023 02:10:02 GMT https://isc.sans.edu/diary/Passive%20detection%20of%20internet-connected%20systems%20affected%20by%20vulnerabilities%20from%20the%20CISA%20KEV%20catalog/29426
Unauthenticed Remote DoS in ksmbd NTLMv2 Authentication
https://seclists.org/oss-sec/2023/q1/4
Cisco RV Series Vulnerabilities CVE-2023-20025
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
Gootkit Abusing VLC
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
]]> 6:13 Gootkit, VLC, Zoom, Cisco, ksmbd, shodan, kev, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8320 Patch Tuesday; Cacti Vuln Details; Text-to-SQL Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Patch Tuesday; Cacti Vuln Details; Text-to-SQL Vulnerabilities https://traffic.libsyn.com/securitypodcast/8320.mp3 https://isc.sans.edu/podcastdetail/8320 Wed, 11 Jan 2023 02:00:01 GMT https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420
Cacti Unauthenticated Remote Code Execution
https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/
On the Security Vulnerabilities of Text-to-SQL Models
https://arxiv.org/pdf/2211.15363.pdf
]]> 5:47 text-to-sql, nlp, ai, cacti, remote code execution, microsoft, patch tuesday, patches, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8318 CircleCI Config File Hunt; AWS S3 Encryption; MatrixSSL RCE; Auth0 JWT Library Vulnerablity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CircleCI Config File Hunt; AWS S3 Encryption; MatrixSSL RCE; Auth0 JWT Library Vulnerablity https://traffic.libsyn.com/securitypodcast/8318.mp3 https://isc.sans.edu/podcastdetail/8318 Tue, 10 Jan 2023 02:00:01 GMT https://isc.sans.edu/diary/New%20year%2C%20old%20tricks%3A%20Hunting%20for%20CircleCI%20configuration%20files/29416
Amazon S3 Encrypts New Objects By Default
https://aws.amazon.com/blogs/aws/amazon-s3-encrypts-new-objects-by-default/
MatrixSSL Buffer Overflow
https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29
Auth0 JsonWebToken Vulnerability CVE-2022-23529
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
]]> 6:03 auth0, jsonwebtoken, jwt, matrixssl, amazone, s3, encryption, cricleci, configuration, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8316 Reversing AutoIT; VSCode Extensions; Malicious Pypi Cloudflare Tunnel; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reversing AutoIT; VSCode Extensions; Malicious Pypi Cloudflare Tunnel; https://traffic.libsyn.com/securitypodcast/8316.mp3 https://isc.sans.edu/podcastdetail/8316 Mon, 09 Jan 2023 02:00:02 GMT https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
Can You Trust Your VSCode Extensions
https://blog.aquasec.com/can-you-trust-your-vscode-extensions
A Deep Dive Into Powerat
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
]]> 5:48 pypi, powerat, cloudflare, vscode, visual code, extensions, autoit, reversing, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8314 Malware AutoIT Script; CircleCI Breach; Twitter Leak; Slack Breach; Control Web Panel Bug; Turla USB Hack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware AutoIT Script; CircleCI Breach; Twitter Leak; Slack Breach; Control Web Panel Bug; Turla USB Hack https://traffic.libsyn.com/securitypodcast/8314.mp3 https://isc.sans.edu/podcastdetail/8314 Fri, 06 Jan 2023 02:00:01 GMT https://isc.sans.edu/forums/diary/More%20Brazil%20malspam%20pushing%20Astaroth%20%28Guildma%29%20in%20January%202023/29404/
CircleCI Breach
https://circleci.com/blog/january-4-2023-security-alert/
Twitter Leak
https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/
Slack Source Code Leak
https://slack.com/blog/news/slack-security-update
Control Web Panel Patch CVE-2022-44877
https://github.com/numanturle/CVE-2022-44877
Turla: A Galaxy of Opportunity
https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
]]> 5:52 turla, control web panel, slack, twitter, circleci, brazil, malware, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8312 RTRBK diff feature; Google Legacy Windows Support Ending; SHC Malware; ManageEngine SQLi; ForiADC command injection; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RTRBK diff feature; Google Legacy Windows Support Ending; SHC Malware; ManageEngine SQLi; ForiADC command injection; https://traffic.libsyn.com/securitypodcast/8312.mp3 https://isc.sans.edu/podcastdetail/8312 Thu, 05 Jan 2023 02:00:02 GMT https://isc.sans.edu/diary/Update%20to%20RTRBK%20-%20Diff%20and%20File%20Dates%20in%20PowerShell/29400
Google Chrome Sunsetting Legacy Windows Support
https://support.google.com/chrome/thread/185534985/sunsetting-support-for-windows-7-8-8-1-in-early-2023?hl=en
SHC used to compile cryptominer malware
https://asec.ahnlab.com/en/45182/
ManageEngine Password Manager Pro SQL Injection
https://pitstop.manageengine.com/portal/en/community/topic/manageengine-security-advisory important-security-fix-released-for-manageengine-password-manager-pro-2-1-2023#:~:text=critical%20security%20vulnerability
ForiADC Command Injection in Web Interface
https://www.fortiguard.com/psirt/FG-IR-22-061
Raspberry Robin Developments
https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
]]> 7:13 raspberry robin, foriadc, manageengine, password manager, cryptominer, shc, google chrome, windows, router, backup, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8310 NTP Fingerprinting; Misc Car Vulnerabilities; Flipper Zero Phish; Trend Micro Patch; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NTP Fingerprinting; Misc Car Vulnerabilities; Flipper Zero Phish; Trend Micro Patch; https://traffic.libsyn.com/securitypodcast/8310.mp3 https://isc.sans.edu/podcastdetail/8310 Wed, 04 Jan 2023 02:00:01 GMT https://isc.sans.edu/diary/Its%20about%20time%3A%20OS%20Fingerprinting%20using%20NTP/29394
Misc Car Vulnerabilities
https://samcurry.net/web-hackers-vs-the-auto-industry/
Flipper Zero Phishing
https://twitter.com/AlvieriD/status/1609945425871609858
Trend Micro Patch
https://helpcenter.trendmicro.com/en-us/article/TMKA-11252
Packet Tuesday: IP Options
https://www.youtube.com/watch?v=HldNL3SLLwM
]]> 6:31 packettuesday, trend micro, Flipper zero, car, vulnerability, ntp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8308 Kyverno image swap vuln; Google Home Vuln; 3G CDMA Decomissioning; EarSpy Cell Phone Evesdropping Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Kyverno image swap vuln; Google Home Vuln; 3G CDMA Decomissioning; EarSpy Cell Phone Evesdropping https://traffic.libsyn.com/securitypodcast/8308.mp3 https://isc.sans.edu/podcastdetail/8308 Tue, 03 Jan 2023 02:00:02 GMT https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/
Google Smart Spaeker Vulnerability
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
Verizon Decomissions 3G CDMA Network
https://www.fiercewireless.com/wireless/verizon-tells-3g-customers-upgrade-they-lose-service
EarSpy: Spying Caller Speech and Identity Through Speaker Vibrations
https://arxiv.org/pdf/2212.12151.pdf
]]> 5:52 earspy, evesdropping, google, home, smart speaker, verizon, cdma, 3g, kyversno, container, signature, kubernetes, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8306 GOV Domain SPF/DMARC Use; ksmbd vuln; netgear patch; PyTorch dependency polution Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GOV Domain SPF/DMARC Use; ksmbd vuln; netgear patch; PyTorch dependency polution https://traffic.libsyn.com/securitypodcast/8306.mp3 https://isc.sans.edu/podcastdetail/8306 Mon, 02 Jan 2023 02:40:01 GMT https://isc.sans.edu/forums/diary/SPF+and+DMARC+use+on+GOV+domains+in+different+ccTLDs/29384/
CVE-2022-47939 ksmbd Vulnerability
https://ubuntu.com/security/CVE-2022-47939
Netgear Vulnerabilities
https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208
PyTorch Malicious Dependency
https://pytorch.org/blog/compromised-nightly-dependency/
]]> 6:23 pytorch, netgear, ksmbd, cve-2022-47939, spf, dmark, gov, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8304 OWASSRF Exploit Variant; ksmbd RCE Vulnerability; LastPass Incident Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OWASSRF Exploit Variant; ksmbd RCE Vulnerability; LastPass Incident Update https://traffic.libsyn.com/securitypodcast/8304.mp3 https://isc.sans.edu/podcastdetail/8304 Fri, 23 Dec 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Exchange%20OWASSRF%20Exploited%20for%20Remote%20Code%20Execution/29374/
ksmbd Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-22-1690/
LastPass Incident Update
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
]]> 6:35 lastpass, ksmbd, exchange, owassrf, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8302 Quick NTP Measurement; FBI favors Ad Blockers; Parental Control Issues; ProxyNotShell Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Quick NTP Measurement; FBI favors Ad Blockers; Parental Control Issues; ProxyNotShell Bypass https://traffic.libsyn.com/securitypodcast/8302.mp3 https://isc.sans.edu/podcastdetail/8302 Thu, 22 Dec 2022 02:00:01 GMT https://isc.sans.edu/diary/Can%20you%20please%20tell%20me%20what%20time%20it%20is%3F%20Adventures%20with%20public%20NTP%20servers./29368
FBI Favors Ad Blockers
https://www.ic3.gov/Media/Y2022/PSA221221
Hidden Costs of Parental Control Apps
https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/
ProxyNotShell Mitigtation Bypass
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/
]]> 6:00 proxynotshell, exchange, mitigation, bypass, parental control, fbi, ad blockers, ntp, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8300 Monitoring Linux Files; NTP and Mostodon IP Feeds; Android Root Cert Updates; Elastic IP Hijack; HyperV Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Monitoring Linux Files; NTP and Mostodon IP Feeds; Android Root Cert Updates; Elastic IP Hijack; HyperV Update https://traffic.libsyn.com/securitypodcast/8300.mp3 https://isc.sans.edu/podcastdetail/8300 Wed, 21 Dec 2022 02:00:01 GMT https://isc.sans.edu/diary/Linux%20File%20System%20Monitoring%20%26%20Actions/29362
Feed of NTP Server IP Addresses
https://isc.sans.edu/api/threatlist/ntpservers?json
Feed of Mastodon Server IP Addresses
https://isc.sans.edu/api/threatlist/mastodon?json
Packet Tuesday TLS Server Hello
https://www.youtube.com/watch?v=2HymU4dxWEQ
Android Preparing Support for Updatable Root Certificates
https://blog.esper.io/android-14-updatable-certificates/
Elastic IP Hijacking
https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws
Microsoft Fixes HyperV issues With Latest Patch
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#2988
]]> 7:20 microsoft, hyperv, elastic ip, amazon, aws, android, root certs, packet tuesday, tls, ntp, mastodon, linux, monitoring, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8298 Hunting Mastodons; IE Disabled in February; Gatekeeper Bypass Details; Corsair Keyboard Bug; SentinelOne Fake Python Package Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hunting Mastodons; IE Disabled in February; Gatekeeper Bypass Details; Corsair Keyboard Bug; SentinelOne Fake Python Package https://traffic.libsyn.com/securitypodcast/8298.mp3 https://isc.sans.edu/podcastdetail/8298 Tue, 20 Dec 2022 02:00:01 GMT https://isc.sans.edu/diary/Hunting%20for%20Mastodon%20Servers/29358
KB5021233 Blue Screen
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#2986msgdesc
Edge Update will disable Internet Explorer in February
https://learn.microsoft.com/en-us/deployedge/edge-learnmore-neededge
Gatekeeper's Achilles heel: Unearthin a macOS vulnerability
https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/
Corsair Bug not causing keystroke logging
https://arstechnica.com/gadgets/2022/12/corsair-says-bug-not-keylogger-behind-some-k100-keyboards-creepy-behavior/
SentinelSneak: Malicious PyPi module poses as security software development kit
]]> 6:19 sentinelone, pypi, sentinelsneak, mastodon, corsair, gatekeeper, macos, edge, internet explorer, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8296 HSBC Malware; GMail Encryption; OSV Scanner; Samba PAtches; Zyxel Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HSBC Malware; GMail Encryption; OSV Scanner; Samba PAtches; Zyxel Vulnerability https://traffic.libsyn.com/securitypodcast/8296.mp3 https://isc.sans.edu/podcastdetail/8296 Mon, 19 Dec 2022 02:00:01 GMT https://isc.sans.edu/diary/Infostealer%20Malware%20with%20Double%20Extension/29354
Client Side Encryption For GMail
https://workspaceupdates.googleblog.com/2022/12/client-side-encryption-for-gmail-beta.html
Google Releases OSV Scanner
https://github.com/google/osv-scanner/releases/tag/v1.0.1
Samba Security Patches
https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html
Zyxel Router Buffer Overflow
https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/
]]> 6:04 hsbc, infostealer, malware, gmail, encryption, osv, samba, zyxel, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8294 Google Ads and IcedId; SVG Malware; GitHub Improvements; SHA-1 Retirement Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Google Ads and IcedId; SVG Malware; GitHub Improvements; SHA-1 Retirement https://traffic.libsyn.com/securitypodcast/8294.mp3 https://isc.sans.edu/podcastdetail/8294 Fri, 16 Dec 2022 02:00:01 GMT https://isc.sans.edu/diary/Google%20ads%20lead%20to%20fake%20software%20pages%20pushing%20IcedID%20%28Bokbot%29/29344
HTML smugglers turn to SVG images
https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/
GitHub Improvements
https://github.blog/2022-12-14-raising-the-bar-for-software-security-next-steps-for-github-com-2fa/
NIST Retires SHA-1
https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm
]]> 6:03 sha1, github, html, svg, icedid, bokbot, google, ads, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8292 MSFT Patch Issues; SPNEGO Vuln now Critical; VMWare Escape; Veem Exploited; Repository Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Issues; SPNEGO Vuln now Critical; VMWare Escape; Veem Exploited; Repository Phishing https://traffic.libsyn.com/securitypodcast/8292.mp3 https://isc.sans.edu/podcastdetail/8292 Thu, 15 Dec 2022 11:40:02 GMT https://support.microsoft.com/en-us/topic/december-13-2022-kb5021249-os-build-20348-1366-d5fe7608-bc9d-4055-a88c-fb2fd3d5fd45
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/so-you-say-your-dc-s-memory-is-getting-all-used-up-after/ba-p/3696318
Critical Remote Code Execution Vulneraiblity in SPNEGO Extended Negotiation Security Mechanism
https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
VMWare EHCI Controller Vulnerability CVE-2022-31705
https://www.vmware.com/security/advisories/VMSA-2022-0033.html
Veem Vulnerability now Exploited
https://www.veeam.com/kb4288
nuget / npm / pypi used to host phishing pages
https://checkmarx.com/blog/how-140k-nuget-npm-and-pypi-packages-were-used-to-spread-phishing-links/
]]> 6:09 npm, npm, pypi, phishing, veem, backup, vmware, spnego, windows, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8290 Microsoft Patches; Apple Patches; Citrix Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Apple Patches; Citrix Patches https://traffic.libsyn.com/securitypodcast/8290.mp3 https://isc.sans.edu/podcastdetail/8290 Wed, 14 Dec 2022 02:00:01 GMT https://isc.sans.edu/diary/Microsoft%20December%202022%20Patch%20Tuesday/29336
Apple Patches
https://isc.sans.edu/diary/Apple%20Updates%20Everything/29338
Citrix Patches
https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/
]]> 6:28 citrix, apple, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8288 CyberChef Sorting; FortiOS sslvpnd vuln; Python VMWare Backdoor; Fuzzing Ping Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CyberChef Sorting; FortiOS sslvpnd vuln; Python VMWare Backdoor; Fuzzing Ping https://traffic.libsyn.com/securitypodcast/8288.mp3 https://isc.sans.edu/podcastdetail/8288 Tue, 13 Dec 2022 02:00:01 GMT https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328
FortiOS Buffer Overlow
https://www.fortiguard.com/psirt/FG-IR-22-398
A Custom Python Backdoor for VMWare ESXi Servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
Fuzzing Ping
https://tlakh.xyz/fuzzing-ping.html
]]> 6:21 ping, fuzzing, python backdoor, vmware, esxi, fortios, cyberchef, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8286 Fast PS Portscanner; Bypassing WAFs; Invisible npm malware; PCI Software Security; vmware advisory Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fast PS Portscanner; Bypassing WAFs; Invisible npm malware; PCI Software Security; vmware advisory https://traffic.libsyn.com/securitypodcast/8286.mp3 https://isc.sans.edu/podcastdetail/8286 Mon, 12 Dec 2022 03:10:01 GMT https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324
Bypassing WAFs with JSON
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
Invisbile npm malware evading security checks
https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/
PCI Secre Software Standard V 1.2
https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf
VMWare/VCenter Patches
https://www.vmware.com/security/advisories/VMSA-2022-0030.html
]]> 6:42 vmware, vcenter, powershell, nmap, portscanner, json, wab, npm, version, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8284 Finding Log Gaps; IE Exploit; Zombinder; Cisco IP Phone Vuln; daloRADIUS vuln; SANS Holiday Hack Challenge Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Finding Log Gaps; IE Exploit; Zombinder; Cisco IP Phone Vuln; daloRADIUS vuln; SANS Holiday Hack Challenge https://traffic.libsyn.com/securitypodcast/8284.mp3 https://isc.sans.edu/podcastdetail/8284 Fri, 09 Dec 2022 04:36:56 GMT https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314
Internet Explorer Vulnerabilty used in Malicious Word Document
https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/
Zombinder Obfuscation Service used by Ermac
https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html
Cisco IP Phone Vulnerability CVE-2022-20968
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U
daloRADIUS Vulnerablity CVE-2022-23475
https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app/
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
]]> 5:43 cisco, logs, syslog, holiday, hack challenge, daloradius, ip phone, zombinder, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8282 IoT Bot WSZero; Cacti Vulnerability; Wireshark Updates; Apple iCloud Encryption Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IoT Bot WSZero; Cacti Vulnerability; Wireshark Updates; Apple iCloud Encryption https://traffic.libsyn.com/securitypodcast/8282.mp3 https://isc.sans.edu/podcastdetail/8282 Thu, 08 Dec 2022 04:55:01 GMT https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities
https://blog.netlab.360.com/new-ddos-botnet-wszeor/
Cacti Vulnerability CVE-2022-46169
https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
Wireshark Updates
https://www.wireshark.org/docs/relnotes/wireshark-4.0.2.html
Apple iCloud Security Improvements
https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/
]]> 5:10 apple, icloud, wireshark, cacti, zerobot, wszero, wss, websocket, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8280 Gafgyt/Mirai Sample; Packet Tuesday; Defcon Skimming; Fake D-Link Vuln; Android Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Gafgyt/Mirai Sample; Packet Tuesday; Defcon Skimming; Fake D-Link Vuln; Android Updates https://traffic.libsyn.com/securitypodcast/8280.mp3 https://isc.sans.edu/podcastdetail/8280 Wed, 07 Dec 2022 03:30:02 GMT https://isc.sans.edu/forums/diary/Mirai%20Botnet%20and%20Gafgyt%20DDoS%20Team%20Up%20Against%20SOHO%20Routers./29304/Gafgyt/Mirai Sample; Packet Tuesday;
Packet Tuesday Episode 4: TLS Client Hello
https://www.youtube.com/playlist?list=PLs4eo9Tja8biVteSW4a3GHY8qi0t1lFLL
Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
Fake D-Link Vulnerability used by Moobot
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
Android Patches CVE-2022-20411
https://source.android.com/docs/security/bulletin/2022-12-01?hl=en
]]> 5:32 android, bluetooth, d-link, moobot, defcon, tls, packet tuesday, mirai, gafgyt, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8278 VLC Update Issues; AMI MegaRAC BMC Vuln; Netgear IPv6; Veritas NetBackup Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VLC Update Issues; AMI MegaRAC BMC Vuln; Netgear IPv6; Veritas NetBackup https://traffic.libsyn.com/securitypodcast/8278.mp3 https://isc.sans.edu/podcastdetail/8278 Tue, 06 Dec 2022 16:07:18 GMT https://isc.sans.edu/diary/VLCs+Check+For+Updates+No+Updates/29300
AMI MegaRAC Baseboard Managment Controller Vulnerabilities
https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/
Netgear IPv6 Firewall Misconfiguration
https://medium.com/tenable-techblog/netgear-router-network-misconfiguration-70ac695c81a6
Veritas NetBackup Patch
https://www.veritas.com/content/support/en_US/security/VTS22-019
]]> 5:46 videolan, vlc, bmc, megarac, ami, netgear, ipv6, veritas, netbackup, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8276 QBot Update; Linux LOLBins in Windows; Crowdstrike Falcon; Android Cert Leak; Github Artifcat Poisoning Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. QBot Update; Linux LOLBins in Windows; Crowdstrike Falcon; Android Cert Leak; Github Artifcat Poisoning https://traffic.libsyn.com/securitypodcast/8276.mp3 https://isc.sans.edu/podcastdetail/8276 Mon, 05 Dec 2022 04:40:02 GMT https://isc.sans.edu/forums/diary/obama224%20distribution%20Qakbot%20tries%20.vhd%20%28virtual%20hard%20disk%29%20images/29294/
Living of the Land: Unix tools in Windows
https://isc.sans.edu/diary/Linux%20LOLBins%20Applications%20Available%20in%20Windows/29296
https://isc.sans.edu/forums/diary/Fingerexe+LOLBin/29298/
CVE-2022-44721 Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
Android Platform Key Leak
https://twitter.com/MishaalRahman/status/1598426974594433025
GitHub Pipeline Vulnerability
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
]]> 9:02 github, android, crowdstrike, lolbin, finger, windows, unix, qbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8274 Quarkus Java RCE; FreeBSD Ping RCE; NVidia Updates; TrustCor Untrusted; Android Platform Certs Abused Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Quarkus Java RCE; FreeBSD Ping RCE; NVidia Updates; TrustCor Untrusted; Android Platform Certs Abused https://traffic.libsyn.com/securitypodcast/8274.mp3 https://isc.sans.edu/podcastdetail/8274 Fri, 02 Dec 2022 02:00:01 GMT https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security
https://access.redhat.com/security/cve/CVE-2022-4116
FreeBSD Ping RCE CVE-2022-23093
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
NVidia GPU Display Driver Vulnerablities CVE-2022-34669
https://nvidia.custhelp.com/app/answers/detail/a_id/5415
TrustCor CA Revoked
https://www.washingtonpost.com/technology/2022/11/30/trustcor-internet-authority-mozilla/
Android Platform Certificates Used to Sign Malware
https://bugs.chromium.org/p/apvi/issues/detail?id=100
]]> 6:25 android, trustcor, nvidia, drivers, certificates, freebsd, ping, quarkus, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8272 Vulnerability Mysteries: Netgear, DLink, Apple; VLC Update; Unlock Cars thx to SirusXM Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Vulnerability Mysteries: Netgear, DLink, Apple; VLC Update; Unlock Cars thx to SirusXM https://traffic.libsyn.com/securitypodcast/8272.mp3 https://isc.sans.edu/podcastdetail/8272 Thu, 01 Dec 2022 02:00:02 GMT https://isc.sans.edu/diary/Whats+the+deal+with+these+router+vulnerabilities/29288/
Apple Updates
https://support.apple.com/en-us/HT201222
VLC Media Player Updates CVE-2022-41325
https://www.videolan.org/security/sb-vlc3018.html
VIN used to authenticate to Sirius XM Connected Vehicle Services
https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/
]]> 5:42 sirius xm, vin, car hacking, vlc, videolan, apple, dlink, linksys, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8270 LinkedIn Bots; Oracle Fusion Exploited; Windows IKE Exploit; Anker Eufy Privacy; SANS Holiday Hack Challenge Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LinkedIn Bots; Oracle Fusion Exploited; Windows IKE Exploit; Anker Eufy Privacy; SANS Holiday Hack Challenge https://traffic.libsyn.com/securitypodcast/8270.mp3 https://isc.sans.edu/podcastdetail/8270 Wed, 30 Nov 2022 02:35:01 GMT https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282
Oracle Fusion Middle Ware Exploited CVE-2021-35587
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Windows IKE Flaw Exploited CVE-2022-34721
https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis/
Anker Eufy Cameras Sending Images to Cloud even if asked not to
https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/
Packet Tuesday
https://packettuesday.com
SANS Holiday Hack Challenge Sign Up
https://www.sans.org/mlp/holiday-hack-challenge/
]]> 6:46 holiday hack challenge, packet tuesday, anker, eufy, privacy, cloud, aws, windows, ike, oracle, fusion, linkedin, bots, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8268 Ukraine Scareware; Google Maps Privacy; ASUS BIOS Patch; OpenSSL and UEFI Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ukraine Scareware; Google Maps Privacy; ASUS BIOS Patch; OpenSSL and UEFI https://traffic.libsyn.com/securitypodcast/8268.mp3 https://isc.sans.edu/podcastdetail/8268 Tue, 29 Nov 2022 02:00:01 GMT https://isc.sans.edu/diary/Ukraine%20Themed%20Twitter%20Spam%20Pushing%20iOS%20Scareware/29276
Google Maps Privacy Issues
https://garrit.xyz/posts/2022-11-24-smart-move-google
ACER UEFI BIOS Vulnerabilities
https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings
OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs
https://www.binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html
]]> 7:04 ukraine, google, maps, privacy, scareware, asus, bios, openssl, uefi, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8266 Log4J Rev. Shell With Nashorn; Phishing with Urgency; BOA Risks; Chrome 0-Day; Smartwatch Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Log4J Rev. Shell With Nashorn; Phishing with Urgency; BOA Risks; Chrome 0-Day; Smartwatch Phishing https://traffic.libsyn.com/securitypodcast/8266.mp3 https://isc.sans.edu/podcastdetail/8266 Mon, 28 Nov 2022 02:00:01 GMT https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim%27s%20machines/29266
Attackers Keep Phishing Victms Under Stress
https://isc.sans.edu/diary/Attackers%20Keep%20Phishing%20Victims%20Under%20Stress/29270
Vulnerable SDK components lead to supply chian risks in IoT and OT environments
https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/
Google Chrome Patches 0-Day
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
Hacking Smartwatches for Spear Phishing
https://cybervelia.com/?p=1380
]]> 7:00 chrome, sdk, smartwatch, phishing, stress, log4shell, nashorn, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8264 Ping vs. TMobile; Bitbucked Vuln; AWS RDS Leaks; Adobe Commerce; Antonio Piazza interview detecting and mitigating MacOS Gatekeeper Override @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ping vs. TMobile; Bitbucked Vuln; AWS RDS Leaks; Adobe Commerce; Antonio Piazza interview detecting and mitigating MacOS Gatekeeper Override @sans_edu https://traffic.libsyn.com/securitypodcast/8264.mp3 https://isc.sans.edu/podcastdetail/8264 Fri, 18 Nov 2022 02:00:02 GMT https://isc.sans.edu/diary/Lessons%20Learned%20from%20Automatic%20Failover%3A%20When%208.8.8.8%20%22disappears%22.%20IPv6%20to%20the%20Rescue%3F/29260
Bitbucket Server and Data Center Vulnerability
https://jira.atlassian.com/browse/BSERV-13522
Amazon RDS Snapshot Leaks
https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots
Adobe Commerce merchants to be hit with TrojanOrders this season
https://sansec.io/research/trojanorder-magento
SANS EDU Research: Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment; Antonio Piazza
https://www.sans.edu/cyber-research/detecting-and-mitigating-the-gatekeeper-user-override-on-macos-in-an-enterprise-environment/
]]> 14:05 adobe, magento, trojanorders, rds, amazon, aws, bitbucket, server, failover, tmobile, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8262 Cheap Evil Maid Defenses; F5 Big-IP PoC; CVE-2022-32899 iOS Neural Engine; Disneyland Malware Team Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cheap Evil Maid Defenses; F5 Big-IP PoC; CVE-2022-32899 iOS Neural Engine; Disneyland Malware Team https://traffic.libsyn.com/securitypodcast/8262.mp3 https://isc.sans.edu/podcastdetail/8262 Thu, 17 Nov 2022 02:00:02 GMT https://isc.sans.edu/diary/Evil%20Maid%20Attacks%20-%20Remediation%20for%20the%20Cheap/29256
F5 Big IP CVE-2022-41622 and CVE-2022-41800 Vulnerability Details
https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/
Details about iPad/iOS Neural Engine Vulnerability CVE-2022-32899
https://github.com/0x36/weightBufs/
Disneyland Malware Team: It's a Puny World After All
https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/#more-61870
]]> 6:34 disneyland, malware, punycode, ipad, ios, neural engine, evil maid, f5, big-ip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8260 Packet Tuesday; Mastodon Bug; Zendesk SQLi; EV Charger Security; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Packet Tuesday; Mastodon Bug; Zendesk SQLi; EV Charger Security; https://traffic.libsyn.com/securitypodcast/8260.mp3 https://isc.sans.edu/podcastdetail/8260 Wed, 16 Nov 2022 02:00:01 GMT https://packettuesday.com
Stealing Passwords From Infosec Mastodon - Without Bypassing CSP
https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
SQLi and Access Flaws in Zendesk
https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws
Electric Vehicle Charging Infrastructure
https://newsreleases.sandia.gov/ev_security/
]]> 5:24 packets, packet tuesday, dns, idn, punycode, passwords, mastodon, csp, sqli, zendesk, graphql, ev, chargers, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8258 CONNECT Scans; Windows Kerberos Bug; Cookies vs MFA; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CONNECT Scans; Windows Kerberos Bug; Cookies vs MFA; https://traffic.libsyn.com/securitypodcast/8258.mp3 https://isc.sans.edu/podcastdetail/8258 Tue, 15 Nov 2022 02:45:02 GMT https://isc.sans.edu/diary/Extracting%20%27HTTP%20CONNECT%27%20Requests%20with%20Python/29246
Windows Kerberos Authentication Breaks After November Updates
https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#2953msgdesc
Cookies for MFA Bypass Gain Traction Among Cyberattackers
https://www.darkreading.com/threat-intelligence/cookies-mfa-bypass-cyberattackers
]]> 5:26 cookies, mfa, kerberos, november, patch tuesday, updates, connect, proxy, scans, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8256 logfmt and Cyberchef; Worldcup Risks; CA Concerns; OpenLiteSpeed Vulns Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. logfmt and Cyberchef; Worldcup Risks; CA Concerns; OpenLiteSpeed Vulns https://traffic.libsyn.com/securitypodcast/8256.mp3 https://isc.sans.edu/podcastdetail/8256 Mon, 14 Nov 2022 02:00:02 GMT https://isc.sans.edu/diary/Extracting%20Information%20From%20%22logfmt%22%20Files%20With%20CyberChef/29244
Soccer Worldcup Risks
https://www.theregister.com/2022/11/11/world_cup_security/
https://www.welivesecurity.com/2022/11/11/fifa-world-cup-2022-scams-fake-lotteries-ticket-fraud/
Mysterious Company With Government Ties Plays Key Internet Role
https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/
Extortion Scams Hit Website Owners
https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-damage-sites-reputation-leak-data/
]]> 6:05 extortion, scam, webserver, trustcor, certificate authorities, cyberchef, soccer, fifa, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8254 Observable vs IOC; Android Update; libxml vuln details; xterm vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Observable vs IOC; Android Update; libxml vuln details; xterm vuln; https://traffic.libsyn.com/securitypodcast/8254.mp3 https://isc.sans.edu/podcastdetail/8254 Fri, 11 Nov 2022 02:00:01 GMT https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238
Android Update fixes Lock Screen Bypass
https://source.android.com/docs/security/bulletin/2022-11-01
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
libxml Vulnerability Details
https://gitlab.gnome.org/GNOME/libxml2/-/issues/381
CVE-2022-45063: xterm remote code execution vulnerability
https://www.openwall.com/lists/oss-security/2022/11/10/1
]]> 6:49 cve-2022-45063, xterm, rce, libxml, android, lock screen, observables, ioc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8252 PS Ransomware; iOS/MacOS XML Patches; Lenovo UEFI Patch; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PS Ransomware; iOS/MacOS XML Patches; Lenovo UEFI Patch; https://traffic.libsyn.com/securitypodcast/8252.mp3 https://isc.sans.edu/podcastdetail/8252 Thu, 10 Nov 2022 02:00:02 GMT https://isc.sans.edu/diary/Another%20Script-Based%20Ransomware/29234
Apple Security Updates
https://support.apple.com/en-us/HT201222
Lenovo UEFI Patch
https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/
FoxIT Update
https://www.foxit.com/support/security-bulletins.html
SAP Update
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
]]> 5:14 ransomware, powershell, apple, ipados, ios, xml, CVE-2022-40303, CVE-2022-40304, lenovo, uefi, secure boot, CVE‑2021-3971, CVE-2021-3972, CVE-2021-3970, foxit, CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, CVE-2022-40129, sap, cyber, business Dr. Johannes B. Ullrich full 8250 Microsoft, VMWare and Citrix Patches and maybe Exchange Patches too? Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft, VMWare and Citrix Patches and maybe Exchange Patches too? https://traffic.libsyn.com/securitypodcast/8250.mp3 https://isc.sans.edu/podcastdetail/8250 Wed, 09 Nov 2022 02:00:02 GMT https://isc.sans.edu/diary/Microsoft%20November%202022%20Patch%20Tuesday/29230
VMWare Workspace One Updates CVE-2022-31686, CVE-2022-31687, CVE-2022-31688
https://www.vmware.com/security/advisories/VMSA-2022-0028.html
Citrix Gateway / Citrix ADC Vulnerabilities CVE-2022-27510
https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516
Microsoft Exchange Updates
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2022-exchange-server-security-updates/ba-p/3669045
]]> 7:29 citrix, adc, gateway, vmware, workspace, one, patches, microsoft, vulnerablities, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8248 IPv4 Addresses; Azure AD CBA; Twitter Scams; Facebook Info Removal; Wifi Data Leak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IPv4 Addresses; Azure AD CBA; Twitter Scams; Facebook Info Removal; Wifi Data Leak https://traffic.libsyn.com/securitypodcast/8248.mp3 https://isc.sans.edu/podcastdetail/8248 Tue, 08 Nov 2022 02:00:02 GMT https://isc.sans.edu/diary/IPv4%20Address%20Representations/29224
Azure AD Certificate-based Authentication (CBA) on Mobile
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-certificate-based-authentication-cba-on-mobile/ba-p/2365672
Twitter Scams
https://nakedsecurity.sophos.com/2022/11/04/twitter-blue-badge-email-scams-dont-fall-for-them/
Facebook Personal Information Removal
https://www.facebook.com/contacts/removal
RSA Conference Finds Unencrypted Confidential Data in WiFi Traffic
https://www.darkreading.com/remote-workforce/unencrypted-traffic-weak-e-mail-passwords-still-undermining-wifi-security
]]> 6:03 rsa, wifi, facebook, remove information, twitter, azure, ad, cba, certificates, yubikey, ip addresses, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8246 Remcos RAT and Unicode; VHD Malware; PyPi w4sp Stealer; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Remcos RAT and Unicode; VHD Malware; PyPi w4sp Stealer; https://traffic.libsyn.com/securitypodcast/8246.mp3 https://isc.sans.edu/podcastdetail/8246 Mon, 07 Nov 2022 02:00:02 GMT https://isc.sans.edu/diary/Remcos%20Downloader%20with%20Unicode%20Obfuscation/29220
Windows Malware With VHD Extension
https://isc.sans.edu/diary/Windows%20Malware%20with%20VHD%20Extension/29222
PyPi Packages Attempting to Deliver w4sp Stealer
https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
]]> 5:34 pypi, w4sp stealer, vhd, malware, remcos, unicode, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8244 Burp Breakpoints; TA589 JavaScript Injection; Hitachi, Fortinet, Nessus Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Burp Breakpoints; TA589 JavaScript Injection; Hitachi, Fortinet, Nessus Patches https://traffic.libsyn.com/securitypodcast/8244.mp3 https://isc.sans.edu/podcastdetail/8244 Fri, 04 Nov 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Breakpoints%20in%20Burp/29214/
TA569 Supply Chain Attack Injects JavaScript
https://twitter.com/threatinsight/status/1587865920130752515
https://www.darkreading.com/application-security/supply-chain-attack-pushes-out-malware-to-more-than-250-media-websites
Link to old story similar to the above JavaScript injection
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
Hitachi Infrastructure Analytics Advisor
https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html
FortiNet Patches
https://fortiguard.fortinet.com/psirt?date=11-2022
Nessus Patches
https://www.tenable.com/security/tns-2022-24
]]> 6:57 nessus, fortinet, hitachi, javascript, ta569, breakpoints, burp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8242 DarkVNC History; Sigstore; URLScan.io Leak; Checkmk Exploitation Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DarkVNC History; Sigstore; URLScan.io Leak; Checkmk Exploitation https://traffic.libsyn.com/securitypodcast/8242.mp3 https://isc.sans.edu/podcastdetail/8242 Thu, 03 Nov 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210
sigstore General Availability
https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/
https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/
URLScan.io's SOAR Spot: Chatty Security Tools Leaking Private Data
https://positive.security/blog/urlscan-data-leaks
Checkmk: Remote Code Execution by Chaining Multiple Bugs
https://blog.sonarsource.com/checkmk-rce-chain-1/
]]> 6:12 checkmk, urlscan, urlscan.io, sigstore, darkvnc, hiddenvnc, vnc, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8240 OpenSSL 3.0 Punycode Vulnerability Fix CVE-2022-3786, CVE-2022-3602 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OpenSSL 3.0 Punycode Vulnerability Fix CVE-2022-3786, CVE-2022-3602 https://traffic.libsyn.com/securitypodcast/8240.mp3 https://isc.sans.edu/podcastdetail/8240 Wed, 02 Nov 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Critical+OpenSSL+30+Update+Released+Patches+CVE20223786+CVE20223602/29208
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

]]> 8:06 openssl, punycode, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8238 nmap without nmap; ConnectWise Vuln; Chrome 0-DAy; LODEINFO; Spring Insecurity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. nmap without nmap; ConnectWise Vuln; Chrome 0-DAy; LODEINFO; Spring Insecurity https://traffic.libsyn.com/securitypodcast/8238.mp3 https://isc.sans.edu/podcastdetail/8238 Tue, 01 Nov 2022 02:00:02 GMT https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202
ConnectWise Recover and R1Soft Server Backup Critical Vulnerability
https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin
Google Chrome 0-Day Patch
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
LODEINFO 2022 Abusing Security Software
https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/
Spring Security Vulnerability
https://tanzu.vmware.com/security/cve-2022-31692
]]> 6:25 spring, java, spring security, lodeinfo, google, chrome, 0-day, connectwise, recover, r1soft, nmap, powershell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8236 DUO and O365; Win IPv6 ESP Vuln Details; JunOS Exploit; Raspberry Robin Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DUO and O365; Win IPv6 ESP Vuln Details; JunOS Exploit; Raspberry Robin https://traffic.libsyn.com/securitypodcast/8236.mp3 https://isc.sans.edu/podcastdetail/8236 Mon, 31 Oct 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Supersizing%20your%20DUO%20and%20365%20Integration/29194/
TCP/IP Vulnerability CVE-2022 34718 PoC Restoration and Analysis
https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf
Juniper SSLVON / JunOS RCE Vulnerabilities
https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/

Raspberry Robin Update
https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
]]> 5:57 raspberry, robin, juniper, sslvpn, junos, rce, tcp/ip, fragments, ipv6, ipsec, duo, 2fa, mfa, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8234 OpenSSL Versions; Apple Updates; 1Tbps Fodcha Botnet; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OpenSSL Versions; Apple Updates; 1Tbps Fodcha Botnet; https://traffic.libsyn.com/securitypodcast/8234.mp3 https://isc.sans.edu/podcastdetail/8234 Fri, 28 Oct 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192
Apple Updates
https://support.apple.com/en-us/HT201222
Fodcha Botnet Reaches 1Tbps
https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/
https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/
]]> 5:57 openssl, apple, fodcha, dos, extortion, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8232 Catfeeder Spy; OpenSSL Patch Preannouncement; Ventura Bug; VMWare Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Catfeeder Spy; OpenSSL Patch Preannouncement; Ventura Bug; VMWare Vulnerability https://traffic.libsyn.com/securitypodcast/8232.mp3 https://isc.sans.edu/podcastdetail/8232 Thu, 27 Oct 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Why+is+My+Cat+Using+Baidu+And+Other+IoT+DNS+Oddities/29188
OpenSSL Critical Flaw to Be Patched
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
MacOS Ventura Blocks Security Tools
https://www.wired.com/story/apple-macos-ventura-bug-security-tools/
Critical VMWare Security Tools
https://www.vmware.com/security/advisories/VMSA-2022-0027.html
]]> 6:12 vmware, macos, ventura, tcc, openssl, biadu, cat feeder, iot, dns, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8230 GitHub Cryptomining; Healthcare Ransomware; Cisco Anyconnect Exploit; sqlite PoC Exploit; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GitHub Cryptomining; Healthcare Ransomware; Cisco Anyconnect Exploit; sqlite PoC Exploit; https://traffic.libsyn.com/securitypodcast/8230.mp3 https://isc.sans.edu/podcastdetail/8230 Wed, 26 Oct 2022 02:00:02 GMT https://sysdig.com/blog/massive-cryptomining-operation-github-actions/
Daixin Team Ransomware Targeting Healthcare Providers
https://www.ic3.gov/Media/News/2022/221021.pdf
Cisco Anyconnect Client Exploited in the Wild
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
SQLite Vulnerability Details
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
]]> 5:53 sqlite, cisco, anyconnect, daixin team, healthcare, cryptomining, githbu, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8228 Outlook.com C2; Apple Patches; Cisco Vuln; Dormant Colors Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Outlook.com C2; Apple Patches; Cisco Vuln; Dormant Colors https://traffic.libsyn.com/securitypodcast/8228.mp3 https://isc.sans.edu/podcastdetail/8228 Tue, 25 Oct 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/C2+Communications+Through+outlookcom/29180
Apple Patches Everything October 2022 Edition
https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything%3A%20October%202022%20Edition/29182/
Cisco ISE Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM
Dormant Colors Live Campaign With Over 1m Data Stealing Extensions Installed
https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849
]]> 6:20 dormant colors, chrome, browser extensions, cisco, ise, apple, patches, 0-day, c2, outlook, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8226 Sczriptzzb and Netsupport; rtfdump; Windows MotW Bypass; Fake GitHub Exploits; F5 and Synology Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sczriptzzb and Netsupport; rtfdump; Windows MotW Bypass; Fake GitHub Exploits; F5 and Synology Patches https://traffic.libsyn.com/securitypodcast/8226.mp3 https://isc.sans.edu/podcastdetail/8226 Mon, 24 Oct 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170/
rtfdump find options
https://isc.sans.edu/forums/diary/rtfdumps+Find+Option/29174
Exploited Windows Zero Day Lets JavaScript Files Bypass Security Warnings
https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/
A study of malicious CVE proof of concept exploits in GitHub
https://arxiv.org/pdf/2210.08374.pdf
F5 Patches
https://support.f5.com/csp/article/K11830089
https://support.f5.com/csp/article/K30425568
Synology Updates
https://www.synology.com/en-global/security/advisory/Synology_SA_22_17
]]> 6:47 github, f5, nginx, synology, windows, javascript, motw, signature, authenticode, rtfdump, sczriptzzbn, netsupport, rat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8224 Value of Prefetch; Win 10 TLS Fix; ScubaGear released; HTTP/3 Contamination; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Value of Prefetch; Win 10 TLS Fix; ScubaGear released; HTTP/3 Contamination; https://traffic.libsyn.com/securitypodcast/8224.mp3 https://isc.sans.edu/podcastdetail/8224 Fri, 21 Oct 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/
Microsoft TLS Fix
https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5
CISA Releases ScubaGear to Audit M365
https://github.com/cisagov/ScubaGear
HTTP/3 Connection Contamination
https://portswigger.net/research/http-3-connection-contamination
]]> 5:54 http/3, connection contaminiation, proxy, cdn, load balancers, cisa, m365, scuba, tls, microsoft, prefetch, forensics, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8222 Internet Wide Scanning; studentaid scams; undetectable command and control Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Internet Wide Scanning; studentaid scams; undetectable command and control https://traffic.libsyn.com/securitypodcast/8222.mp3 https://isc.sans.edu/podcastdetail/8222 Thu, 20 Oct 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164
FBI Warns of Student Loan Foregiveness Scams
https://www.ic3.gov/Media/Y2022/PSA221018
Fully Undetectable Powershell Backdoor
https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
]]> 6:06 backdoor, powershell, undetectable, fbi, student loan, studentaid.gov, scanning, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8220 Obfuscating Python; Oracle CPU; Office 365 Encryption; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscating Python; Oracle CPU; Office 365 Encryption; https://traffic.libsyn.com/securitypodcast/8220.mp3 https://isc.sans.edu/podcastdetail/8220 Wed, 19 Oct 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Python%20Obfuscation%20for%20Dummies/29160/
Oracle October 2022 Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2022.html
Weak Encryption in Microsoft Office 365
https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation
Tesla 3 Hack
https://www.synacktiv.com/sites/default/files/2022-10/tesla_hexacon.pdf
]]> 5:27 tesla, encryption, microsoft office, oracle, cpu, python, obfuscation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8218 Fileless Dropper; Apache Commons Text Vuln; MSFT Driver Blocklist NOOP; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fileless Dropper; Apache Commons Text Vuln; MSFT Driver Blocklist NOOP; https://traffic.libsyn.com/securitypodcast/8218.mp3 https://isc.sans.edu/podcastdetail/8218 Tue, 18 Oct 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/
Apache Commons Text Vulnerablity
https://www.openwall.com/lists/oss-security/2022/10/13/4
How a Microsoft Blunder Opened Millions of PCs to Potent Malware Attacks
https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
]]> 6:24 fileless, dropper, powershell, apache, commons, text, msft, microsoft, driver, blocklist, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8216 FortiOS Exploit; Exchange Workaround Bypass; QBot in HTML; Malware in PDF; VMWare End of Life Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. FortiOS Exploit; Exchange Workaround Bypass; QBot in HTML; Malware in PDF; VMWare End of Life https://traffic.libsyn.com/securitypodcast/8216.mp3 https://isc.sans.edu/podcastdetail/8216 Mon, 17 Oct 2022 02:00:02 GMT https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
More Exchange Vulnerability Workaround Bypasses
https://twitter.com/wdormann/status/1576922677675102208
Analysis of a Malicious HTML File and QBot
https://isc.sans.edu/forums/diary/Analysis+of+a+Malicious+HTML+File+QBot/29146
End of Life VMWare ESXi Versions
https://www.lansweeper.com/eol/vmware-esxi-end-of-life/
]]> 5:58 vmware, esxi, end of life, eol, html, qbot, covid, pdf, exchange, workaround, bypass, fortios, fortiproxy, horizon3, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8214 Alchimist/Insekt C&C; vm2 vuln; npm package disclosure; Zimbra Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Alchimist/Insekt C&C; vm2 vuln; npm package disclosure; Zimbra Patch https://traffic.libsyn.com/securitypodcast/8214.mp3 https://isc.sans.edu/podcastdetail/8214 Fri, 14 Oct 2022 02:00:01 GMT https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more
VM2 Sandbox Vulnerability
https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067
private npm package disclosure
https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm
Zimbra Updates
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes
]]> 5:56 zimbra, npm, packages, vm2, sandbox, alchimist, insekt, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8212 Adobe Patches; Fortinet Details and New Patches; iOS and Android VPN Issues; Aruba Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Adobe Patches; Fortinet Details and New Patches; iOS and Android VPN Issues; Aruba Patches https://traffic.libsyn.com/securitypodcast/8212.mp3 https://isc.sans.edu/podcastdetail/8212 Thu, 13 Oct 2022 02:00:01 GMT https://helpx.adobe.com/sa_en/security/security-bulletin.html
Fortinet Guidance
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
https://isc.sans.edu/forums/diary/Scans+for+old+Fortigate+Vulnerability+Building+Target+Lists/29142
Android VPN Issues
https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic/
iOS VPN Issues
https://9to5mac.com/2022/10/12/ios-vpn-apps-2/
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt
]]> 5:03 aruba, ios, vpn, android, fortinet, adobe, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8210 Microsoft October 2022 Patches; SAP Patch Day; CISA Chinese State Sponsored Vuln List Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft October 2022 Patches; SAP Patch Day; CISA Chinese State Sponsored Vuln List https://traffic.libsyn.com/securitypodcast/8210.mp3 https://isc.sans.edu/podcastdetail/8210 Wed, 12 Oct 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/
SAP Patchday
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
Top CVEs Actively Exploited By People s Republic of China State-Sponsored Cyber Actors
https://www.cisa.gov/uscert/ncas/alerts/aa22-279a
]]> 5:56 cisa, cves, china, sap, october, microsoft, patches, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8208 Wireshark Update; Fortinet Vulnerability; BazarCall; RPKI Rate Limiting Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Wireshark Update; Fortinet Vulnerability; BazarCall; RPKI Rate Limiting https://traffic.libsyn.com/securitypodcast/8208.mp3 https://isc.sans.edu/podcastdetail/8208 Tue, 11 Oct 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Wireshark+Specifying+a+Protocol+Stack+Layer+in+Display+Filters/29130
Fortinet Vulnerablity Update
https://twitter.com/Horizon3Attack/status/1579285863108087810
BazarCall Social Engineering Tactics
https://www.trellix.com/en-us/about/newsroom/stories/research/evolution-of-bazarcall-social-engineering-tactics.html
RPKI Rate Limiting
https://www.usenix.org/system/files/sec22-hlavacek.pdf
]]> 6:15 rpki, bazarcall, fortniet, wireshark, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8206 Fortinet Update; Zimbra (cpio) vuln; Exchange Workaround Update; Ikea Smart Buld Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fortinet Update; Zimbra (cpio) vuln; Exchange Workaround Update; Ikea Smart Buld Exploit https://traffic.libsyn.com/securitypodcast/8206.mp3 https://isc.sans.edu/podcastdetail/8206 Mon, 10 Oct 2022 02:00:02 GMT https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models
Zimbra Vulnerability
https://twitter.com/iagox86/status/1578084484720734209
https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed
Microsoft Exchange Workaround Improved Again
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Ikea Smart Bulb Exploit
https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/
]]> 6:22 fortinet, zimbra, cpio, pax, amavisd, exchange, ikea, smart bulb, zigbee, zwave, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8204 Infosec Calendar; OnionPoison; MacOS Archives and MOTW Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Infosec Calendar; OnionPoison; MacOS Archives and MOTW https://traffic.libsyn.com/securitypodcast/8204.mp3 https://isc.sans.edu/podcastdetail/8204 Fri, 07 Oct 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118
OnionPoison: infected Tor Browser installer distributed through popular YouTube channel
https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/
MacOS Architve Utility Vulnerability Details
https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
]]> 5:55 ncsam, infosec, calendar, motw, macos, onionpoison, tor, browser, china, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8202 Phishing via Telegram; Updated MSFT Exchange fix; PHP Packagist Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phishing via Telegram; Updated MSFT Exchange fix; PHP Packagist Vuln; https://traffic.libsyn.com/securitypodcast/8202.mp3 https://isc.sans.edu/podcastdetail/8202 Wed, 05 Oct 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/
Updated Microsoft Exchange Fix
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
https://www.cisa.gov/uscert/ncas/alerts/aa22-277a
A New Supply Chain Attack on PHP
https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/
]]> 5:21 supply chain, packagist, php, microsoft, exchange, telegram, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8200 Exchange Fix Bypass; Schneider UMAS Patch Bypass; Comm100 Compromise Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exchange Fix Bypass; Schneider UMAS Patch Bypass; Comm100 Compromise https://traffic.libsyn.com/securitypodcast/8200.mp3 https://isc.sans.edu/podcastdetail/8200 Tue, 04 Oct 2022 02:00:01 GMT https://twitter.com/testanull/status/1576774007826718720
Schneider Electric UMAS Patch Bypass
https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/
Supply Chain Attack via Trojanized Comm100 Chat Installer
https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
]]> 5:01 comm100, supply chain, trojan, chat, installer, microsoft, exchange, schneider, umas, patch, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8198 Exchange 0-Day Update; Bitbucket Exploited; Apple TCC Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exchange 0-Day Update; Bitbucket Exploited; Apple TCC Bypass https://traffic.libsyn.com/securitypodcast/8198.mp3 https://isc.sans.edu/podcastdetail/8198 Mon, 03 Oct 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106
https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/
CISA Adds Atlasian Bitbucket Vulnerability to Exploited List
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog
Every unsandboxed app has Full Disk Access if Terminal Does
https://lapcatsoftware.com/articles/FullDiskAccess.html
]]> 5:18 sandbox, tcc, macos, terminal, cisa, atlasian, bitbucket, exchange, 0-day, microsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8196 PNG Analysis; Possible Exchange 0-Day; New VMWAre ESXi Persistence Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PNG Analysis; Possible Exchange 0-Day; New VMWAre ESXi Persistence https://traffic.libsyn.com/securitypodcast/8196.mp3 https://isc.sans.edu/podcastdetail/8196 Fri, 30 Sep 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/
Possible Exchange Server 0-Day Vulnerability
https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
]]> 6:03 VIB, vmware, vsphere, exchange server, 0-day, proxy logon, proxy shell, png, pngdump, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8194 Old Flaw to Access VoIP Creds; IRS SMS Scam; Turnstile vs CAPTCHA; Cisco, Arista, Juniper and Chrome Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Old Flaw to Access VoIP Creds; IRS SMS Scam; Turnstile vs CAPTCHA; Cisco, Arista, Juniper and Chrome Patches https://traffic.libsyn.com/securitypodcast/8194.mp3 https://isc.sans.edu/podcastdetail/8194 Thu, 29 Sep 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098
IRS Reports Significant Increase in Texting Scams
https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant
Cloudflare Releases Turnsitle, a user-friendly, privacy-preserving CAPTCHA alternative
https://blog.cloudflare.com/turnstile-private-captcha-alternative/
Cisco Patches
https://kb.cert.org/vuls/id/855201
Chrome 106 Release
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html?m=1
]]> 6:35 chrome, cisco, arista, juniper, vlan, cloudflare, turnstile, captcha, irs, texting, smishing, vtiger, crm, asterisk, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8192 DNS Option 15; YARI for YARA; HTTP Archive Almanac Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS Option 15; YARI for YARA; HTTP Archive Almanac https://traffic.libsyn.com/securitypodcast/8192.mp3 https://isc.sans.edu/podcastdetail/8192 Wed, 28 Sep 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094
Yari: A New Era of Yara Debugging
https://engineering.avast.io/yari-a-new-era-of-yara-debugging/
HTTP Archive Almanac
https://almanac.httparchive.org/en/2022/security
]]> 7:06 almanac, http archive, https, hsts, dns, option 15, dnssec, yari, yara, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8190 Python vs Sandboxes; Mouseover Malware; Redis RCE Flaw; Scoreboard Hacking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python vs Sandboxes; Mouseover Malware; Redis RCE Flaw; Scoreboard Hacking https://traffic.libsyn.com/securitypodcast/8190.mp3 https://isc.sans.edu/podcastdetail/8190 Tue, 27 Sep 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090
Hackers use PowerPoint Files for "Mouseover" Malware Delivery
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Redis 7.0 XAUTOCLAIM Heap Overflow
https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9
Scoreboard Hacking
https://maxwelldulin.com/BlogPost?post=7118102528
]]> 5:56 scoreboard, redis, xautoclaim, overflow, rce, powerpoint, mouseover, python, sandbox, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8188 MSFT Teams Token Stealer; Downloading Malware; WhatsApp Patch; Sophos RCE Flaw; CircleCI Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Teams Token Stealer; Downloading Malware; WhatsApp Patch; Sophos RCE Flaw; CircleCI Phishing https://traffic.libsyn.com/securitypodcast/8188.mp3 https://isc.sans.edu/podcastdetail/8188 Mon, 26 Sep 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082
Downloading Files from Removed Domains
https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/
WhatsApp Security Updates
https://www.whatsapp.com/security/advisories/2022/
Sophos RCE Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
CircleCI Phishing Attacks Used to Access GitHub Accounts
https://discuss.circleci.com/t/circleci-security-alert-warning-phishing-attempt-for-login-credentials/45408
]]> 5:46 circleci, github, phishing, sophos, rce, whatsapp, domains, takedown, malware, cookies, malware, teams, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8186 FODHelper Delivers RAT; MSFT Endpoing Conf Manager Updates; Fuzzing Tool; Apple Updates; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. FODHelper Delivers RAT; MSFT Endpoing Conf Manager Updates; Fuzzing Tool; Apple Updates; https://traffic.libsyn.com/securitypodcast/8186.mp3 https://isc.sans.edu/podcastdetail/8186 Fri, 23 Sep 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078
Microsoft Endpoint Configuration Manager Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972
New Fuzzing Tool: cifuzz
https://github.com/CodeIntelligenceTesting/cifuzz
No Security Updates from Apple
https://support.apple.com/en-us/HT201222
]]> 5:21 apple, ios, watchos, fuzzing, cifuzz, microsoft, endpoint configuration manager, fodhelper, rat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8184 Free Phishing; Insecure tarfile.extract; Twitter Logout Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Free Phishing; Insecure tarfile.extract; Twitter Logout https://traffic.libsyn.com/securitypodcast/8184.mp3 https://isc.sans.edu/podcastdetail/8184 Thu, 22 Sep 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/
Insecure use of tarfile.extract in Python
https://bugs.python.org/issue1044#msg55464
Twitter Failed to Logout Users After Password Reset
https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets
]]> 6:48 twitter, token, oauth, logout, password, tarfile, extract, python, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8182 Chainsaw Hunt; Exploit Cloud PDUs; Default Tamper Protection; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Chainsaw Hunt; Exploit Cloud PDUs; Default Tamper Protection; https://traffic.libsyn.com/securitypodcast/8182.mp3 https://isc.sans.edu/podcastdetail/8182 Wed, 21 Sep 2022 02:00:02 GMT https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066
PDU Exploits past NAT
https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices
Tamper Protection will be turned on for all Enterprise Customers
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478
]]> 6:28 pdu, nat, cloud, tamper protection, enterprise, microsoft, defender, chainsaw, hunt, triage, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8180 Preventing ISO Malware; Emotet Update/History; MSFT Teams Tokens Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Preventing ISO Malware; Emotet Update/History; MSFT Teams Tokens https://traffic.libsyn.com/securitypodcast/8180.mp3 https://isc.sans.edu/podcastdetail/8180 Tue, 20 Sep 2022 02:00:02 GMT Preventing ISO Malware
https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062
State of Emotet
https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022
Undermining Microsoft Teams Security by Mining Tokens
https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens
]]> 6:28 teams, tokens, microsoft, emotet, iso, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8178 CustomXML Word Doc; 2FA on Locked Phones; Spellcheck Password Leak; Reflected Content Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CustomXML Word Doc; 2FA on Locked Phones; Spellcheck Password Leak; Reflected Content https://traffic.libsyn.com/securitypodcast/8178.mp3 https://isc.sans.edu/podcastdetail/8178 Mon, 19 Sep 2022 02:00:02 GMT https://isc.sans.edu/diary/Word+Maldoc+With+CustomXML+and+Renamed+VBAProject.bin/29056
2FA on Lock Screens
https://www.bbc.com/news/uk-england-london-62809151
Chrome and Edge Enhances Spellcheck Features Expose PII, Even Your Password
https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords
Reconstructing Content Reflected in Glasses
https://arxiv.org/abs/2205.03971
]]> 5:56 glasses, zoom, videoconference, chrome, edge, pii, spell check, 2fa, lock screen, word, maldoc, customxml, vba, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8176 Frameset Word Doc; Windows IKE PoC; Trojaned Putty; EZVIZ Cam Vuln; Lenovo BIOS updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Frameset Word Doc; Windows IKE PoC; Trojaned Putty; EZVIZ Cam Vuln; Lenovo BIOS updates https://traffic.libsyn.com/securitypodcast/8176.mp3 https://isc.sans.edu/podcastdetail/8176 Fri, 16 Sep 2022 02:00:01 GMT https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052
CVE-2022-34721 Exploit
https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721
Trojaned Putty Used in Attacks
https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing
Lenovo BIOS Updates
https://support.lenovo.com/us/en/product_security/LEN-94953#Desktop
]]> 6:44 lenovo, putty, mandiant, korea, cve-2022-34721, ipv6, ike, word, frameset, iframe, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8174 Python Process Injection; Queen Elizabeth Phishing; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python Process Injection; Queen Elizabeth Phishing; https://traffic.libsyn.com/securitypodcast/8174.mp3 https://isc.sans.edu/podcastdetail/8174 Thu, 15 Sep 2022 02:00:02 GMT https://isc.sans.edu/diary/Easy+Process+Injection+within+Python/29048
Queen Elizabeth Related Phishing
https://twitter.com/threatinsight/status/1570092339984584705
Microsoft 365 Auto Updates Apps on Locked or Idle Devices
https://techcommunity.microsoft.com/t5/microsoft-365-blog/update-under-lock-improved-update-experience-for-microsoft-365/ba-p/3618901
]]> 5:34 phishing, queen, elizabeth, process injection, hollowing, python, idle, patches, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8172 Microsoft Patch Tuesday; Adobe Patches; Magento Extension Hack; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Patches; Magento Extension Hack; https://traffic.libsyn.com/securitypodcast/8172.mp3 https://isc.sans.edu/podcastdetail/8172 Wed, 14 Sep 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+September+2022+Patch+Tuesday/29044/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Magento Vendor Fishpig Hacked, Backdoors Added
https://sansec.io/research/rekoobe-fishpig-magento
]]> 6:23 microsoft, patch tuesday, patches, ipv6, ipsec, ike, adobe, patches, magento, fishpig, backdoor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8170 Honeypot vs VirusTotal; Apple Patches; Ransomware Enters via MiVoice Voip Device Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Honeypot vs VirusTotal; Apple Patches; Ransomware Enters via MiVoice Voip Device https://traffic.libsyn.com/securitypodcast/8170.mp3 https://isc.sans.edu/podcastdetail/8170 Tue, 13 Sep 2022 02:00:01 GMT https://isc.sans.edu/diary/VirusTotal+Result+Comparisons+for+Honeypot+Malware/29040
Apple Patches
https://support.apple.com/en-us/HT201222
Lorenz Ransomware Group Cracks MiVoice and Calls Back For Free
https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/
]]> 7:41 lorenz, mivoice, mitel, voip, apple, ios, ipados, macos, patches, virustotal, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8168 File Exchange Malware; Bypassing Github Code Review; Intermittent Encryption; CRLs are Back; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. File Exchange Malware; Bypassing Github Code Review; Intermittent Encryption; CRLs are Back; https://traffic.libsyn.com/securitypodcast/8168.mp3 https://isc.sans.edu/podcastdetail/8168 Mon, 12 Sep 2022 02:00:02 GMT https://isc.sans.edu/diary/Phishing+Word+Documents+with+Suspicious+URL/29034
Bypassing GitHub Required Reviewers to Submit Malicious Code
https://www.legitsecurity.com/blog/bypassing-github-required-reviewers-to-submit-malicious-code
Crimeware Trends: Ransomware Developers Turn to Intermittent Encryption
https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/
Lets Encrypt Reviving Certificate Revocation Lists
https://letsencrypt.org/2022/09/07/new-life-for-crls.html
]]> 8:31 lets encrypt, certificates, ocsp, crl, revocation lists, malware, file exchange, github, protected branch, crimeware, ransomware, intermittent encryption, partial, encryption, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network Dr. Johannes B. Ullrich full 8166 VBS vs CyberChef; pfBlockerNG RCE; MSFT Teams Data Exfil; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VBS vs CyberChef; pfBlockerNG RCE; MSFT Teams Data Exfil; https://traffic.libsyn.com/securitypodcast/8166.mp3 https://isc.sans.edu/podcastdetail/8166 Fri, 09 Sep 2022 02:00:02 GMT https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/2902
pfBlockerNG Unauthenticated RCE
https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/
GifShell attack creates reverse shell using microsoft teams gifs
https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/]]> 7:03 gifshell, microsoft, teams, pfblockerng, rce, exploit, pfsense, vbs, cyberchef, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8164 PHP Deserialization; TeslaGun; Cisco RV Router Vulns; Shikitega Malware; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PHP Deserialization; TeslaGun; Cisco RV Router Vulns; Shikitega Malware; https://traffic.libsyn.com/securitypodcast/8164.mp3 https://isc.sans.edu/podcastdetail/8164 Thu, 08 Sep 2022 02:00:02 GMT https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024
TA505 Group's TeslaGun In-Depth Analysis
https://www.prodaft.com/resource/detail/ta505-ta505-groups-tesla-gun-depth-analysis
Cisco publishes unpatched Small Business Router Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O
Shikitega - New stealthy malware targeting Linux
https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html
]]> 5:52 shikitega, att, iot, malware, linux, cisco, router, patch, eol, ta505, teslagun, php, deserialization, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8162 Encoded Cobalt Strike; EvilProxy PaaS; Zyxel NAS RCE; Moobot vs D-Link Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Encoded Cobalt Strike; EvilProxy PaaS; Zyxel NAS RCE; Moobot vs D-Link https://traffic.libsyn.com/securitypodcast/8162.mp3 https://isc.sans.edu/podcastdetail/8162 Wed, 07 Sep 2022 02:00:01 GMT https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014
EvilProxy Phishing-As-A-Service with MFA Bypass
https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web
Zyxel Patches RCE Vulnerability
https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml
Moobot Going after D-Link Devices
https://unit42.paloaltonetworks.com/moobot-d-link-devices/
]]> 6:18 moobot, mirai, d-link, zyxel, evilproxy, mfa, proxy, cober strike, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8160 Webb Malware; Defender False Postives; Chrome 0-Day; Sharkbot; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Webb Malware; Defender False Postives; Chrome 0-Day; Sharkbot; https://traffic.libsyn.com/securitypodcast/8160.mp3 https://isc.sans.edu/podcastdetail/8160 Tue, 06 Sep 2022 02:00:02 GMT https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010
Windows Defender False Positive
https://www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/
Google Chrome 0-Day
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html
Sharkbot Android Infostealer in Google Play Store
https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/
Nmap 7.93 - 25th Anniversary Release
https://seclists.org/nmap-announce/2022/1
]]> 5:46 nmap, sharkbot, google play store, google chrome, windows defender, flase positive, hive, james webb, jpeg, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8158 Jolokia Scans (maybe Geode?); Exchange Basic Auth; AWS Access Keys; Gitlab; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Jolokia Scans (maybe Geode?); Exchange Basic Auth; AWS Access Keys; Gitlab; https://traffic.libsyn.com/securitypodcast/8158.mp3 https://isc.sans.edu/podcastdetail/8158 Fri, 02 Sep 2022 02:00:02 GMT https://isc.sans.edu/diary/Jolokia+Scans%3A+Possible+Hunt+for+Vulnerable+Apache+Geode+Servers+%28CVE-2022-37021%29/29006
Microsoft Basic Authentication Deprecation in Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437
Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws
Gitlab Update
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/#brute-force-attack-may-guess-a-password-even-when-2fa-is-enabled
]]> 6:32 gitlab, mobile apps, fingerprints, aws, access keys, authentication, basic, basic auth, exchange, online, jolokie, geode, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8156 QNAME Minimization; iOS 12 Update; Translate Miner; Geode and Foxit PDF Reader Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. QNAME Minimization; iOS 12 Update; Translate Miner; Geode and Foxit PDF Reader Updates https://traffic.libsyn.com/securitypodcast/8156.mp3 https://isc.sans.edu/podcastdetail/8156 Thu, 01 Sep 2022 02:00:02 GMT https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002
iOS 12.5.6 Update
https://support.apple.com/en-us/HT201222
Malware Disguised as Google Translate Desktop App
https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/
Apache Geode Deserialization Flaw
https://lists.apache.org/thread/qrvhmytsshsk5xcb68pwccw3y6m8o8nr
Foxit PDF Reader Update
https://sec-consult.com/vulnerability-lab/advisory/outdated-javascript-engine-leads-to-rce-in-foxit-pdf-reader/
]]> 5:37 foxit, apache, geode, translate, app, miner, ios, dns, qname, minimization, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8154 IRC Bot in Bash; Webb Image Malware; Malicious Chrome Extension; Chromium Clipboard Access Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IRC Bot in Bash; Webb Image Malware; Malicious Chrome Extension; Chromium Clipboard Access https://traffic.libsyn.com/securitypodcast/8154.mp3 https://isc.sans.edu/podcastdetail/8154 Wed, 31 Aug 2022 02:35:02 GMT https://isc.sans.edu/diary/Two+things+that+will+never+die%3A+bash+scripts+and+IRC%21/28998
Malware using James Webb Telescope images
https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Malicious Chrome Extensions
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/
Chromium Based Browsers Allow Access to Clipboard
https://bugs.chromium.org/p/chromium/issues/detail?id=1334203
]]> 6:40 chromium, chrome, extension, clipboard, malware, james webb, bash, irc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8152 UTF7 Update; Twilio Breach Aftermath; PDF Reader Adware; Google Block Blockers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. UTF7 Update; Twilio Breach Aftermath; PDF Reader Adware; Google Block Blockers https://traffic.libsyn.com/securitypodcast/8152.mp3 https://isc.sans.edu/podcastdetail/8152 Tue, 30 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/Update%3A+VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28994
Twilio Breach used to access 2FA Tokens
https://sec.okta.com/scatterswine
Popular PDF Reader Adware
https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads
Google changing its VPN Ad Blocker Policy
https://support.google.com/googleplay/android-developer/answer/12253906?hl=en
]]> 6:09 google, vpn, adblocker, adware, pdf reader, twilio, 2fa, breach, utf7, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8150 Cobalt Strike False Pos; Analyzing HTTP/2; Sysmon Update; Paypal/Coinbase Phish; eth.link at risk Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cobalt Strike False Pos; Analyzing HTTP/2; Sysmon Update; Paypal/Coinbase Phish; eth.link at risk https://traffic.libsyn.com/securitypodcast/8150.mp3 https://isc.sans.edu/podcastdetail/8150 Mon, 29 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/Dealing+With+False+Positives+when+Scanning+Memory+Dumps+for+Cobalt+Strike+Beacons/28990
HTTP2 Packet Analysis with Wireshark
https://isc.sans.edu/diary/HTTP2+Packet+Analysis+with+Wireshark/28986
Paypal Phishing/Coinbase in One Image
https://isc.sans.edu/diary/Paypal+PhishingCoinbase+in+One+Image/28984
Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01
https://isc.sans.edu/diary/Sysinternals+Updates%3A+Sysmon+v14.0+and+ZoomIt+v6.01/28988
eth.link domain at risk
https://www.coindesk.com/tech/2022/08/26/web3-domain-name-service-could-lose-its-web-address-because-programmer-who-can-renew-it-sits-in-jail/
]]> 6:27 eth, domain, ethereum, sysinternals, sysmon, paypal, coinbase, http2, cobalt strike, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8148 URL Shorteners; PyPi Phishing; Oktapus; Genshin Impact Driver; LastPass; Bitbucket Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. URL Shorteners; PyPi Phishing; Oktapus; Genshin Impact Driver; LastPass; Bitbucket Vuln; https://traffic.libsyn.com/securitypodcast/8148.mp3 https://isc.sans.edu/podcastdetail/8148 Fri, 26 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/Taking+Apart+URL+Shorteners/28980
Python Developers Phished for PyPi Credentials
https://twitter.com/pypi/status/1562442188285308929
Group IB Connects Twilio and Cloudflare Phishing attacks to others
https://www.helpnetsecurity.com/2022/08/25/0ktapus-twilio-cloudflare-phishers-targets/
Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
LastPass Security Incident
https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/
Bitbucket Vulnerability
https://securityonline.info/cve-2022-36804-bitbucket-server-and-data-center-command-injection-vulnerability/
]]> 6:35 bitbucket, lastpass, ransomware, genshin, impact, driver, twilio, cloudflare, oktapus, pypi, phishing, url shorteners, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8146 Monster Libra; Tox Coinminers; Carbon Black Blue Screen; GitLab Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Monster Libra; Tox Coinminers; Carbon Black Blue Screen; GitLab Vulnerability https://traffic.libsyn.com/securitypodcast/8146.mp3 https://isc.sans.edu/podcastdetail/8146 Thu, 25 Aug 2022 02:00:02 GMT IcedID -> Cobalt Strike and DarkVNC
https://isc.sans.edu/forums/diary/VNC/28974/
Is Tox the New C&C Method for Coinminers?
https://www.uptycs.com/blog/is-tox-the-new-cc-method-for-coinminers
Carbon Black Blue Screens
https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-Sudden-Blue-Screens-on-Windows-Devices-23rd/ta-p/114369
Gitlab Vulnerability
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import

]]> 5:30 gitlab, carbon black, tox, coinmainers, monster libra, icedid, darkvnc, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8144 security.txt file; Detecting Python Malware; Hyperscrape; Firefox and IBM MQ Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. security.txt file; Detecting Python Malware; Hyperscrape; Firefox and IBM MQ Patches https://traffic.libsyn.com/securitypodcast/8144.mp3 https://isc.sans.edu/podcastdetail/8144 Wed, 24 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/Who%27s+Looking+at+Your+security.txt+File%3F/28972
Assessing Python Malware Detectors with a Benchmark Dataset
https://blog.chainguard.dev/taming-python-malware-scanners/
New Iranian APT Data Extraction Tool
https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/
IBM MQ Update
https://www.ibm.com/support/pages/node/6613021

]]> 6:49 ibm, mq, firefox, iran, hypberscrpe, gmail, python, malware, detector, security.txt, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8142 32/64 Bit Malware; FBI Home Proxy Warning Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 32/64 Bit Malware; FBI Home Proxy Warning https://traffic.libsyn.com/securitypodcast/8142.mp3 https://isc.sans.edu/podcastdetail/8142 Tue, 23 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/32+or+64+bits+Malware%3F/28968
Proxies and Configurations Used for Credential Stuffing Attacks
https://www.ic3.gov/Media/News/2022/220818.pdf
DirtyCred Linux Privilege Escalation Vulnerablity
https://www.blackhat.com/us-22/briefings/schedule/#cautious-a-new-exploitation-method-no-pipe-but-as-nasty-as-dirty-pipe-27169
Fake DDos Pages on WordPress Sites Lead to Drive-By-Downloads
https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html
]]> 7:07 ddos, fake, wordpress, malware, dirtycred, proxies, credential stuffing, 32bit, 64bit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8140 Astaroth Malware targeting Brazil; Android Ring App XSS; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Astaroth Malware targeting Brazil; Android Ring App XSS; https://traffic.libsyn.com/securitypodcast/8140.mp3 https://isc.sans.edu/podcastdetail/8140 Mon, 22 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962
Android Ring App XSS
https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/
iOS in App Browser Security Issues
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
iOS in-App Browser Issues
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
]]> 5:41 ios, android, browser, inappbrowser, ring, amazon, xss, privacy, astaroth, malspam, malware, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8138 Cowrie Summaries; TP-Link; Safari Update; iOS VPN Leaks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cowrie Summaries; TP-Link; Safari Update; iOS VPN Leaks https://traffic.libsyn.com/securitypodcast/8138.mp3 https://isc.sans.edu/podcastdetail/8138 Fri, 19 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/Honeypot+Attack+Summaries+with+Python/28956
TP-Link Vulnerability
https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/
Safari Update
https://support.apple.com/en-us/HT213414
iOS VPN Leaks
https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php
Janet Jackson Hard Drive DDoS
https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994
]]> 5:48 cowrie, tp-link, safari, ios, vpn, janet jackson, ddos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8136 Voip Experiment; Apple 0-Days; Chrome 0-Day; Insufficient Cisco Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Voip Experiment; Apple 0-Days; Chrome 0-Day; Insufficient Cisco Patch https://traffic.libsyn.com/securitypodcast/8136.mp3 https://isc.sans.edu/podcastdetail/8136 Thu, 18 Aug 2022 02:00:01 GMT https://isc.sans.edu/diary/A+Quick+VoIP+Experiment/28950
Apple Patches Two Exploited Vulnerabilities
https://isc.sans.edu/diary/Apple+Patches+Two+Exploited+Vulnerabilities/28952
Google Chrome Update
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
Cisco staystaystay exploit tool
https://www.youtube.com/watch?v=ySgbHClk9HE
]]> 5:52 voip, cisco, astersik, sip, google, chrome, apple, iPadOS, iOS, macOS, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8134 UTF7 Maldoc; SEABORGIUM Shutdown; UWB RTLS Security Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. UTF7 Maldoc; SEABORGIUM Shutdown; UWB RTLS Security https://traffic.libsyn.com/securitypodcast/8134.mp3 https://isc.sans.edu/podcastdetail/8134 Wed, 17 Aug 2022 02:00:01 GMT https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946
Disrupting SEABORGIUM's Ongoing Phishing Operations
https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/
UWB Real Time Location Systems: How Secure Radio Communcations May Fail in Practice.
]]> 6:24 utf7, maldoc, vba, seaborgium, linkedin, uwb, rtls, wifi, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8132 Realtek Vuln Followup; MacOS Priv Escalatio; Zoom; Vuln Bootloaders; HPE ILO Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Realtek Vuln Followup; MacOS Priv Escalatio; Zoom; Vuln Bootloaders; HPE ILO https://traffic.libsyn.com/securitypodcast/8132.mp3 https://isc.sans.edu/podcastdetail/8132 Tue, 16 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940
MacOS Privilege Escalation
https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/
Zoom Update
https://explore.zoom.us/en/trust/security/security-bulletin/
Microsoft Block Vulnerable Bootloaders
https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/
HPE Integrated Lights Out 5 Vulnerablities
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04333en_us
]]> 6:31 hpe, ilo, light out, microsoft, bios, bootloader, uefi, zoom, macos, realtek, deserialization, object, sip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8130 CVE-2022-27255 Realtek SDK Vuln; Voicmail HTML Phish; Palo Alto DDoS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CVE-2022-27255 Realtek SDK Vuln; Voicmail HTML Phish; Palo Alto DDoS https://traffic.libsyn.com/securitypodcast/8130.mp3 https://isc.sans.edu/podcastdetail/8130 Mon, 15 Aug 2022 02:00:01 GMT https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940
Phishing HTML Attachment as Voicemail Audio Transcription
https://isc.sans.edu/diary/Phishing+HTML+Attachment+as+Voicemail+Audio+Transcription/28938
CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service Vulnerability
https://security.paloaltonetworks.com/CVE-2022-0028
]]> 11:37 realtek, ecos, sdk, sip, alg, phishing, html, voicemail, cve-2022-0028, pan-os, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8128 Infostealing with NSudo; Cisco Breach; Pulse Connect Secure Vuln; Cisco Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Infostealing with NSudo; Cisco Breach; Pulse Connect Secure Vuln; Cisco Vuln; https://traffic.libsyn.com/securitypodcast/8128.mp3 https://isc.sans.edu/podcastdetail/8128 Fri, 12 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/InfoStealer+Script+Based+on+Curl+and+NSudo/28932
Cisco Breach Details
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
Ivanti Pulse Connect Secure Privilege Escalation Vulnerability
https://gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
]]> 6:53 cisco, asa, firepower, rsa, ivanti, pulse secure, breach, infostealer, nsudo, curl, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8126 DNS Attacks; Defaultinator; Zimbra Compromise; vRealize Vuln; Snort/O365 false pos; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS Attacks; Defaultinator; Zimbra Compromise; vRealize Vuln; Snort/O365 false pos; https://traffic.libsyn.com/securitypodcast/8126.mp3 https://isc.sans.edu/podcastdetail/8126 Thu, 11 Aug 2022 02:00:01 GMT https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928
Rapid 7 Defaultinator
https://defaultinator.com
Zimbra Mass Compromise
https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/
VMWare vRealize Vulnerability
https://www.vmware.com/security/advisories/VMSA-2022-0022.html
Microsoft Vulnerability and IPS/Snort
https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649
]]> 6:22 snort, microsoft 365, vmware, flase positive, vrealize, zimbra, rapid 7, defaultinator, dns, ddos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8124 Microsoft Patches; AEPIC Leak; Adobe Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; AEPIC Leak; Adobe Updates https://traffic.libsyn.com/securitypodcast/8124.mp3 https://isc.sans.edu/podcastdetail/8124 Wed, 10 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924
AEPIC Leak
https://aepicleak.com
Adobe security bulletins
https://helpx.adobe.com/security/security-bulletin.html
]]> 5:39 adobe, amd, intel, aepic, microsoft, patch tuesday, exchange server, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8122 JSON Logs; Edge Security; Malicious Python; New Orchard Botnet Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. JSON Logs; Edge Security; Malicious Python; New Orchard Botnet https://traffic.libsyn.com/securitypodcast/8122.mp3 https://isc.sans.edu/podcastdetail/8122 Tue, 09 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920
Microsoft Edge Enhanced Security
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-browse-safer
Malicious Python Packages
https://www.darkreading.com/application-security/10-malicious-packages-slither-pypi-registry
New Orchard Botnet
https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/
]]> 6:26 json, logs, elk, edge, javascript, python, pypi, setup.py, orchard, dga, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8120 Exim Vuln; DockDockGo and Microsoft; Emergency Alerts; Slack Hash Leak; Zimbra flaw exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exim Vuln; DockDockGo and Microsoft; Emergency Alerts; Slack Hash Leak; Zimbra flaw exploited https://traffic.libsyn.com/securitypodcast/8120.mp3 https://isc.sans.edu/podcastdetail/8120 Mon, 08 Aug 2022 02:00:02 GMT https://github.com/ivd38/exim_overflow
DuckDuckGo Stopping Microsoft Tracking Code
https://spreadprivacy.com/more-privacy-and-transparency/
Emergency Broadcast Messaging System Vulnerabilities
https://content.govdelivery.com/accounts/USDHSFEMA/bulletins/3263326
Slack Leaks Hashed Passwords
https://slack.com/intl/en-in/blog/news/notice-about-slack-password-resets
Zimbra Flaw Exploited
https://nvd.nist.gov/vuln/detail/CVE-2022-27924
]]> 6:22 IPAWS, EAS, emergency alert system, fema, duckduckgo, microsoft, tracking, exim, zimbra, slack, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8118 TLP 2.0; Cloudflare Mail Routing Bug; rsync vuln; Kaspersky VPN Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TLP 2.0; Cloudflare Mail Routing Bug; rsync vuln; Kaspersky VPN Vuln; https://traffic.libsyn.com/securitypodcast/8118.mp3 https://isc.sans.edu/podcastdetail/8118 Fri, 05 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/TLP+2.0+is+here/28914
Hijacking email with Cloudflare Email Routing
https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/
rsync arbitrary file write vulnerablity
https://www.openwall.com/lists/oss-security/2022/08/02/1
Local privilege escalation in Kaspersky VPN
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/
]]> 7:10 kaspersky, vpn, rsync, cloudflar, email, routing, tlp, first, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8116 l9explore User Agent; Arris Vulnerability; Malicious Fork Flood; Paloalto Master key; Laravel; Cisco and DrayTek Vulns; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. l9explore User Agent; Arris Vulnerability; Malicious Fork Flood; Paloalto Master key; Laravel; Cisco and DrayTek Vulns; https://traffic.libsyn.com/securitypodcast/8116.mp3 https://isc.sans.edu/podcastdetail/8116 Thu, 04 Aug 2022 02:00:01 GMT https://isc.sans.edu/diary/l9explore+and+LeakIX+Internet+wide+recon+scans./28910
Arris / Arris Variant DSL/Fiber Router Critical Vulnerability
http://derekabdine.com/blog/2022-arris-advisory
35,000 Malicious Repo Forks Flood GitHub
https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/
Palo Alto Master Key
https://twitter.com/rqu50/status/1554566757704089600#m
Laravel Unserialize RCE
https://github.com/beicheng-maker/vulns/issues/1
Unuathenticated Remote Code Execution in DrayTek Vigor Routers
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html
]]> 6:39 cisco, laravel, draytek, paloalto, global protect, github, arris, l9explore, leakix, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8114 Chinese Hacktivists; Zoho Password Manager Exploit; VMWare Update; Manjusaka Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Chinese Hacktivists; Zoho Password Manager Exploit; VMWare Update; Manjusaka https://traffic.libsyn.com/securitypodcast/8114.mp3 https://isc.sans.edu/podcastdetail/8114 Wed, 03 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/Increase+in+Chinese+%22Hacktivism%22+Attacks/28906
Zoho Password Manager Exploit
https://xz.aliyun.com/t/11578
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2022-0021.html
https://twitter.com/VietPetrus
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
]]> 5:31 manjusaka, chinese, sliver, cobalt strike, vmware, zoho, password manager, hacktivism, china, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8112 DDoS Post Mortem; Exposed Twitter Keys; TCL LinkHub Vuln; Jenkins Plugin Updates; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DDoS Post Mortem; Exposed Twitter Keys; TCL LinkHub Vuln; Jenkins Plugin Updates; https://traffic.libsyn.com/securitypodcast/8112.mp3 https://isc.sans.edu/podcastdetail/8112 Tue, 02 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/A+Little+DDoS+In+the+Morning/28900
Exposed Twitter API Keys
https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/
TCL LinkHub Serialization Issues
https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html
Jenkins Plugin Updates
https://www.jenkins.io/security/advisory/2022-07-27/
]]> 6:40 jenkins, tcl linkhub, twitter, api, ddos, china, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8110 PDF Analysis Primer; IPFS Phishing; Mail Stealing Browser Extension; NPM Package Issues; IP Cameras; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PDF Analysis Primer; IPFS Phishing; Mail Stealing Browser Extension; NPM Package Issues; IP Cameras; https://traffic.libsyn.com/securitypodcast/8110.mp3 https://isc.sans.edu/podcastdetail/8110 Mon, 01 Aug 2022 02:00:02 GMT https://isc.sans.edu/diary/PDF+Analysis+Intro+and+OpenActions+Entries/28894
IPFS The New Hotbed of Phishing
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/
Mail Stealing Browser Extension
https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/
Lofylife Malicious NPM Packages
https://securelist.com/lofylife-malicious-npm-packages/107014/
IP Camera Vulnerability
https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/
Nuki Smart Lock Vulnerabilities
https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/
Foxit PDF Reader
https://www.foxit.com/support/security-bulletins.html
]]> 8:34 foxit, pdf, nuki, dahua, camera, lofylife, npm, email, aol, browser extension, ipfs, openactions, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8108 Covert Bookmarks; SAMBA Bug; Apple BGP Hijack; Veritas and IBM Patches @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Covert Bookmarks; SAMBA Bug; Apple BGP Hijack; Veritas and IBM Patches @sans_edu https://traffic.libsyn.com/securitypodcast/8108.mp3 https://isc.sans.edu/podcastdetail/8108 Fri, 29 Jul 2022 02:00:02 GMT https://isc.sans.edu/diary/Exfiltrating+Data+With+Bookmarks/28890
Critical Samba Bug Could Let Anyone Become Domain Admin
https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/
Apple IP Address Range Hijacked by Rostelecom
https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/
Veritas Patches
https://www.veritas.com/content/support/en_US/security/VTS22-004#c1
IBM Patches
https://www.ibm.com/support/pages/node/6606251
https://www.ibm.com/support/pages/node/6607135
]]> 7:09 IBM, Veritas, QRadar, BGP, Hijack, Rostelecom, Apple, Samba, Bookmarks, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8106 IcedID Malware; WebAssembly Miners; Subzero and Knotweed; @sucurisecurity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IcedID Malware; WebAssembly Miners; Subzero and Knotweed; @sucurisecurity https://traffic.libsyn.com/securitypodcast/8106.mp3 https://isc.sans.edu/podcastdetail/8106 Thu, 28 Jul 2022 02:00:01 GMT https://isc.sans.edu/diary//28884
Web Assembly Crypto Miners
https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html
Subzero and Knotweed
https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/
]]> 6:03 subzero, knotweek, webassembly, wasm, cryptojacking, miners, icedid, bokbot, darkvnc, cobalt strike, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8104 macOS Security; Executable Registry Files; Facebook Business Phishing; Proxy Headers; @xme @x86matthew @Synacktiv Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. macOS Security; Executable Registry Files; Facebook Business Phishing; Proxy Headers; @xme @x86matthew @Synacktiv https://traffic.libsyn.com/securitypodcast/8104.mp3 https://isc.sans.edu/podcastdetail/8104 Wed, 27 Jul 2022 02:00:01 GMT https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882
Registry file with Executable Payload
https://www.x86matthew.com/view_post?id=embed_exe_reg
Targeted Phishing of Facebook Business Users
https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf
Forwarding Address is Hard
https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
]]> 6:09 Macos, apple, registry, phishing, facebook, Forwarding, proxies, headers, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8102 Fileless Powershell; MDM Vulnerablity; CosmicStrand UEFI Rootkit; @securelist @claroty @xme Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fileless Powershell; MDM Vulnerablity; CosmicStrand UEFI Rootkit; @securelist @claroty @xme https://traffic.libsyn.com/securitypodcast/8102.mp3 https://isc.sans.edu/podcastdetail/8102 Tue, 26 Jul 2022 02:00:02 GMT https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878
With Management Comes Risk: Finding Flaws in Filewave MDM
https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
]]> 7:03 cosmicstrand, mdm, uefi, kaspersky, filewave, powershell, fileless, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8100 SMS and Phishing; Sonicwall SQLi; SHA Errors; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SMS and Phishing; Sonicwall SQLi; SHA Errors; https://traffic.libsyn.com/securitypodcast/8100.mp3 https://isc.sans.edu/podcastdetail/8100 Mon, 25 Jul 2022 02:00:02 GMT https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870
Sonicwall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007
Sh*load Exploids Episdoe V: Return of the Error
https://dellfer.com/shload-exploits-episode-v-return-of-the-error/
]]> 5:48 sms, phishing, mobile, sonicwall, sql injection, sha2, error checking, tls, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8098 Non ASCII VBA; Cisco Update; Odd Outlook 365 Warnings; Windows RDP and Office Macro Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Non ASCII VBA; Cisco Update; Odd Outlook 365 Warnings; Windows RDP and Office Macro Updates https://traffic.libsyn.com/securitypodcast/8098.mp3 https://isc.sans.edu/podcastdetail/8098 Fri, 22 Jul 2022 02:00:01 GMT https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866
Cisco Security Updates
https://tools.cisco.com/security/center/publicationListing.x?
Outlook 365 Odd Supicious Login Attempt Warnings
https://www.theregister.com/2022/07/21/outlook_sign_ins/
Windows RDP Brute Force Protection
https://twitter.com/dwizzzleMSFT/status/1549870156771340288
Microsoft resuming blocking macros
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
]]> 6:24 microsoft, windows, rdp, brute force, outlook, password, login attempts, cisco, maldoc, vba, ascii, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8096 Python Ducky; Apple Patches; Zyxel Vuln; DNS over HTTP/3; Atlasian Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python Ducky; Apple Patches; Zyxel Vuln; DNS over HTTP/3; Atlasian Update https://traffic.libsyn.com/securitypodcast/8096.mp3 https://isc.sans.edu/podcastdetail/8096 Thu, 21 Jul 2022 02:00:01 GMT https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860
Apple Patches Everything
https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862
Confluence Atlasian Hard Coded Password
https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html
Zyxel Vulnerablity
https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml
DNS over HTTP/3
https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
]]> 6:09 python, rubber ducky, apple, patches, ios, macos, watchos, tvos, zyxel, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8094 Beacon Request; Zyxel Vuln; Oracle CPU; MacOS Spyware; GPS Tracker Vulnerablity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Beacon Request; Zyxel Vuln; Oracle CPU; MacOS Spyware; GPS Tracker Vulnerablity https://traffic.libsyn.com/securitypodcast/8094.mp3 https://isc.sans.edu/podcastdetail/8094 Wed, 20 Jul 2022 02:00:02 GMT https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856
Oracle July 2022 CPU
https://www.oracle.com/security-alerts/cpujul2022.html
CloudMensis MacOS Spyware
https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/
GPS Tracker Vulnerabilities
https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf
]]> 7:11 beacon, oracle, cpu, cloudmensis, macos, spyware, gps, micodus, tracker, vulnerability, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8092 PDF Tools Keywords; Tor Improvements; Fake ICS Password Cracker; Apache Spark Vuln; Juniper Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PDF Tools Keywords; Tor Improvements; Fake ICS Password Cracker; Apache Spark Vuln; Juniper Vuln https://traffic.libsyn.com/securitypodcast/8092.mp3 https://isc.sans.edu/podcastdetail/8092 Tue, 19 Jul 2022 02:00:02 GMT https://isc.sans.edu/diary/Adding+Your+Own+Keywords+To+My+PDF+Tools/28852
Tor Improvements
https://blog.torproject.org/new-release-tor-browser-115/
Trojan Horse Malware Password Cracker
https://www.dragos.com/blog/the-trojan-horse-malware-password-cracking-ecosystem-targeting-industrial-operators/
CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability
https://securityonline.info/cve-2022-33891-apache-spark-shell-command-injection-vulnerability/
Juniper Junos Vulnerabilities
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories]
]]> 6:01 pdf, didier, trojan, passwords, isc, apache, spark, juniper, junos, tor, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8090 Python File In Use; Google Data Safety; Google Play Malware @ingraomaxime; Faking Github Metadata; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python File In Use; Google Data Safety; Google Play Malware @ingraomaxime; Faking Github Metadata; https://traffic.libsyn.com/securitypodcast/8090.mp3 https://isc.sans.edu/podcastdetail/8090 Mon, 18 Jul 2022 02:00:01 GMT https://isc.sans.edu/diary/Python%3A+Files+In+Use+By+Another+Process/28848
Google Removing App Permissions List for Data Safety
https://twitter.com/MishaalRahman/status/1547307555407421443
Google Play Malware
https://twitter.com/IngraoMaxime/status/1547164768401858560
Faking Github Metadata
https://checkmarx.com/blog/unverified-commits-are-you-unknowingly-trusting-attackers-code/
]]> 5:19 python, locked files, google, play store, app permissions, data safety, github, metadata, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8088 Debugging Broadcast Storms; Deanonymizing Browsers; MFA Phishing; VMWare Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Debugging Broadcast Storms; Deanonymizing Browsers; MFA Phishing; VMWare Patch https://traffic.libsyn.com/securitypodcast/8088.mp3 https://isc.sans.edu/podcastdetail/8088 Fri, 15 Jul 2022 02:00:02 GMT https://isc.sans.edu/diary/A+%22DHCP+is+Broken%22+story%2C+and+a+Blast+from+the+Past+%28or+should+I+say+%22Storm%22+from+the+past%29/28844
Targeted Deanonymization via Side Channel Attacks
https://leakuidatorplusteam.github.io/preprint.pdf
Cookie Theft to BEC
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
VMWare Patch
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
]]> 6:40 vmware, cookie, bec, anonymity, deanonymization, side channel, broadcast storm, networks, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8086 Phishing Referrers; Callback Phishing; Retbleed Spectre; MacOS Sandbox Escape; Lenovo UEFI Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phishing Referrers; Callback Phishing; Retbleed Spectre; MacOS Sandbox Escape; Lenovo UEFI https://traffic.libsyn.com/securitypodcast/8086.mp3 https://isc.sans.edu/podcastdetail/8086 Thu, 14 Jul 2022 02:00:01 GMT https://isc.sans.edu/diary/Using+Referers+to+Detect+Phishing+Attacks/28836
Callback Phishing Campaigns Impersonating Security Companies
https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/
Retbleed Spectre Attack
https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/
Buffer Overflow Vulnerabilities in UEFI firmware of several Lenovo Notebook
https://twitter.com/ESETresearch/status/1547166334651334657
]]> 5:48 uefi, lenovo, eset, macos, sandbox, microsoft, retbleed, spectre, intel, amd, phishing, referrer, callback, security companies, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8084 Microsoft Patch Tuesday; Adobe Patches; SAP Patches; IBM Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Patches; SAP Patches; IBM Patches https://traffic.libsyn.com/securitypodcast/8084.mp3 https://isc.sans.edu/podcastdetail/8084 Wed, 13 Jul 2022 02:25:01 GMT https://isc.sans.edu/diary/Microsoft+July+2022+Patch+Tuesday/28838
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
SAP Patches
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
IBM Patches
https://www.ibm.com/support/pages/node/6602255
https://www.ibm.com/support/pages/node/6602259
https://www.ibm.com/support/pages/node/6602251
]]> 5:48 IBM, MQ, log4j, sap, adobe, microsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8082 Rogers Outage; Rolling Pwn / Hacking Honda; GitHub Runners Crypto Mining; #SANSFIRE Keynote Stream Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Rogers Outage; Rolling Pwn / Hacking Honda; GitHub Runners Crypto Mining; #SANSFIRE Keynote Stream https://traffic.libsyn.com/securitypodcast/8082.mp3 https://isc.sans.edu/podcastdetail/8082 Tue, 12 Jul 2022 02:00:02 GMT https://about.rogers.com/news-ideas/a-message-from-rogers-president-and-ceo/
Rolling Pwn
https://rollingpwn.github.io/rolling-pwn/
GitHub Runners mine Cryptocoins
https://www.trendmicro.com/en_us/research/22/g/unpacking-cloud-based-cryptocurrency-miners-that-abuse-github-ac.html
SANSFIRE Keynote Stream
https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
]]> 6:16 github, rolling pwn, rogers, outage, cryptomining, runners, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8080 SANSFIRE; Emotet vs Cyberchef; Microsoft vs. Macros; Checkmate QNAP; PyPi 2FA; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANSFIRE; Emotet vs Cyberchef; Microsoft vs. Macros; Checkmate QNAP; PyPi 2FA; https://traffic.libsyn.com/securitypodcast/8080.mp3 https://isc.sans.edu/podcastdetail/8080 Mon, 11 Jul 2022 02:00:02 GMT https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
Extracting URLs from Emotet with Cyberchef
https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/
Microsoft rolling Back Macro Policy Change
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
Checkmate Ransomware Affected Poorly Configured QNAP NAS
https://www.qnap.com/en/security-advisory/QSA-22-21
PyPi Requires 2FA for critical packages
https://pypi.org/security-key-giveaway/
]]> 5:27 pypi, 2fa, mfa, titan, google, checkmate, qnap, microsoft, office, macro, emotet, cyberchef, sansfire, keynote, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8078 Max SANs; Fortinet July Updates; Ouch Phishing; Quantum Safe Ciphers; Apple Lockdown Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Max SANs; Fortinet July Updates; Ouch Phishing; Quantum Safe Ciphers; Apple Lockdown https://traffic.libsyn.com/securitypodcast/8078.mp3 https://isc.sans.edu/podcastdetail/8078 Thu, 07 Jul 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/How+Many+SANs+are+Insane/28820/
Fortinet July Updates
https://fortiguard.fortinet.com/psirt?date=07-2022
Phishing Attacks Getting Trickier
https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier
Quantum Safe Ciphers
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4
Apple Proposes Lockdown Mode
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
]]> 7:21 apple, lockdown, ciphers, quantum safe, phsihing, ouch, fortinet, sans, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8076 EternalBlue Retrospective; OpenSSL Update; Keystroke Logging NPM Packages Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. EternalBlue Retrospective; OpenSSL Update; Keystroke Logging NPM Packages https://traffic.libsyn.com/securitypodcast/8076.mp3 https://isc.sans.edu/podcastdetail/8076 Wed, 06 Jul 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/
OpenSSL Patches Two Vulnerabilities
https://www.openssl.org/news/secadv/20220705.txt
Iconburst NPM Software Supply Chain Attack
https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites
]]> 6:20 iconburst, npm, openssl, eternalblue, wannacry, notpetya, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8074 7-Zip and MotW; Session Manager Backdoor; Chrome 0Day Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 7-Zip and MotW; Session Manager Backdoor; Chrome 0Day Patch https://traffic.libsyn.com/securitypodcast/8074.mp3 https://isc.sans.edu/podcastdetail/8074 Tue, 05 Jul 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/
SessionManager Backdoor Seen with IIS
https://securelist.com/the-sessionmanager-iis-backdoor/106868/
Googe Chrome Stable Channel Update
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
]]> 5:31 google, chrome, 0day, sessionmanager, iis, 7zip, motw, office, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8072 Cobalt Strike Domain Suspension; ManageEngine Vuln Details; CWE Top 25 Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cobalt Strike Domain Suspension; ManageEngine Vuln Details; CWE Top 25 Update https://traffic.libsyn.com/securitypodcast/8072.mp3 https://isc.sans.edu/podcastdetail/8072 Fri, 01 Jul 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
https://www.horizon3.ai/red-team-blog-cve-2022-28219/
CWE Top 25 Update
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html#analysis
]]> 6:28 cwe, cve, xxe, rce, cobalt strike, quakbot, manageengine, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8070 Moving MFA; Managing Human Risk Report; Service Fabric PoC; Zimbra RCE; Deepfake Interviews; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Moving MFA; Managing Human Risk Report; Service Fabric PoC; Zimbra RCE; Deepfake Interviews; https://traffic.libsyn.com/securitypodcast/8070.mp3 https://isc.sans.edu/podcastdetail/8070 Thu, 30 Jun 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/
Managing Human Risk Security Awareness Report
https://go.sans.org/lp-wp-2022-sans-security-awareness-report
Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability
https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137
Zimbra RCE Vulnerability
https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
FBI Warns of Deep Fakes Beeing Used in Job Interviews
https://www.ic3.gov/Media/Y2022/PSA220628
]]> 6:45 deepfake, fbi, job interview, zimbra, webmail, service fabric, container, escape, ssa, human risk, moving mfa, mfa, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8068 HiByMusic Scans; OpenSSL Heap Overflow; ZuoRat; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HiByMusic Scans; OpenSSL Heap Overflow; ZuoRat; https://traffic.libsyn.com/securitypodcast/8068.mp3 https://isc.sans.edu/podcastdetail/8068 Wed, 29 Jun 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/
OpenSSL Heap Overflow
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://github.com/openssl/openssl/issues/18625#issuecomment-1165012549
ZuoRat MalwareHijacking Home Office Routers
https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
]]> 5:48 zuorat, openssl, hibymusic, radio.txt, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8066 Encrypted Client Hello; Jenkins Patches; Instagram Age Verification; CodeSys Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Encrypted Client Hello; Jenkins Patches; Instagram Age Verification; CodeSys Vuln https://traffic.libsyn.com/securitypodcast/8066.mp3 https://isc.sans.edu/podcastdetail/8066 Tue, 28 Jun 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/
Jenkins Advisory
https://www.jenkins.io/security/advisory/2022-06-22/
Instagram Age Verification
https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/
CodeSys V2 Vulnerability
https://github.com/ic3sw0rd/Codesys_V2_Vulnerability
]]> 6:30 codesys, ics, ech, jenkins, tls, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8064 Python GUI Malware; Pasting Malcode; WebView2 Risks; Pretend Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python GUI Malware; Pasting Malcode; WebView2 Risks; Pretend Ransomware https://traffic.libsyn.com/securitypodcast/8064.mp3 https://isc.sans.edu/podcastdetail/8064 Mon, 27 Jun 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/
Malicious Code Passed to PowerShell via the Clipboard
https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/
Attacking With WebView2 Applications
https://mrd0x.com/attacking-with-webview2-applications/
Bronze Starlight Ransomware Operations Use Hui Loaders
https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader
Novel Exploit Detected in Mitel VoIP Appliance
https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499
]]> 7:51 python, gui, powershell, clipboard, webview2, starlight, ransomware, hui loaders, mitel, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8062 Coin Stealing Powershell; NSA PS Guidance; MageCart Update; Script Kiddies Hacked; Israeli Air Raid Sirens Hacked; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Coin Stealing Powershell; NSA PS Guidance; MageCart Update; Script Kiddies Hacked; Israeli Air Raid Sirens Hacked; https://traffic.libsyn.com/securitypodcast/8062.mp3 https://isc.sans.edu/podcastdetail/8062 Thu, 23 Jun 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/
Keeping PowerShell: Security Measures to Use and Embrace
https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
Client-Side Magecart Attacks Still Around, But More Covert
https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/
Chinese actor takes aim, armed with Nim Language and Bizarro AES
https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/
Israeli Air Raid Sirens Hacked
https://twitter.com/Israel_Cyber/status/1538821467785265153
]]> 5:31 israel, air raid, siren, hacked, chinese, nim, aes, magecart, powershell, crypto coin, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8060 Domain Age API; OT Vulnerablities; Cloudflare Outage; Acrobat Blocks AV; 7zip MOTW; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Domain Age API; OT Vulnerablities; Cloudflare Outage; Acrobat Blocks AV; 7zip MOTW; https://traffic.libsyn.com/securitypodcast/8060.mp3 https://isc.sans.edu/podcastdetail/8060 Wed, 22 Jun 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/
Forescout Vedere Labs Discovers 56 OT Vulnerabilities
https://www.forescout.com/resources/ot-icefall-report/
Cloudflare Outage
https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/
Does Acrobat Reader Unload Injection of Security Products
https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products
7-Zip Mark-of-the-Web Support
https://www.7-zip.org/history.txt
]]> 6:16 7zip, motw, acrobat, pdf, anti-virus, cloudflare, outage, forescout, ot, vulnerabilities, new domain, domain age, api, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8058 TCP Fast Open Oddities; DFSCoerce NTLM Relay; Windows ARM Update; Safari Exploit; MSIE Remnants; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TCP Fast Open Oddities; DFSCoerce NTLM Relay; Windows ARM Update; Safari Exploit; MSIE Remnants; https://traffic.libsyn.com/securitypodcast/8058.mp3 https://isc.sans.edu/podcastdetail/8058 Tue, 21 Jun 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/
DFSCoerce NTLM Relay Attack
https://github.com/Wh04m1001/DFSCoerce
https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices
https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/
Safari Vulnerability Analysis
https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
Internet Explorer Remnants Still an Issue
https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
]]> 5:43 tcp, fast open, tfo, ntlm, relay, dfscoerce, ARM, windows, update, safari, vulnerablity, internet explorer, mshtml, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8056 Splunk Vulnerability; Matanbuchus Malware; Office 365 Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Splunk Vulnerability; Matanbuchus Malware; Office 365 Ransomware https://traffic.libsyn.com/securitypodcast/8056.mp3 https://isc.sans.edu/podcastdetail/8056 Mon, 20 Jun 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/
Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike
https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/
Proofpoint Discovers Potentially Dangerous Office 365 Functionality
https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
]]> 8:34 malspam, malware, matanbuchus, cobalt strike, splunk, sharepoint, ransomware, office 365, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8054 Houdini is Back; Drifting Cloud; FreeBSD Wifi Xploit; Csico Email Insecurity; Fastjson RCE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Houdini is Back; Drifting Cloud; FreeBSD Wifi Xploit; Csico Email Insecurity; Fastjson RCE https://traffic.libsyn.com/securitypodcast/8054.mp3 https://isc.sans.edu/podcastdetail/8054 Fri, 17 Jun 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/
Drifting Cloud: Zero-Day Sophos Firewall Exploitation
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack
Cisco Email Security Appliance and Cisco Secure Email and Web Manager
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD
Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability
https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/
]]> 5:56 houdini, cisco, email, freebsd, wifi, exploit, sophos, firewall, fastjson, rce, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8052 Terraforming Honeypots; Zimbra Vulnerability; Cloud Middleware; Windows NFS Details; Citrix ADC; Nexans Switches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Terraforming Honeypots; Zimbra Vulnerability; Cloud Middleware; Windows NFS Details; Citrix ADC; Nexans Switches https://traffic.libsyn.com/securitypodcast/8052.mp3 https://isc.sans.edu/podcastdetail/8052 Thu, 16 Jun 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/
Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection
https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
Cloud Middleware Dataset
https://github.com/wiz-sec/cloud-middleware-dataset
CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow
https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow
Citrix Application Delivery Management Security Bulletin
https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512
Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch
https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
]]> 5:57 nexans, citrix, ftto, adm, nfs, windows, cloud, middleware, zimbra, terraform, honeypot, azure, aws, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8050 Microsoft Patch Tuesday; Adobe Patches; Synlaps Azure Vuln; Hetzbleed Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Patches; Synlaps Azure Vuln; Hetzbleed https://traffic.libsyn.com/securitypodcast/8050.mp3 https://isc.sans.edu/podcastdetail/8050 Wed, 15 Jun 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
SynLapse Vulnerability
https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/
Hertzbleed Attack
https://www.hertzbleed.com
]]> 7:05 adobe, microsoft, follina, synlapse, hertzbleed, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8048 Decoding Saitama; Travis CI Leaks; Syslogk Rootkit; Mitel Backdoor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Decoding Saitama; Travis CI Leaks; Syslogk Rootkit; Mitel Backdoor https://traffic.libsyn.com/securitypodcast/8048.mp3 https://isc.sans.edu/podcastdetail/8048 Tue, 14 Jun 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/
Travis CI Logs Expose Users to Cyber Attacks
https://blog.aquasec.com/travis-ci-security
Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
Mitel Desk Phone Backdoor
https://blog.syss.com/posts/rooting-mitel-desk-phones-through-the-backdoor/
]]> 5:48 mitel, phone, linux, syslogk, rootkit, travis ci, saitama, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8046 Exploit Prediction; PACMAN Attack; Carrier Access Panels; Malicious PyPi; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exploit Prediction; PACMAN Attack; Carrier Access Panels; Malicious PyPi; https://traffic.libsyn.com/securitypodcast/8046.mp3 https://isc.sans.edu/podcastdetail/8046 Mon, 13 Jun 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/
PACMan Attack
https://pacmanattack.com
https://twitter.com/wdormann/status/1535245913857351680
Carrier LenelS2 HID Mercury access panel vulnerability
https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01
Malicious Python Modules
https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/
]]> 6:21 python, keep, request, requests, carrier, mercury, lenels2, pacman, epsscall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8044 QBot/TA570 Follina Attempt; Facebook Phishing; Zyxel Adv; Fijuisu Centricstor Vuln; Meeting Owl Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. QBot/TA570 Follina Attempt; Facebook Phishing; Zyxel Adv; Fijuisu Centricstor Vuln; Meeting Owl Vuln https://traffic.libsyn.com/securitypodcast/8044.mp3 https://isc.sans.edu/podcastdetail/8044 Fri, 10 Jun 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/
Analysis of a Facebook Phishing Campaign
https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/
Zyxel Security Advisory
https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml
Fujitsu Centricstor Vulnerability
https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/
Meeting Owl Vulnerablities
https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf
]]> 8:34 meetig owl, fujisu, centricstor, zyxel, facebook, phishing, qbot, follina, ta570, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8042 SANS RSA Panel; More Confluence; Fake CCleaner; Vebatim USB Drive Weakness Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS RSA Panel; More Confluence; Fake CCleaner; Vebatim USB Drive Weakness https://traffic.libsyn.com/securitypodcast/8042.mp3 https://isc.sans.edu/podcastdetail/8042 Thu, 09 Jun 2022 02:00:01 GMT (sorry, video no longer available)
Atlassian Confluence Attacks
https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/
Fake CClenaer Malvertisements
https://blog.avast.com/fakecrack-campaign
Weakness in Verbatim Keypad Secure USB Drive
https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
]]> 5:55 verbatim, keypad, secure, usb, drive, ccleaner, fake, rsa, panel, atlassian, confluence, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8040 DogWalk Windows 0-Day; QBot uses Follina; Deadbolt Update; Android Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DogWalk Windows 0-Day; QBot uses Follina; Deadbolt Update; Android Patches https://traffic.libsyn.com/securitypodcast/8040.mp3 https://isc.sans.edu/podcastdetail/8040 Wed, 08 Jun 2022 11:45:02 GMT https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd
QBot Uses Follina
https://twitter.com/threatinsight/status/1534227444915482625
Deadbolt Ransomware
https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html
Google Android Updates
https://source.android.com/security/bulletin/2022-06-01?hl=en
]]> 5:34 dogwalk, windows, qbot, follina, deadbolt, android, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8038 Follina Analysis Helper; Obscured Phishing; Unpatched Horde RCE; Passwordstate Looses Priv. Key Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Follina Analysis Helper; Obscured Phishing; Unpatched Horde RCE; Passwordstate Looses Priv. Key https://traffic.libsyn.com/securitypodcast/8038.mp3 https://isc.sans.edu/podcastdetail/8038 Tue, 07 Jun 2022 06:30:02 GMT https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/
Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners
https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/
Unpatched Horde Webmail Bug
https://blog.sonarsource.com/horde-webmail-rce-via-email/
Clickstudio (Passwordstate) Code Signing Cert Used by Follina Malware
https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/
]]> 6:18 clickstudio, passwordstate, horde, webmail, phishing, ms-msdt, rtf, maldocs, oledump, follina, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8036 Simple Analysis Evasion; Confluence Exploit; Gitlab Patch; u-boot Vuln; Unisoc Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Simple Analysis Evasion; Confluence Exploit; Gitlab Patch; u-boot Vuln; Unisoc Vuln https://traffic.libsyn.com/securitypodcast/8036.mp3 https://isc.sans.edu/podcastdetail/8036 Mon, 06 Jun 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/
Atlassian Exploit Released
https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/
GitLab Critical Security Release
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
U-Boot Vulnerablities
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
Unisoc Baseband Chip Vulnerability
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
]]> 5:28 sandbox, filename, gitlab, uboot, unisoc, atlasian, confluence, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8034 Intro to RECmd.exe; Confluence 0-Day; JetPort Backdoor; Elasticsearch Wiper; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Intro to RECmd.exe; Confluence 0-Day; JetPort Backdoor; Elasticsearch Wiper; https://traffic.libsyn.com/securitypodcast/8034.mp3 https://isc.sans.edu/podcastdetail/8034 Fri, 03 Jun 2022 10:57:34 GMT https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/
Zero-Day Exploitation of Atlassian Confluence
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
Korenix Technology JetPort Backdoor
https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetport-series/
Elasticsearch Data Wiped
https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note
]]> 6:00 elasticsearch, korenix, jetport, zero-day, atlassian, confluence, redmd.exe, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8032 Better HTML Phishing; Follina Update; Windows Search Vuln; WhatsApp Takeover; Weak RSA Keys Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Better HTML Phishing; Follina Update; Windows Search Vuln; WhatsApp Takeover; Weak RSA Keys https://traffic.libsyn.com/securitypodcast/8032.mp3 https://isc.sans.edu/podcastdetail/8032 Thu, 02 Jun 2022 11:38:50 GMT https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/
Unofficial Patch for CVE-2022-30190 (Follina)
https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html
Windows Search Vulnerability
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
Call Forwarding Used to Compromise WhatsApp Accounts
https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web
Badkeys in Fuji Xerox and Canon Printers
https://fermatattack.secvuln.info
]]> 5:55 badkeys, fuji, xeros, canon, rsa, fermat, whatsapp, windows, search, follina, phishing, html, obfuscation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8030 Follina Update; OAS Platform Vuln; Exposed MySQL; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Follina Update; OAS Platform Vuln; Exposed MySQL; https://traffic.libsyn.com/securitypodcast/8030.mp3 https://isc.sans.edu/podcastdetail/8030 Wed, 01 Jun 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/
https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694/
Open Automation Software Platform Vulnerability
https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html
Over 3.6 million MySQL servers found exposed on the Internet
https://www.bleepingcomputer.com/news/security/over-36-million-mysql-servers-found-exposed-on-the-internet/
]]> 5:18 follina, ms-msdt, oas, open automation software, mysql, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8028 Microsoft Office MS-MSDT URL Scheme Exploit (0-Day) #follina Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Office MS-MSDT URL Scheme Exploit (0-Day) #follina https://traffic.libsyn.com/securitypodcast/8028.mp3 https://isc.sans.edu/podcastdetail/8028 Mon, 30 May 2022 20:59:37 GMT https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/
]]> 7:47 microsoft, ms-msdt, debug tool, follina, office, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8026 Huge Signed PE Files; CVE-2022-22972 PoC; BMC Vuln.; Trend Micro vs. MSFT Patch; Nate Street @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Huge Signed PE Files; CVE-2022-22972 PoC; BMC Vuln.; Trend Micro vs. MSFT Patch; Nate Street @sans_edu https://traffic.libsyn.com/securitypodcast/8026.mp3 https://isc.sans.edu/podcastdetail/8026 Fri, 27 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/
VMWare Authentication Bypass PoC
https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/
Quanta Server BMC Vulnerability
https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/
Windows 11 and Server 2022 Update Prevent Trend Micro Ransomware Protection
https://success.trendmicro.com/dcx/s/solution/000291066?language=en_US
Nate Street: Advancing SIEM Log Management Strategies through Vendor-Agnostic Measurement
https://www.sans.edu/cyber-research/38685/
]]> 15:40 siem, sans_edu, windows 11, server 2022, quanta, bmc, huge file, vmware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8024 nmap resolve all; Unethical Research; Heroku GibHub Update; Tails Vuln; Chrome Bugs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. nmap resolve all; Unethical Research; Heroku GibHub Update; Tails Vuln; Chrome Bugs https://traffic.libsyn.com/securitypodcast/8024.mp3 https://isc.sans.edu/podcastdetail/8024 Thu, 26 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/
Attacker Modifying Libraries Claims "Research"
https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/
Heroku GitHub Integration Re-Enabled Again
https://blog.heroku.com/github-integration-update
Serious security vulnerablity in Tails 5.0
https://tails.boum.org/security/prototype_pollution/index.en.html
Google Chrome Update
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
]]> 5:09 google, chrome, tail, firefox, github, heroku, nmap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8022 Python/PHP Library Backdoor; Zoom Patches; VMWare Exploit; Zyxel Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python/PHP Library Backdoor; Zoom Patches; VMWare Exploit; Zyxel Patches https://traffic.libsyn.com/securitypodcast/8022.mp3 https://isc.sans.edu/podcastdetail/8022 Wed, 25 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare Exploit About to Be Released
https://twitter.com/Horizon3Attack/status/1528935531333177344
Zyxel Firewalls, AP Controllers, APs Patch
https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml
]]> 5:18 zyxel, vmware, horizon3, zoom, ctx, php, python, pypi, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8020 jQuery-File-Upload Scans; Oracle OOB Patch; NPM Hijack Detection; Account Pre-Hijacking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. jQuery-File-Upload Scans; Oracle OOB Patch; NPM Hijack Detection; Account Pre-Hijacking https://traffic.libsyn.com/securitypodcast/8020.mp3 https://isc.sans.edu/podcastdetail/8020 Tue, 24 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/
Oracle Security Alert Advisory - CVE-2022-21500
https://www.oracle.com/security-alerts/alert-cve-2022-21500.html
How to find NPM dependencies vulnerable to account hijacking
https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/
Pre-hijacked accounts
https://arxiv.org/pdf/2205.10174.pdf
]]> 5:26 jquery, hijacking, file upload, oracle, npm, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8018 Zip bomb AV Evasion; Cisco Redis Patch; pwn2own Results; Cobalt Strike via PyPi; Netgear No Patch; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Zip bomb AV Evasion; Cisco Redis Patch; pwn2own Results; Cobalt Strike via PyPi; Netgear No Patch; https://traffic.libsyn.com/securitypodcast/8018.mp3 https://isc.sans.edu/podcastdetail/8018 Mon, 23 May 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/
Cisco IOS XR Software Health Check Open Port Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK
pwn2own Vancouver 2022 Results
https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#three
Malicious PyPi Packages Drop Cobalt Strike
https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Security Advisory for BR200, BR500 and PSV-2021-0286
https://kb.netgear.com/000064712/Security-Advisory-for-Multiple-Security-Vulnerabilities-on-BR200-and-BR500-PSV-2021-0286
]]> 6:10 netgear, br200, br500, pypi, cobalt strike, pwn2own, zipbomb, cisco, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8016 Bumblebee via TransferXL; MSFT OOB Update; SonicWall SMA1000; QNAP Deadbolt; DOJ Policy Update; Exposed Kubernetes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Bumblebee via TransferXL; MSFT OOB Update; SonicWall SMA1000; QNAP Deadbolt; DOJ Policy Update; Exposed Kubernetes https://traffic.libsyn.com/securitypodcast/8016.mp3 https://isc.sans.edu/podcastdetail/8016 Fri, 20 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/
Microsoft Out-of-Band Update fixes Authentication Issues
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services
Sonicwall Patch for SMA 1000
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010
QNAP NAS Deadbolt Ransomware
https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas-and-update-qts-to-the-latest-available-version
380,000 open Kubernetes API Servers
https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/
Doj Annnounces New Polciy for Charging Cases under the Computer Fraud and Abuse Act
https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act
]]> 6:01 Bumblebee, sonicwall, windows, patch, AD, qnap, deadbolt, kubernetes, doj, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8014 VMWare Flaws; Tesla BLE Attacks; Credit Card Scraping; MSFT DAP to GDAP Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VMWare Flaws; Tesla BLE Attacks; Credit Card Scraping; MSFT DAP to GDAP Update https://traffic.libsyn.com/securitypodcast/8014.mp3 https://isc.sans.edu/podcastdetail/8014 Thu, 19 May 2022 02:00:01 GMT https://core.vmware.com/vmsa-2022-0014-questions-answers-faq
https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/
Tesla BLE Proximity Authentication Vulnerable to Relay Attacks
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/
Credit Card Scraping via Malicious PHP Code
https://www.ic3.gov/Media/News/2022/220516.pdf
Microsoft updating Delegated Admin Privileges
https://docs.microsoft.com/en-gb/partner-center/announcements/2022-may#13
]]> 6:48 microsoft, credit card, php, tesla, bluetooth, ble, vmware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8012 Chrome Browser Wallet; SQL Server Attacks; macOS Malware; Spring/Zyxel Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Chrome Browser Wallet; SQL Server Attacks; macOS Malware; Spring/Zyxel Exploited https://traffic.libsyn.com/securitypodcast/8012.mp3 https://isc.sans.edu/podcastdetail/8012 Wed, 18 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/
SQL Server Brute Forcing
https://twitter.com/MsftSecIntel/status/1526680337216114693
UpdateAgent Adapts Again
https://www.jamf.com/blog/updateagent-adapts-again/
Updated Exploited Vulnerabilities
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/10/cisa-adds-one-known-exploited-vulnerability-catalog
]]> 6:09 spring, zyxel, updateagent, macos, sql server, browser, chrome, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8010 Apple Updates; Evil Never Sleeps; JS Tracker Keystroke Logging Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; Evil Never Sleeps; JS Tracker Keystroke Logging https://traffic.libsyn.com/securitypodcast/8010.mp3 https://isc.sans.edu/podcastdetail/8010 Tue, 17 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/
Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones
https://arxiv.org/pdf/2205.06114.pdf
Third-Party Web Trackers Log What You Type Before Submitting
https://homes.esat.kuleuven.be/~asenol/leaky-forms/
]]> 6:18 web trackers, javascript, keystroke logging, bluetooth, iphone, uwb, patches, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8008 BIG-IP Review; Sonicwall Patch; Zonealarm Priv Esc Vuln; Taking over npm account Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BIG-IP Review; Sonicwall Patch; Zonealarm Priv Esc Vuln; Taking over npm account https://traffic.libsyn.com/securitypodcast/8008.mp3 https://isc.sans.edu/podcastdetail/8008 Mon, 16 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/
Sonicwall Vulnerabilities Patched
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009
Zonealarm Patch
https://www.zonealarm.com/software/extreme-security/release-history
Taking over npm account
https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/
]]> 6:26 npm, zonealarm, sonicwall, big-ip, f5, mirai, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8006 Get-WebRequest Fails; HP BIOS Patch; INTEL BIOS Patch; Zyxel RCE; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Get-WebRequest Fails; HP BIOS Patch; INTEL BIOS Patch; Zyxel RCE; https://traffic.libsyn.com/securitypodcast/8006.mp3 https://isc.sans.edu/podcastdetail/8006 Fri, 13 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/
HP PC BIOS Security Updates
https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788
INTEL BIOS Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html
Zyxel RCE Vulnerability
https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
]]> 4:58 get-webrequest, bios, hp, intel, zyxel, firewall, rce, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8004 ISO Bumblebee Files; Google Drive Malware; Vanity URL Abuse; not so advanced npm attack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ISO Bumblebee Files; Google Drive Malware; Vanity URL Abuse; not so advanced npm attack https://traffic.libsyn.com/securitypodcast/8004.mp3 https://isc.sans.edu/podcastdetail/8004 Thu, 12 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/
Google Drive Emerges as Top App for Malware Downloads
https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/
Vanity URL Abuse
https://www.varonis.com/blog/url-spoofing
npm Supply Chain Attack Turns Out to be Part of Penetration Test
https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/
]]> 5:33 npm, vanity, url, google drive, malware, pdf, ta578, iso, bumblebee, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8002 Microsoft Patch Tuesday; Adobe Updates; npm foreach; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Updates; npm foreach; https://traffic.libsyn.com/securitypodcast/8002.mp3 https://isc.sans.edu/podcastdetail/8002 Wed, 11 May 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
npm "foreach" package domain takeover
https://www.theregister.com/2022/05/10/security_npm_email/
]]> 5:32 npm, foreach, domain, email, adobe, microsoft, may, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 8000 Octopus Backdoor is Back; CVE-2022-1388 (BIG-IP) Exploits; Trend Micro Fix; Azure RCE Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Octopus Backdoor is Back; CVE-2022-1388 (BIG-IP) Exploits; Trend Micro Fix; Azure RCE Vuln; https://traffic.libsyn.com/securitypodcast/8000.mp3 https://isc.sans.edu/podcastdetail/8000 Tue, 10 May 2022 02:10:01 GMT https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments
CVE-2022-1388 (BIG-IP) Exploits
https://twitter.com/sans_isc/status/1523741896707043328
https://github.com/horizon3ai/CVE-2022-1388
Trend Micro False Positive Aftermath
https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US
Microsoft Azure
https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/
https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/
]]> 5:51 orca, msrc, microsoft, azure, synapse, trend micro, big-ip, bigip, f5, octopus, backdoor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7998 BIG IP Vuln; QNAP Update; Raspberry Robin; rubygems flaw; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BIG IP Vuln; QNAP Update; Raspberry Robin; rubygems flaw; https://traffic.libsyn.com/securitypodcast/7998.mp3 https://isc.sans.edu/podcastdetail/7998 Mon, 09 May 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/
QNAP QVR Update
https://www.qnap.com/de-de/security-advisory/qsa-22-07
Raspberry Robin Worm
https://redcanary.com/blog/raspberry-robin/
rubygems CVE-2022-29176 explained
https://greg.molnar.io/blog/rubygems-cve-2022-29176/
What is the simples malware in the world?
https://isc.sans.edu/forums/diary/What+is+the+simplest+malware+in+the+world/28620/
]]> 5:53 fork bomb, malware, windows, ruby, gems, raspberry, robin, worm, usb, qnap, big-ip, f5, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7996 Excel to Remcos RAT; FIDO Support; Heroku Breach Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Excel to Remcos RAT; FIDO Support; Heroku Breach https://traffic.libsyn.com/securitypodcast/7996.mp3 https://isc.sans.edu/podcastdetail/7996 Fri, 06 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Passwordprotected+Excel+spreadsheet+pushes+Remcos+RAT/28616/
Microsoft, Apple, Google Accelated FIDO Standard Implementation
https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/
Heroku Admits Breach
https://status.heroku.com/incidents/2413
]]> 5:36 heroku, microsoft, apple, google, heroku, excel, remcos rat, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7994 Windows Last Patched Day; Fake Updates; Malvuln; Cisco Patches; F5 Big IP iControl REST Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows Last Patched Day; Fake Updates; Malvuln; Cisco Patches; F5 Big IP iControl REST https://traffic.libsyn.com/securitypodcast/7994.mp3 https://isc.sans.edu/podcastdetail/7994 Thu, 05 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Finding+the+Real+Last+Patched+Day+Interim+Version/28610/
Fake Windows Updates Install Ransomware
https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/
Vulnerablities in Ransomware
https://www.malvuln.com
Heroku Forces Password Reset
https://status.heroku.com/incidents/2413
Cisco Patches Enterprise NFV Infrastructure Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9
Big-IP iControl REST Vulnerability
https://support.f5.com/csp/article/K23605346
]]> 5:54 f5, big-ip, cisco, heroku, malvuln, ransomware, patches, windows, fake updates, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7992 Honeypot Updates; NanoSSL Vuln; uClibc DNS Bugs; AV Exploits; Trend Micro Flase Positive #GOSENTINELS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Honeypot Updates; NanoSSL Vuln; uClibc DNS Bugs; AV Exploits; Trend Micro Flase Positive #GOSENTINELS https://traffic.libsyn.com/securitypodcast/7992.mp3 https://isc.sans.edu/podcastdetail/7992 Wed, 04 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/
TLStorm 2 - NanoSSL TLS Library Misuse
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/
Unpatched DNS Bug in uClibc and uClibc-ng Library
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-DNS-bug-in-popular-c-standard-library-putting-iot-at-risk/
Abusing Security Software to Sideload PlugX and ShadowPad
https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/
Microsoft Edge Update Triggers Trend Micro AV
https://success.trendmicro.com/forum/s/question/0D54T00001QDqzgSAD/we-are-getting-this-message-from-every-client-since-several-minutesis-it-a-false-positiv-error-or-do-we-have-a-real-trojaner-problem-
]]> 6:09 edge, trend micro, microsoft, plugx, shadowpad, dns, queryid, uclibc, tlstorm, nanossl, honeypot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7990 VSTO Office Files; Gmail SMTP Relay; OpenSSF Package Analysis; M1 Prefetcher Leak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VSTO Office Files; Gmail SMTP Relay; OpenSSF Package Analysis; M1 Prefetcher Leak https://traffic.libsyn.com/securitypodcast/7990.mp3 https://isc.sans.edu/podcastdetail/7990 Tue, 03 May 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/
The Gmail SMTP Relay Service Exploit
https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit
OpenSSF Package Analysis
https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/
M1 Prefetcher Data Leak
https://www.prefetchers.info
]]> 5:45 M1, apple, prefetcher, openssf, gmail, smtp, vsto, office, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7988 Passive DNS; Microsoft Edge "VPN"; Weibo Making IPs Public; SonicWall Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Passive DNS; Microsoft Edge "VPN"; Weibo Making IPs Public; SonicWall Vuln; https://traffic.libsyn.com/securitypodcast/7988.mp3 https://isc.sans.edu/podcastdetail/7988 Mon, 02 May 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/
Microsoft Edge Secure Network
https://support.microsoft.com/en-gb/topic/use-the-microsoft-edge-secure-network-to-protect-your-browsing-885472e2-7847-4d89-befb-c80d3dda6318
Sina Weibo Making Users IPs and Location Public
https://www.theregister.com/2022/04/29/weibo_location_services_default/
https://weibo.com/u/1934183965?layerid=4763194269108760
SonicWall Global VPN Client DLL Search Order Hijacking
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036
Zoom Updated
https://explore.zoom.us/en/trust/security/security-bulletin/
]]> 4:48 zoom, sonicwall, vpn, dll hijack, sina, weibo, edge secure network, microsoft, passive dns, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7986 SMB/RPC Honeypot Results; Azure PostgreSQL Priv Esc; GitHub Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SMB/RPC Honeypot Results; Azure PostgreSQL Priv Esc; GitHub Update https://traffic.libsyn.com/securitypodcast/7986.mp3 https://isc.sans.edu/podcastdetail/7986 Fri, 29 Apr 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/A+Day+of+SMB+What+does+our+SMBRPC+Honeypot+see+CVE202226809/28594/
Azure PostgreSQL Privilege Escalation
https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/
Security alert: Attack campaign involving stolen OAuth user tokens
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens
Netatalk Vulnerability Affecting Synology, QNAP, Others?
https://www.synology.com/en-global/security/advisory/Synology_SA_22_06
]]> 6:18 netatalk, linux, qnap, synology, oauth, travis ci, postgrasql, heroku, azure, smb, rpc, honeypot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7984 MITRE ATT&CK Update; MSFT Ukraine Report; Nimuspwn; npm Package Planting Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MITRE ATT&CK Update; MSFT Ukraine Report; Nimuspwn; npm Package Planting https://traffic.libsyn.com/securitypodcast/7984.mp3 https://isc.sans.edu/podcastdetail/7984 Thu, 28 Apr 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/MITRE+ATTCK+v11+a+small+update+that+can+help+not+just+with+detection+engineering/28590/
Microsoft Special Report: Ukraine
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd
Linux Privilege Escalation Nimbuspwn
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
npm Package Planting
https://blog.aquasec.com/npm-package-planting
]]> 6:07 npm, linux, nimbuspwn, privilege escalation, ukraine, microsoft, attck, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7982 WSO2 Vuln Exploited; Core Impact via VMware; VirusTotal Update; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WSO2 Vuln Exploited; Core Impact via VMware; VirusTotal Update; https://traffic.libsyn.com/securitypodcast/7982.mp3 https://isc.sans.edu/podcastdetail/7982 Wed, 27 Apr 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/WSO2+RCE+exploited+in+the+wild/28586/
Core Impact Backdoor Delivered Via VMware Vulnerablity
https://blog.morphisec.com/vmware-identity-manager-attack-backdoor
VirusTotal Exploit Update
https://twitter.com/bquintero/status/1518738072820670464
Emotet Experimenting With New Delivery Techniques
https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques
]]> 6:22 wso2, xmrig, vmware, iran, core impact, virustotal, emotet, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7980 PDF leads to PPT; VirusTotal Vuln; Apple Private Relay; Emotet fixes broken installer Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PDF leads to PPT; VirusTotal Vuln; Apple Private Relay; Emotet fixes broken installer https://traffic.libsyn.com/securitypodcast/7980.mp3 https://isc.sans.edu/podcastdetail/7980 Tue, 26 Apr 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/
VirusTotal Remote Code Execution
https://www.cysrc.com/blog/virus-total-blog
Apple's Private Relay can Cause the System to Ignore Firewall Rules
https://mullvad.net/en/blog/2022/4/25/apples-private-relay-can-cause-the-system-to-ignore-firewall-rules/
Emotet Breaks and Later Fixes Installer
https://www.bleepingcomputer.com/news/security/emotet-malware-infects-users-again-after-fixing-broken-installer/
]]> 5:59 emotet, apple, private relay, firewall, virustotal, pdf, link, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7978 Analyzing Word Phish; Targeting Roku; ECDSA JWT PoC; IBM DB2 Expat Vuln; Jira Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing Word Phish; Targeting Roku; ECDSA JWT PoC; IBM DB2 Expat Vuln; Jira Vuln https://traffic.libsyn.com/securitypodcast/7978.mp3 https://isc.sans.edu/podcastdetail/7978 Mon, 25 Apr 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Analyzing+a+Phishing+Word+Document/28562/
Targeting Roku Streaming Devices
https://isc.sans.edu/forums/diary/Are+Roku+Streaming+Devices+Safe+from+Exploitation/28578/
JWT Null Signature Vulnerability PoC
https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app
Expat XML Vulnerabilities
https://www.ibm.com/support/pages/node/6573293
Jira Vulnerability
https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html
]]> 5:00 atlassian, jira, expat, xml, jwt, java, ecdsa, roku, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7976 Crypto Clipboard Swapper; AWS log4j Bug; Psychic Sig PoC; ALAC Audio Decoder Bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Crypto Clipboard Swapper; AWS log4j Bug; Psychic Sig PoC; ALAC Audio Decoder Bug https://traffic.libsyn.com/securitypodcast/7976.mp3 https://isc.sans.edu/podcastdetail/7976 Fri, 22 Apr 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/MultiCryptocurrency+Clipboard+Swapper/28574/
Amazong Fixes AWS log4j Fix
https://aws.amazon.com/security/security-bulletins/AWS-2022-006/
Cisco Fixes
https://tools.cisco.com/security/center/publicationListing.x
Psychic Signature PoC
https://github.com/khalednassar/CVE-2022-21449-TLS-PoC
ALAC Audio Decoder Bug
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
]]> 6:26 python, windows, cryptocurrency, clipboard, aws, log4j, cisco, java, ecdsa, alac, audio decoder, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7974 Quakbot and DarkVNC; Java Psychic Signatures; Snort Modbus DoS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Quakbot and DarkVNC; Java Psychic Signatures; Snort Modbus DoS https://traffic.libsyn.com/securitypodcast/7974.mp3 https://isc.sans.edu/podcastdetail/7974 Thu, 21 Apr 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/aa+distribution+Qakbot+Qbot+infection+with+DarkVNC+traffic/28568/
Java Psychic Signatures
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
Snort DoS Vulnerability
https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
]]> 5:45 snort, dos, java, ecdsa, psychic signatures, signatures, quakbot, qgot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7972 u-boot Password Reset; Oracle CPU; MetaMask iCloud Phishing; Less SMBv1; Lenovo removes accidental backdoors Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. u-boot Password Reset; Oracle CPU; MetaMask iCloud Phishing; Less SMBv1; Lenovo removes accidental backdoors https://traffic.libsyn.com/securitypodcast/7972.mp3 https://isc.sans.edu/podcastdetail/7972 Wed, 20 Apr 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Resetting+Linux+Passwords+with+UBoot+Bootloaders/28564/
Oracle CPU
https://www.oracle.com/security-alerts/cpuapr2022.html
MetaMask iCloud Phishing
https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/
SMB1 Gone From Windows 11 Home
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473
Lenovo UEFI/BIOS Vulnerability
https://support.lenovo.com/us/en/product_security/ps500483-lenovo-system-update-privilege-escalation-vulnerability
https://support.lenovo.com/de/de/product_security/LEN-84943
]]> 6:15 uboot, oracle, metamask, icloud, cryptocoins, smbv1, windows 11, lenovo, backdoors, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7970 Sysmon BinaryData; Ukraine IcedID and Zimbra; NSO/Pegasus News; Fake Windows 11 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sysmon BinaryData; Ukraine IcedID and Zimbra; NSO/Pegasus News; Fake Windows 11 https://traffic.libsyn.com/securitypodcast/7970.mp3 https://isc.sans.edu/podcastdetail/7970 Tue, 19 Apr 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Sysmons+RegistryEvent+Value+Set/28558/
Ukraine CERT Posts: IcedID and Zimbra Flaw
https://cert.gov.ua/article/39606
https://cert.gov.ua/article/39609
New NSO Pegasus Exploit Spotted in the Wild
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
Unofficial Windows 11 Upgrade Delivers Spyware
https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/
]]> 4:56 Windows 11, Upgrade, microft, malware, pegasus, nso, ukraine, icedid, zimbra, sysmon, registryevent, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7968 Office and ISOs; Heroku/Travis CI GitHub OAuth Leak; Git Windows Bug; Cisco Wireless Controller Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Office and ISOs; Heroku/Travis CI GitHub OAuth Leak; Git Windows Bug; Cisco Wireless Controller Vuln; https://traffic.libsyn.com/securitypodcast/7968.mp3 https://isc.sans.edu/podcastdetail/7968 Mon, 18 Apr 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Office+Protects+You+From+Malicious+ISO+Files/28554/
Github Stolen OAUTH User Tokens
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/
Git For Windows Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2022-24765
Cisco Wireless Controller Bug
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF
]]> 5:36 Cisco, wireless controller, oauth, github, heroku, travis ci, office, iso, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7966 CVE-2022-26809 Update/Webcast; Google Chrome 0-day; Cisco WebEx No-Mute; Grafana Enterprise Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CVE-2022-26809 Update/Webcast; Google Chrome 0-day; Cisco WebEx No-Mute; Grafana Enterprise https://traffic.libsyn.com/securitypodcast/7966.mp3 https://isc.sans.edu/podcastdetail/7966 Fri, 15 Apr 2022 02:30:02 GMT https://isc.sans.edu/forums/diary/An+Update+on+CVE202226809+MSRPC+Vulnerabliity+PATCH+NOW/28550/
Webcast: https://www.sans.org/webcasts/cve-2022-26809-ms-rpc-vulnerability-analysis/
https://twitter.com/splinter_code/status/1514653941304369153
Google Chrome 0-Day Patch
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
Cisco Webex Phones Home Audio Telemetry
https://wiscprivacy.com/papers/vca_mute.pdf
Grafana Enterprise Vulnerabilty
https://grafana.com/blog/2022/04/12/grafana-enterprise-8.4.6-released-with-high-severity-security-fix/

]]> 5:28 grafana, cisco webex, mute, google chrome, 0 day, patch, cve-2022-26809, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7964 Ukraine/Russian Internet Stability; Windows Patches Followup; Adobe Updates; Struts 2 Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ukraine/Russian Internet Stability; Windows Patches Followup; Adobe Updates; Struts 2 Patch https://traffic.libsyn.com/securitypodcast/7964.mp3 https://isc.sans.edu/podcastdetail/7964 Thu, 14 Apr 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/How+is+Ukrainian+internet+holding+up+during+the+Russian+invasion/28546/
Update on Windows Patches and CVE-2022-26809
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809
Adobe Updates
https://helpx.adobe.com/security/products/photoshop/apsb22-20.html
Apache Struts 2 Update
https://cwiki.apache.org/confluence/display/WW/S2-062
]]> 5:52 struts, struts 2, apache, adobe, pdf, reader, acrobat, windows, cve-2022-26809, ukrain, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7962 Microsoft Patch Tuesday; NGINX Statement; Industroyer2 Attack Against Ukraine Power Grid Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; NGINX Statement; Industroyer2 Attack Against Ukraine Power Grid https://traffic.libsyn.com/securitypodcast/7962.mp3 https://isc.sans.edu/podcastdetail/7962 Wed, 13 Apr 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/
NGINX Statement To LDAP Weakness
https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/
Attacks on Ukrainian Power Grid
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
]]> 6:45 ukraine, power grid, industroyer, reloaded, industroyer2, LDAP, nginx, microsoft, patch tuesday, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7960 Spring Cloud Functions Probed; MSFT Autopatch; npm protestware; Raspberry Pi Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Spring Cloud Functions Probed; MSFT Autopatch; npm protestware; Raspberry Pi Update https://traffic.libsyn.com/securitypodcast/7960.mp3 https://isc.sans.edu/podcastdetail/7960 Tue, 12 Apr 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/
Microsoft Windows Autopatch
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839
More npm protestware
https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a
Raspberry Pi Update
https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/
]]> 5:59 raspberry pi, bullseye, npm, protestware, auto patch, windows, sprint, cloud function, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7958 Misc Spring4Shell Items (Cisco, Mirai, Nginx); Russian CA Update; Conti Ransomware Copycats Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Misc Spring4Shell Items (Cisco, Mirai, Nginx); Russian CA Update; Conti Ransomware Copycats https://traffic.libsyn.com/securitypodcast/7958.mp3 https://isc.sans.edu/podcastdetail/7958 Mon, 11 Apr 2022 02:00:02 GMT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html
https://github.com/AgainstTheWest/NginxDay
Russian Certificate Authority Update
https://koen.engineer/russias-certificate-authority-for-sanctioned-organizations-645d61af8ac6
Conti Source Code Leak Leads to Copycats
https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/
]]> 6:15 conti, coycat, russia, certifiates, CA, certificate authority, spring4shell, cisco, mirai, nginx, 0day, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7956 What is BIMI? Watchguard Vuln.; Malware in Lambdas; Job Scam @sans_edu @infosec_taylor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. What is BIMI? Watchguard Vuln.; Malware in Lambdas; Job Scam @sans_edu @infosec_taylor https://traffic.libsyn.com/securitypodcast/7956.mp3 https://isc.sans.edu/podcastdetail/7956 Fri, 08 Apr 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/What+is+BIMI+and+how+is+it+supposed+to+help+with+Phishing/28528/
Watchguard Vulnerability behind Cyclops Blink
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US
Malware Targeting Amazon Lambdas
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
Ashley Taylor: Doppelgaengers: Finding Job Scammers Who Steal Brand Identities
https://www.sans.edu/cyber-research/doppelgangers-finding-job-scammers-who-steal-brand-identities/
]]> 15:36 lambdas, sans_edu, domains, brand, job ads, scams, amazon, bimi, email, watchguard, cyclops blink, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7954 MetaStealer Malware; Cyclops Blink Takedown; Palo Alto TLS Bug; VMWare Bugs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MetaStealer Malware; Cyclops Blink Takedown; Palo Alto TLS Bug; VMWare Bugs https://traffic.libsyn.com/securitypodcast/7954.mp3 https://isc.sans.edu/podcastdetail/7954 Thu, 07 Apr 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/
US Justice Depatment Takes Down Cyclops Blink Botnet
https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation
VMWare Bugs
https://www.vmware.com/security/advisories.html
Palo Alto CVE-2022-0778
https://security.paloaltonetworks.com/CVE-2022-0778
Unpatched Apple Bug
https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/
]]> 6:18 palo alot, vmware, cyclops blink, metastealer, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7952 CryptoMiner vs #Alibaba; #Cicada APT Techniques; Win11 Security; Fin7 Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CryptoMiner vs #Alibaba; #Cicada APT Techniques; Win11 Security; Fin7 Update https://traffic.libsyn.com/securitypodcast/7952.mp3 https://isc.sans.edu/podcastdetail/7952 Wed, 06 Apr 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks
New Security Features for Windows 11
https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/
Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7
https://www.mandiant.com/resources/evolution-of-fin7
]]> 6:30 fin7, windows 11, weblogic, cryptominer, alibaba, cloud, cicada, apt, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7950 WordPress/Google and Phishing; Mailchimp Breachs; GitHub Secret Leak Help; TruffleHog v3; Russian Certs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WordPress/Google and Phishing; Mailchimp Breachs; GitHub Secret Leak Help; TruffleHog v3; Russian Certs https://traffic.libsyn.com/securitypodcast/7950.mp3 https://isc.sans.edu/podcastdetail/7950 Tue, 05 Apr 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/
Mailchimp Breach Used to Target Trezor Users
https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/
Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning
https://github.blog/2022-04-04-push-protection-github-advanced-security/
TruffleHog v3
https://trufflesecurity.com/blog/introducing-trufflehog-v3
Russian Certificates (chinese article)
https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/
]]> 6:13 russia, certificates, trufflehog, github, secrets, api keys, trezor, mailchimp, phishing, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7948 GitLab Patch; ViaSat KA-SAT Details; MacOS Bug Enables Phishing; PEAR Bug Fixed Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GitLab Patch; ViaSat KA-SAT Details; MacOS Bug Enables Phishing; PEAR Bug Fixed https://traffic.libsyn.com/securitypodcast/7948.mp3 https://isc.sans.edu/podcastdetail/7948 Mon, 04 Apr 2022 02:00:02 GMT https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/
ViaSat KA-SAT Network Cyber Attack
https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/
MacOS Bug Enables Phishing
https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users
PHP Supply Chain Attack on PEAR
https://blog.sonarsource.com/php-supply-chain-attack-on-pear
]]> 6:19 php, pear, macos, phishing, viasat, ka-sat, wiper, gitlab, bug, vulnerability, patch, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7946 Spring Clarifies Spring4Shell; Wyze Cam; Zyxel FW Patch; #Apple 0 Days #ipados #ios #0day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Spring Clarifies Spring4Shell; Wyze Cam; Zyxel FW Patch; #Apple 0 Days #ipados #ios #0day https://traffic.libsyn.com/securitypodcast/7946.mp3 https://isc.sans.edu/podcastdetail/7946 Fri, 01 Apr 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/
Apple Patches 0 Day Vulnerability
https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/
Wyze Cam Vulnerabilities
https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf
Zyxel Security Advisory
https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml
]]> 5:35 zyxel, wyze, spring, camera, firewall, macos, vulnerabilities, ipados, ios, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7944 Spring4Shell/Java Confusion; XLSB Parsing; 3CX Phone Systems Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Spring4Shell/Java Confusion; XLSB Parsing; 3CX Phone Systems https://traffic.libsyn.com/securitypodcast/7944.mp3 https://isc.sans.edu/podcastdetail/7944 Thu, 31 Mar 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/
Quickie: Parsing XLSB Documents
https://isc.sans.edu/forums/diary/Quickie+Parsing+XLSB+Documents/28496/
Pwning 3CX Phone Management Backends from the Internet
https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
]]> 5:56 3cx, phone management, xlsb, java, spring4shell, spring, spring cloud, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7942 More Twitter Abuse; Firewall Vuln Correction; UPS Attacks; MFA Bypass Attacks; Mars Stealer; Hacker Subpoena Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Twitter Abuse; Firewall Vuln Correction; UPS Attacks; MFA Bypass Attacks; Mars Stealer; Hacker Subpoena https://traffic.libsyn.com/securitypodcast/7942.mp3 https://isc.sans.edu/podcastdetail/7942 Wed, 30 Mar 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Donations/28492/
Mitigating Attacks Against Uninterruptible Power Supply Devices
https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf
MFA Bypass Attacks
https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
Google Advertises Mars Stealer
https://blog.morphisec.com/threat-research-mars-stealer
Hackers Gaining Power of Subpoena Via Fake "Emergency Data Requests"
https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/
]]> 6:44 hackers, subpaena, data request, emergnecy, mfa, google, mars stealer, cisc, ups, sophos, sonicwall, ukraine, twitter, crypto, currencies, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7940 Twitter BGP Hijack; Ukraine DDoS; Sophos Patches; Sonicwall Update; opnsense CARP bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Twitter BGP Hijack; Ukraine DDoS; Sophos Patches; Sonicwall Update; opnsense CARP bug https://traffic.libsyn.com/securitypodcast/7940.mp3 https://isc.sans.edu/podcastdetail/7940 Tue, 29 Mar 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/
DDoS Against Sites in Ukraine
https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/
Sophos Patches
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
Sonicwall Patches
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003
opnsense CARP protocol routing error
https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7
]]> 6:04 opnsens, CARP, Sonicwall, Sophos, DDoS, Ukraine, BGP, Twitter, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7938 XLSB File Analysis; Dirty Pipe Container Escape; PHP Filter Vuln; OpenBSD slaacd vuln; Google Chrome 0 Day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. XLSB File Analysis; Dirty Pipe Container Escape; PHP Filter Vuln; OpenBSD slaacd vuln; Google Chrome 0 Day https://traffic.libsyn.com/securitypodcast/7938.mp3 https://isc.sans.edu/podcastdetail/7938 Mon, 28 Mar 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/
Dirty Pipe Container Escape PoC
https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/
PHP filter_var Shenanigans
https://pwning.systems/posts/php_filter_var_shenanigans/
OpenBSD slaacd vuln
https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html
Google Chrome Update
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
]]> 6:16 google, chrome, openbsd, php, filter_var, xlsb, container, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7936 Malware via transfer.sh; WD PR4100 NAS Vuln; Crypto Malware; Lapsus$ Arrest; FBI Indictment Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware via transfer.sh; WD PR4100 NAS Vuln; Crypto Malware; Lapsus$ Arrest; FBI Indictment https://traffic.libsyn.com/securitypodcast/7936.mp3 https://isc.sans.edu/podcastdetail/7936 Fri, 25 Mar 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/
Western Digital PR4100 NAS Vulnerabilty
https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/
Crypto malware in patched wallets targeting Android and iOS devices
https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
Lapsus$ Arrest
https://www.bbc.com/news/technology-60864283
https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind?sref=ylv224K8
Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide
https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
]]> 5:56 russian, ics, doj, lapsus$, lapsus, arrest, crypto, malware, android, ios, western digital, sharing, filesharing, afs, transfer.sh, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7934 Mars Stealer; Okta/MSFT/Lapsus$ Update; Azure npm Attack; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mars Stealer; Okta/MSFT/Lapsus$ Update; Azure npm Attack; https://traffic.libsyn.com/securitypodcast/7934.mp3 https://isc.sans.edu/podcastdetail/7934 Thu, 24 Mar 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/
Okta Update
https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/
Microsoft Lapsus$ Update
https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
npm Attack Targeting Azure Developers
https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/
]]> 6:18 mars, stealer, malware, microsoft, okta, lapsus$, lapsus, npm, azure, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7932 Whitehouse Statement; ASUS vs Cyclops; HP Vulnerabilities; Sophos UTM; MacOS GIMMICK; Possible Octa Breach Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Whitehouse Statement; ASUS vs Cyclops; HP Vulnerabilities; Sophos UTM; MacOS GIMMICK; Possible Octa Breach https://traffic.libsyn.com/securitypodcast/7932.mp3 https://isc.sans.edu/podcastdetail/7932 Wed, 23 Mar 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/
ASUS Cyclops Blink Advisory
https://www.asus.com/content/ASUS-Product-Security-Advisory/
HP Vulnerabilities
https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780
Sophos UTM Updates
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710
MacOS GIMMICK Malware
https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/
Octa Breached By Lapsus
https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/
https://twitter.com/BillDemirkapi/status/1506107157124722690
]]> 7:18 octa, lapsus$, gimmick, macos, sophos, hp, printers, ASUS, HP, UTM, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7930 Analyzing Cleaned Maldoc; Serpent Backdoor; IBM Spectrum Protect; Lapsus$ vs Microsoft; Whitehouse Statement Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing Cleaned Maldoc; Serpent Backdoor; IBM Spectrum Protect; Lapsus$ vs Microsoft; Whitehouse Statement https://traffic.libsyn.com/securitypodcast/7930.mp3 https://isc.sans.edu/podcastdetail/7930 Tue, 22 Mar 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/
Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain
IBM Spectrum Protect Update
https://www.ibm.com/support/pages/node/6564745
Lapsus$ May have Breached Microsoft
https://www.theregister.com/2022/03/21/microsoft_lapsus_breach_probe/
Statement by President Biden on our Nation's Cybersecurity
https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/
]]> 7:35 biden, whitehouse, russia, ukraine, lapsus, lapsus$, microsoft, ibm, spectrum protect, serpent, backdoor, french, maldoc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7928 Movable Type; SolarWinds Web Help Desk; MGLNDD Scans; CAPTCHA Phishing; Browser in Browser Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Movable Type; SolarWinds Web Help Desk; MGLNDD Scans; CAPTCHA Phishing; Browser in Browser https://traffic.libsyn.com/securitypodcast/7928.mp3 https://isc.sans.edu/podcastdetail/7928 Mon, 21 Mar 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454/
SolarWinds Advisory: Unauahtneticated Access in Web Help Desk (12.7.5)
https://isc.sans.edu/forums/diary/SolarWinds+Advisory+Unauthenticated+Access+in+Web+Help+Desk+1275/28456/
MGLNDD_* Scans
https://isc.sans.edu/forums/diary/MGLNDD+Scans/28458/
CAPTCHA Phishing
https://www.avanan.com/blog/using-captcha-forms-to-bypass-filters
Browser in the Browser Templates
https://mrd0x.com/browser-in-the-browser-phishing-attack/
]]> 6:06 browser, phishing, captcha, mglndd, solarwinds, web help desk, whd, movable type, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7926 npm sabotage; Deepfakes; ATM Rootkit; Mikrotik Scanner; @sans_edu ICS NAC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. npm sabotage; Deepfakes; ATM Rootkit; Mikrotik Scanner; @sans_edu ICS NAC https://traffic.libsyn.com/securitypodcast/7926.mp3 https://isc.sans.edu/podcastdetail/7926 Fri, 18 Mar 2022 02:00:02 GMT https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/
President Zelensky Deepfakes
https://twitter.com/ngleicher/status/1504186935291506693
ATM Rootkit
https://www.mandiant.com/resources/unc2891-overview
Scanner for Backdoored Mikrotik Routers
https://github.com/microsoft/routeros-scanner
SANS.edu Student: Ron Grohman; Network Access Control and ICS: A Practical Guide
https://www.sans.edu/cyber-research/network-access-control-and-ics-a-practical-guide/
]]> 14:33 sans.edu, ron grohman, ICS, network access control, nac, scanner, mikrotik, atm, deepfakes, zelensky, npm, belarus, russia, ukraine, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7924 Qakbot News; Gh0stCringe via MySQL/MSSQL; dompdf 0 day; openssl dos; pfsense update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Qakbot News; Gh0stCringe via MySQL/MSSQL; dompdf 0 day; openssl dos; pfsense update https://traffic.libsyn.com/securitypodcast/7924.mp3 https://isc.sans.edu/podcastdetail/7924 Thu, 17 Mar 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/
Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
https://asec.ahnlab.com/en/32572/
dompdf 0 day
https://positive.security/blog/dompdf-rce
OpenSSL DoS Vulnerability
https://www.openssl.org/news/secadv/20220315.txt
]]> 5:32 openssl, dompdf, gh0stcringe, rat, database, mysql, mssql, quakbot, cobalt strike, vnc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7922 Odd Behaviours; MFA Bypass; Kaspersky Warning; CaddyWiper; Fake AV; DNS Tunnel Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd Behaviours; MFA Bypass; Kaspersky Warning; CaddyWiper; Fake AV; DNS Tunnel https://traffic.libsyn.com/securitypodcast/7922.mp3 https://isc.sans.edu/podcastdetail/7922 Wed, 16 Mar 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/
Misconfigured Multi-Factor Authentication Abused
https://www.cisa.gov/uscert/ncas/alerts/aa22-074a
German Office of Information Security Warns Kaspersky Users
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html
Caddy Wiper Targeting Ukraine
https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/
Fake Antivirus Targeting Ukraine
https://twitter.com/malwrhunterteam/status/1502302718140035080
B1txor20 DNS Tunnel Backdoor
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
]]> 5:06 dns tunnel, antivirus, log4j, caddywiper, kaspersky, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7920 Apple Updates Everything; More Ukraine Scams; Curl on Windows; Veeam Vuln; netfilter priv esc; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates Everything; More Ukraine Scams; Curl on Windows; Veeam Vuln; netfilter priv esc; https://traffic.libsyn.com/securitypodcast/7920.mp3 https://isc.sans.edu/podcastdetail/7920 Tue, 15 Mar 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Apple+Updates+Everything+MacOS+123+XCode+133+tvOS+154+watchOS+85+iPadOS+154+and+more/28438/
Look Alike Accounts Used in Ukraine Dontation Scam Impersonating Olena Zelenska
https://isc.sans.edu/forums/diary/Look+Alike+Accounts+Used+in+Ukraine+Donation+Scam+impersonating+Olena+Zelenska/28440/
Curl on Windows
https://isc.sans.edu/forums/diary/Curl+on+Windows/28436/
Veeam Vulnerabilities
https://www.veeam.com/kb4288
Linux Netfilter Privilege Escalation
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
]]> 5:40 linux, netfilter, veeam, curl, scam, crypto, bitcoin, ethereum, privilege escalation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7918 WebSocket Malware; Telegram C&C Infostealer; USAHERDS Breach; YARA 4.2.0 Out Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WebSocket Malware; Telegram C&C Infostealer; USAHERDS Breach; YARA 4.2.0 Out https://traffic.libsyn.com/securitypodcast/7918.mp3 https://isc.sans.edu/podcastdetail/7918 Mon, 14 Mar 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/
Racoon Stealer leverages Telegram
https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/
USAHERDS Hack
https://www.wired.com/story/china-apt41-hacking-usaherds-log4j/
YARA 4.2.0 Released
https://isc.sans.edu/forums/diary/YARA+420+Released/28432/
]]> 5:27 yara, usaherds, racoon, info stealer, stealer, telegram, websockets, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7916 Credentials on Virustotal; GPS Problems; Russian CA; New Spectre; Package Manager Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Credentials on Virustotal; GPS Problems; Russian CA; New Spectre; Package Manager Vuln https://traffic.libsyn.com/securitypodcast/7916.mp3 https://isc.sans.edu/podcastdetail/7916 Fri, 11 Mar 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/
GPS Issues Around Finish Rusian Border
https://www.straitstimes.com/world/europe/finland-detects-gps-disturbance-near-russias-kaliningrad
Russia Considering Internal Certificate Authority
https://www.gosuslugi.ru/tls
https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/
New Spectre Variant
https://www.vusec.net/projects/bhi-spectre-bhb/
Package Manager Vulnerabilities (yarn, pip, composer...)
https://blog.sonarsource.com/securing-developer-tools-package-managers
]]> 5:32 yarn, pip, bower, composer, package manager, spectre, russia, certifiate authority, gps, credentials, virustotal, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7914 batch infostealer; Mitel DDoS; Pro Ukrainian Hacking Tools Malware; Hack .ru Govt Sites Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. batch infostealer; Mitel DDoS; Pro Ukrainian Hacking Tools Malware; Hack .ru Govt Sites https://traffic.libsyn.com/securitypodcast/7914.mp3 https://isc.sans.edu/podcastdetail/7914 Thu, 10 Mar 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/
TP240PhoneHome reflection/amplification DDoS Attack Vector
https://blog.cloudflare.com/cve-2022-26143/
Malware Disguises as Pro Ukrainian Cybertools
https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html#more
Russian Government Sites Hacked in Supply Chain Attack
https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/
Third Party Vulnerabilities in RUGGEDCOM ROS
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf
Adobe Bulletins
https://helpx.adobe.com/security/security-bulletin.html
]]> 6:15 adobe, siemens, ruggedcom, russian, government, supply chain, ukraine, malware, tp240phonehome, mitel, infostealer, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7912 Microsoft Patch Tuesday; @armissecurity APC UPS Vuln.; HP Firmware Bugs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; @armissecurity APC UPS Vuln.; HP Firmware Bugs https://traffic.libsyn.com/securitypodcast/7912.mp3 https://isc.sans.edu/podcastdetail/7912 Wed, 09 Mar 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/
Critical APC UPS Vulnerability
https://www.armis.com/research/tlstorm/
Vulnerabilities in Firmware Affecting HP Devices
https://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html
]]> 5:32 microsoft, patch tuesday, apc, ups, schneider, firmware, hp, uefi, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7910 Ukraine Scam Followup; Dirty Pipe; Firefox Update; Azure AutoWarp; Terramaster Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ukraine Scam Followup; Dirty Pipe; Firefox Update; Azure AutoWarp; Terramaster Vuln https://traffic.libsyn.com/securitypodcast/7910.mp3 https://isc.sans.edu/podcastdetail/7910 Mon, 07 Mar 2022 22:06:25 GMT https://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/
Dirty Pipe Linux Vulnerability
https://dirtypipe.cm4all.com
Mozilla Firefox and Thunderbird Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
Azure AutoWarp
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/
Terramaster TOS Vulnerability
https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
https://forum.terra-master.com/en/viewtopic.php?f=28&t=3030
]]> 5:46 terramaster, azure, autowarp, mozilla, firefox, thunderbird, dirty pipe, ukraine, scam, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7908 Ukraine Donation Scam; Cogent Disconnnects Russia; Russia DDoS Lists; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ukraine Donation Scam; Cogent Disconnnects Russia; Russia DDoS Lists; https://traffic.libsyn.com/securitypodcast/7908.mp3 https://isc.sans.edu/podcastdetail/7908 Mon, 07 Mar 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Scam+EMail+Impersonating+Red+Cross/28404/
Cogent Disconnects Russia
https://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-internet-cogent-cutoff/
Russia DDoS Lists
https://safe-surf.ru/upload/ALRT/proxies.txt
https://safe-surf.ru/upload/ALRT/referer_http_header.txt
NVidia Stolen Certificates
https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/
https://twitter.com/cyb3rops/status/1499514240008437762
GitLab Vulnerabilities
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/#unauthenticated-user-enumeration-on-graphql-api
Cisco Patches
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
]]> 6:44 cisco, expressway, gitlab, nvidia, certificates, russia, ukraine, ddos, certificates, red cross, scam, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7906 Odd OpenWRT Scan; Alexa Hacks Alexa; Google Cloud Armor Update; Ukraine Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd OpenWRT Scan; Alexa Hacks Alexa; Google Cloud Armor Update; Ukraine Updates https://traffic.libsyn.com/securitypodcast/7906.mp3 https://isc.sans.edu/podcastdetail/7906 Fri, 04 Mar 2022 02:00:01 GMT https://isc.sans.edu/diary/28400
Alexa Versus Alexa
https://arxiv.org/abs/2202.08619
Bypassing Google Cloud Armor
https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf
Ukraine Updates
https://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.html
https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/
https://www.bleepingcomputer.com/news/security/ukraine-says-local-govt-sites-hacked-to-push-fake-capitulation-news/
]]> 7:07 google, cloud armor, openwrt, satellite, ukraine, alexa, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7904 Recognizing Biased/Fake News; FortiMail Bug; IBM; Google Chrome; Conti Leak; Middlebox DDoS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Recognizing Biased/Fake News; FortiMail Bug; IBM; Google Chrome; Conti Leak; Middlebox DDoS https://traffic.libsyn.com/securitypodcast/7904.mp3 https://isc.sans.edu/podcastdetail/7904 Thu, 03 Mar 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/
Fortinet Bug
https://www.fortiguard.com/psirt/FG-IR-21-028
IBM Updates
https://www.ibm.com/blogs/psirt/
Google Updates
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
Conti Ransomware Leak
https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/
Middle Box DDoS Attacks
https://www.akamai.com/blog/security/tcp-middlebox-reflection
]]> 5:28 middle box, ddos, conti, ransomware, leak, google, chrome, ibm, fortinet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7902 Geoblocking; IsaacWiper; PJSIP Vulnerability; Octa Patch; ViaSat Outage Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Geoblocking; IsaacWiper; PJSIP Vulnerability; Octa Patch; ViaSat Outage https://traffic.libsyn.com/securitypodcast/7902.mp3 https://isc.sans.edu/podcastdetail/7902 Wed, 02 Mar 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
Memory Corruption Vulnerabilities in PJSIP
https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/
Octa Patch for Advanced Server Access Client
https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295
ViaSat Outage
https://www.reuters.com/business/aerospace-defense/satellite-firm-viasat-probes-suspected-cyberattack-ukraine-elsewhere-2022-02-28/
]]> 6:02 geoblocking, viasat, ukraine, octa, memory, pjsip, isaacwiper, hermetic wipter, isaac, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7900 PHP Update; Mozilla VPN Bug; Google Captcha Bypass; Samsung Encryption; Multiple IPs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PHP Update; Mozilla VPN Bug; Google Captcha Bypass; Samsung Encryption; Multiple IPs https://traffic.libsyn.com/securitypodcast/7900.mp3 https://isc.sans.edu/podcastdetail/7900 Tue, 01 Mar 2022 02:00:01 GMT https://nvd.nist.gov/vuln/detail/CVE-2021-21708
https://bugs.php.net/bug.php?id=81708
Mozilla VPN Local Privilege Escalation
https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/
Google Captcha Breaking
https://east-ee.com/2022/02/28/1367/
Samsung Encryption Vulnerability
https://eprint.iacr.org/2022/208.pdf
tshark Multiple IPs
https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/
]]> 6:46 tshark, samsung, google, captcha, recaptcha, php, filter, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7898 Ukraine Update; Static Windows IPs; Snort and NetWitness; NVidia Breach; Incomplete Win11 Reset Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ukraine Update; Static Windows IPs; Snort and NetWitness; NVidia Breach; Incomplete Win11 Reset https://traffic.libsyn.com/securitypodcast/7898.mp3 https://isc.sans.edu/podcastdetail/7898 Mon, 28 Feb 2022 02:00:02 GMT https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/
https://ddosecrets.com/wiki/Tetraedr
https://twitter.com/YourAnonOne/status/1496965766435926039
https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/
Odd Windows Behaviour with Fixed Addresses
https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/
Using Snort IDS Rules in NetWitness Packet Decoder
https://isc.sans.edu/forums/diary/Using+Snort+IDS+Rules+with+NetWitness+PacketDecoder/28382/
NVidia Breach
https://www.bloomberg.com/news/articles/2022-02-25/nvidia-is-investigating-cyber-attack-but-business-uninterrupted
Windows 11 Reset Not Removing All Data
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2783msgdesc
]]> 5:35 Windows 11, NVidia, snort, netwitness, fixed address, apipa, ukraine, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7896 Ukraine Update and Webcast; Zabbix Vulnerability; Asustore Deadbolt; MSFT App Store Electron Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ukraine Update and Webcast; Zabbix Vulnerability; Asustore Deadbolt; MSFT App Store Electron Malware https://traffic.libsyn.com/securitypodcast/7896.mp3 https://isc.sans.edu/podcastdetail/7896 Fri, 25 Feb 2022 02:00:01 GMT https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/

Other Ukraine Related Stories
https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/
https://detection.watchguard.com
Zabbix Vulnerablity Exploited
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog
https://support.zabbix.com/browse/ZBX-20350
Asustore Victim of Deadbolt Ransomware
https://forum.asustor.com/viewtopic.php?f=45&t=12630
Firepower Rule Update Failure After March 5th 2022
https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html?emailclick=CNSemail
Social Media Takeover Malware Distrubeted Via Microsoft App Store
https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
]]> 6:42 social media takeover, electron, microsoft, asustor, firepower, certificate, deadbolt, ukraine, wiper, zabbix, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7894 New Sandworm; Ukraine Wiper; Log4Shell Wrapup; pfsense authenticated RCE; BVP47 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New Sandworm; Ukraine Wiper; Log4Shell Wrapup; pfsense authenticated RCE; BVP47 https://traffic.libsyn.com/securitypodcast/7894.mp3 https://isc.sans.edu/podcastdetail/7894 Thu, 24 Feb 2022 03:15:01 GMT https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter
Wiper Malware Seen Deployed Against Targets in the Ukraine
https://twitter.com/juanandres_gs/status/1496581710368358400
https://twitter.com/ESETresearch/status/1496581903205511181
The Rise and Fall of log4shell
https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/
pfsense authenticated RCE
https://www.shielder.it/advisories/pfsense-remote-command-execution/
BVP47 Backdoor
https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf
]]> 6:58 nsa, equation group, pfsense, log4shell, log4j, ukraine, wiper, backdoor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7892 Old Vuln Still Used; Horde XSS Exploit; NoVNC Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Old Vuln Still Used; Horde XSS Exploit; NoVNC Phishing https://traffic.libsyn.com/securitypodcast/7892.mp3 https://isc.sans.edu/podcastdetail/7892 Wed, 23 Feb 2022 02:00:01 GMT https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/
Horde Webmail 5.2.22 - Account Takeover via Email
https://blog.sonarsource.com/horde-webmail-account-takeover-via-email
NoVNC Phishing
https://mrd0x.com/bypass-2fa-using-novnc/
]]> 6:30 novnc, phishing, horde, webmail, xss, equation editor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7890 Odd E-Mail Addresses; SMS Number Rental; Xenomorph Banking Trojan; Cryptbot; Magento Clarification Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd E-Mail Addresses; SMS Number Rental; Xenomorph Banking Trojan; Cryptbot; Magento Clarification https://traffic.libsyn.com/securitypodcast/7890.mp3 https://isc.sans.edu/podcastdetail/7890 Tue, 22 Feb 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/
SMS Phone-Verified Account Services
https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html
Xenomorph Android Banking Trojan
https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html
Modified CryptBot Infostealer Going After Crypto Wallets
https://asec.ahnlab.com/en/31802/
Clarification for Adobe Magento Vulnerabilties
https://helpx.adobe.com/security/products/magento/apsb22-12.html
]]> 5:55 magento, adobe, infostealer, cryptbot, xenomorph, android, sms, pve, email, ip address, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7888 Double Compressed; Cassandra Vuln.; Apple T2 Weakness; Snap Priv Escalation Weakness Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Double Compressed; Cassandra Vuln.; Apple T2 Weakness; Snap Priv Escalation Weakness https://traffic.libsyn.com/securitypodcast/7888.mp3 https://isc.sans.edu/podcastdetail/7888 Mon, 21 Feb 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/
Cassandra User-Defined Functions Remote Code Execution
https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/
Apple T2 Weakness
https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/
snap priviledge escalation
https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt
]]> 5:04 snap, ubuntu, apple, t2, cassandra, file vault, disk encryption, compression, remcos rat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7886 MSFT Teams Malware; Thunderbird Patch; Cisco DANE Vuln; GitHub Code Scanning Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Teams Malware; Thunderbird Patch; Cisco DANE Vuln; GitHub Code Scanning https://traffic.libsyn.com/securitypodcast/7886.mp3 https://isc.sans.edu/podcastdetail/7886 Fri, 18 Feb 2022 02:00:02 GMT https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations
Thunderbird Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/
Cisco Secure Email Gateway Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU
GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning
https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/
Exploit for Magento Vulnerability (CVE-2022-24086) Available
https://twitter.com/ptswarm/status/1494240197915123713
More Packet Fu With Zeek
https://isc.sans.edu/forums/diary/More+packet+fu+with+zeek/28350/
]]> 5:17 zeek, geolocation, github, cisco, email, thunderbird, magento, teams, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7884 Astaroth Infection; Atlassian Jira Updates; VMWare Updates; BEC via Virtual Meeting Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Astaroth Infection; Atlassian Jira Updates; VMWare Updates; BEC via Virtual Meeting https://traffic.libsyn.com/securitypodcast/7884.mp3 https://isc.sans.edu/podcastdetail/7884 Thu, 17 Feb 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/
Atlassian Jira Updates
https://jira.atlassian.com/browse/CONFSERVER-66550
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2022-0004.html
FBI Warns of BEC Using Virtual Meeting Platforms
https://www.ic3.gov/Media/Y2022/PSA220216
]]> 5:31 fbi, vmware, atlassian, jira, astaroth, guildma, docusign, bec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7882 Bot Breakdown; SquirrelWaffle; WD MyCloud; Nooie Baby Monitor; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Bot Breakdown; SquirrelWaffle; WD MyCloud; Nooie Baby Monitor; https://traffic.libsyn.com/securitypodcast/7882.mp3 https://isc.sans.edu/podcastdetail/7882 Wed, 16 Feb 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming
https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/
Details About Western Digital MyCloud Flaw
https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/
Nooie Baby Monitor Vulnerabilities
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-nooie-baby-monitor/
]]> 5:42 nooie, baby monitor, westerdan digital, mycloud, squirrelwaffle, exchange server, malspam, bec, bots, email, server, brute force, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7880 TLS Hello; Magento 0-Day; BigSur/Catalina Mystery Update; MSFT Defender and MacOS Issues; Google Chrome; Moxa MXView Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TLS Hello; Magento 0-Day; BigSur/Catalina Mystery Update; MSFT Defender and MacOS Issues; Google Chrome; Moxa MXView https://traffic.libsyn.com/securitypodcast/7880.mp3 https://isc.sans.edu/podcastdetail/7880 Tue, 15 Feb 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/
Magento 2 Critical Vulnerability
https://sansec.io/research/magento-2-cve-2022-24086
BigSur/Catalina Mystery Update
https://support.apple.com/en-us/HT201222
MacOS Monterey Patch and Microsoft Defender
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793
Google Chrome 0-Day Fixed
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
Moxa MXview Vulnerabilities and Patch
https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/
]]> 5:40 moxa, mxview, google, chrome, apple, bigsur, catalina, monterey, msft defender, tls, hello, magento, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7878 CinaRAT via HTML IDs; Protecting LSASS; Blocking Facebook Credential Exposure Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CinaRAT via HTML IDs; Protecting LSASS; Blocking Facebook Credential Exposure https://traffic.libsyn.com/securitypodcast/7878.mp3 https://isc.sans.edu/podcastdetail/7878 Mon, 14 Feb 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/
Windows Defender ASR Blocks LSASS Credential Stealing
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem
Brave Blocking Credential Leaking Extension
https://www.theregister.com/2022/02/12/facebook_god_mode/
Project Zero Summary of Zero Day Bugs
https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
]]> 5:03 google project zero, bugs, fixes, brave, chrome, extensions, facebook, windows, defender, ASR, LSASS, mimikatz, cinarat, html, id, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7876 WebKit 0-Day Patch; Zyxel NAS Exploit; WMIC Removal; Zoom Mac Microphone; Planted Evidence Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WebKit 0-Day Patch; Zyxel NAS Exploit; WMIC Removal; Zoom Mac Microphone; Planted Evidence https://traffic.libsyn.com/securitypodcast/7876.mp3 https://isc.sans.edu/podcastdetail/7876 Fri, 11 Feb 2022 02:00:02 GMT https://support.apple.com/en-us/HT213091
Zyxel Network Storage Devics Hunted By Mirai Variant
https://isc.sans.edu/forums/diary/Zyxel+Network+Storage+Devices+Hunted+By+Mirai+Variant/28324/
WMIC Removal
https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-deprecated-features
Zoom Uses Microphone after Meeting is Over
https://community.zoom.com/t5/Meetings/Why-is-the-Zoom-app-listening-on-my-microphone-when-not-in-a/td-p/29019
Evidence Planted to Implicate Innocent Activists
https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
]]> 6:02 planted evidence, zoom, microphone, wmic, zyxal, nas, apple, ios, macos, ipados, safari, webkit, 0day, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7874 Cobalt Strike via Emotet; Adobe Patches; Intel Updates; MageCart via Magento Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cobalt Strike via Emotet; Adobe Patches; Intel Updates; MageCart via Magento https://traffic.libsyn.com/securitypodcast/7874.mp3 https://isc.sans.edu/podcastdetail/7874 Thu, 10 Feb 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Intel Updates
https://www.intel.com/content/www/us/en/security-center/default.html
NaturalFreshMall: A Mass Store Attack
https://sansec.io/research/naturalfreshmall-mass-hack
]]> 6:23 magecart, javascript, skimmer, intel, adobe, patches, cobalt strike, emotet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7872 MSFT Patch Tuesday; Google vs Cryptominers; Android Patches; SAP Patches; #Podcast Anniversary #podcastaniversary Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Tuesday; Google vs Cryptominers; Android Patches; SAP Patches; #Podcast Anniversary #podcastaniversary https://traffic.libsyn.com/securitypodcast/7872.mp3 https://isc.sans.edu/podcastdetail/7872 Wed, 09 Feb 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Microsoft+February+2022+Patch+Tuesday/28316/
Google Cloud Virtual Machine Threat Detection
https://cloud.google.com/security-command-center/docs/concepts-vm-threat-detection-overview
Android Patches
https://source.android.com/security/bulletin/2022-02-01
SAP Patches
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022
Podcast 13 Year Anniversary
https://isc.sans.edu/podcastdetail.html?id=25]]> 5:46 podcast, aniversary, sap, android, microsoft, patches, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7870 Distributed Web Phish; MSFT vs. VBA; Acronis Update; Lockbit 2 IoCs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Distributed Web Phish; MSFT vs. VBA; Acronis Update; Lockbit 2 IoCs https://traffic.libsyn.com/securitypodcast/7870.mp3 https://isc.sans.edu/podcastdetail/7870 Tue, 08 Feb 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/web3+phishing+via+selfcustomizing+landing+pages/28312/
MSFT Blocking Office VBA Malcros
https://www.theverge.com/2022/2/7/22922032/microsoft-block-office-vba-macros-default-change
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
Acronis True Image Update
https://security-advisory.acronis.com/updates/UPD-2201-f76f-838c
Lockbit 2 IoCs
https://www.ic3.gov/Media/News/2022/220204.pdf
]]> 5:41 lockbit, ransomware, acronic, msft, microsoft, vba, web3, distrubted web, skynet, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7868 Tax Phishing; IRS and ID.me; Argo CD Patch; PoE and Thermals Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Tax Phishing; IRS and ID.me; Argo CD Patch; PoE and Thermals https://traffic.libsyn.com/securitypodcast/7868.mp3 https://isc.sans.edu/podcastdetail/7868 Mon, 07 Feb 2022 02:00:01 GMT https://security.intuit.com/security-notices
IRS working with ID.me
https://www.irs.gov/newsroom/new-identity-verification-process-to-access-certain-irs-online-tools-and-services
Argo CD Vulnerability
https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/
https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7
Thermal Imaging of PoE Devices
https://isc.sans.edu/forums/diary/Power+over+Ethernet+and+Thermal+Imaging/28308/
]]> 6:16 thermal, ir, poe, argo, cd, irs, id.me, intuit, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7866 Attack Surface Detection; MFA News; #Zimbra 0Day; #Cisco RV Series Routers; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Attack Surface Detection; MFA News; #Zimbra 0Day; #Cisco RV Series Routers; https://traffic.libsyn.com/securitypodcast/7866.mp3 https://isc.sans.edu/podcastdetail/7866 Fri, 04 Feb 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Keeping+Track+of+Your+Attack+Surface+for+Cheap/28304/
MFA News
https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my
https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1.pdf
Zimbra Webmail 0-Day Exploited
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
Cisco RV Series Routers Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
]]> 5:20 cisco, zimbra, webmail, rv series, phishing, MFA, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7864 Finding elFinder; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Finding elFinder; https://traffic.libsyn.com/securitypodcast/7864.mp3 https://isc.sans.edu/podcastdetail/7864 Thu, 03 Feb 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/
IBM Spectrum Protect Plus Container Backup Vulnerabilities
https://www.ibm.com/support/pages/node/6540860
https://www.ibm.com/support/pages/node/6552188
Microsoft Update Connectivity
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356
UEFI Bios Vulnerabilities
https://www.insyde.com/security-pledge
]]> 5:31 uefi, microsoft, updates, elfinder, php, file upload, IBM, spectrum protect, backup, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7862 Windows Priv Esc PoC; Web GPU Fingerprint; Automation Limits; Fake Job Ads; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows Priv Esc PoC; Web GPU Fingerprint; Automation Limits; Fake Job Ads; https://traffic.libsyn.com/securitypodcast/7862.mp3 https://isc.sans.edu/podcastdetail/7862 Wed, 02 Feb 2022 02:00:02 GMT https://github.com/KaLendsi/CVE-2022-21882
Fingerprinting Devices Via GPU
https://arxiv.org/pdf/2201.09956.pdf
SolarMarker Campaign used novel registry changes to establish persistence
https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/
Fake Job Ads
https://www.ic3.gov/Media/Y2022/PSA220201
Automation is Nice But Don't Replace Your Knowledge
https://isc.sans.edu/forums/diary/Automation+is+Nice+But+Dont+Replace+Your+Knowledge/28296/
]]> 5:59 automation, ssh, fake job ads, solarmarker, registry, gpu, priv escalation, poc, windows, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7860 RPMSG Phishing; QNAP Auto Update; Samba Vuln; Datacenter Managment Exposed; XML Parser Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RPMSG Phishing; QNAP Auto Update; Samba Vuln; Datacenter Managment Exposed; XML Parser Vuln https://traffic.libsyn.com/securitypodcast/7860.mp3 https://isc.sans.edu/podcastdetail/7860 Tue, 01 Feb 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/
QNAP Auto Update Clarification
https://www.qnap.com/en/security-news/2022/descriptions-and-explanations-of-the-qts-quts-hero-recommended-version-feature
Samba Vulnerability
https://kb.cert.org/vuls/id/119678
Exposed Datacenter Management
https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/
Expat Vulnerability
https://github.com/libexpat/libexpat/blob/master/expat/Changes
]]> 5:18 expat, datacenter, samba, rpmsg, phishing, qnap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7858 ISO inside HTML; YARA Console Module; Phishing Device Registration Trick; QNAP Forced Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ISO inside HTML; YARA Console Module; Phishing Device Registration Trick; QNAP Forced Patch https://traffic.libsyn.com/securitypodcast/7858.mp3 https://isc.sans.edu/podcastdetail/7858 Mon, 31 Jan 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Malicious+ISO+Embedded+in+an+HTML+Page/28282/
YARA Console Module
https://isc.sans.edu/forums/diary/YARAs+Console+Module/28288/
Attackers Attaching Devices to Azure AD
https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/
QNAP Forced Updates
https://www.reddit.com/r/qnap/comments/sdsf02/i_just_suffered_what_i_believe_to_be_a_forced/huhfmjc/
]]> 6:12 qnap, deadbolt, ransomware, azure, ad, devices, phishing, microsoft, yara, iso, html, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7856 Apple Bug Details; Little Snitch Bypass; DazzleSpy Malware; Intelligent Phishing Exercises; @sans_edu; @geoff_Dr Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Bug Details; Little Snitch Bypass; DazzleSpy Malware; Intelligent Phishing Exercises; @sans_edu; @geoff_Dr https://traffic.libsyn.com/securitypodcast/7856.mp3 https://isc.sans.edu/podcastdetail/7856 Fri, 28 Jan 2022 02:00:01 GMT https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/
https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28280/
Little Snitch Firewall Bypass
https://rhinosecuritylabs.com/network-security/bypassing-little-snitch-firewall/
DazzleSpy Malware
https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
Geoffrey Parker: Building an Intelligent, Automated Tiered Phishing System
https://www.sans.edu/cyber-research/building-an-intelligent-automated-tiered-phishing-system-matching-the-message-level-to-user-ability/
]]> 16:00 phishing, dazzlespy, sans.edu, little snitch, cve-2022-22583, apple, macos, sip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7854 Lights Out for iLO; Apple Updates Everything; Let's Encrypt Fixes; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Lights Out for iLO; Apple Updates Everything; Let's Encrypt Fixes; https://traffic.libsyn.com/securitypodcast/7854.mp3 https://isc.sans.edu/podcastdetail/7854 Thu, 27 Jan 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Over+20+thousand+servers+have+their+iLO+interfaces+exposed+to+the+internet+many+with+outdated+and+vulnerable+versions+of+FW/28276/
Apple Patches and Exploits
https://support.apple.com/en-us/HT201222
https://www.ryanpickren.com/safari-uxss
Let's Encrypt Fixes Problems and Revoces Certificates
https://community.letsencrypt.org/t/changes-to-tls-alpn-01-challenge-validation/170427

]]> 6:22 lets encrypt, challenge, certificates, apple, patches, exploits, webcam, indexdb, ilo, hp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7852 Polkit Priv Esc. Vuln; Emotet Stops 0.0.0.0; log4j VMWare Exploits Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Polkit Priv Esc. Vuln; Emotet Stops 0.0.0.0; log4j VMWare Exploits https://traffic.libsyn.com/securitypodcast/7852.mp3 https://isc.sans.edu/podcastdetail/7852 Wed, 26 Jan 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Local+privilege+escalation+vulnerability+in+polkits+pkexec+CVE20214034/28272/
Emotet Stops Using 0.0.0.0 in Spambot Traffic
https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/
VMWare Warns of Log4j Exploitation
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
https://www.cynet.com/attack-techniques-hands-on/threats-looming-over-the-horizon/
]]> 5:17 vmware, horizon, emotet, spambot, polkit, pkexec, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7850 UEFI Malware; Sonicwall Exploit; Dell EMC AppSync Vuln; Leaked Twitter Keys Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. UEFI Malware; Sonicwall Exploit; Dell EMC AppSync Vuln; Leaked Twitter Keys https://traffic.libsyn.com/securitypodcast/7850.mp3 https://isc.sans.edu/podcastdetail/7850 Tue, 25 Jan 2022 02:00:01 GMT https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
Exploit of Sonicwall CVE-2021-20038
https://twitter.com/buffaloverflow/status/1485671824725786633
Dell EMC AppSync Vulnerability
https://www.dell.com/support/kbdoc/de-de/000195377/dsa-2022-003-dell-emc-appsync-security-update-for-multiple-vulnerabilities
Twitter API Keys Leaked in GitHub
https://incognitatech.medium.com/using-twitter-to-notify-careless-developers-the-unorthodox-way-d71478ad367a
]]> 6:08 twitter, api keys, github, dell, emc, appsync, uefi, moonbound, sonicwall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7848 Wininet.dll Feature; Excel "Real Estate" attack; F5 Patches; McAfee Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Wininet.dll Feature; Excel "Real Estate" attack; F5 Patches; McAfee Vuln; https://traffic.libsyn.com/securitypodcast/7848.mp3 https://isc.sans.edu/podcastdetail/7848 Mon, 24 Jan 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Obscure+Wininetdll+Feature/28262/
Mixed VBA and Excel 4 Macro in Targeted Excel Sheet
https://isc.sans.edu/forums/diary/Mixed+VBA+Excel4+Macro+In+a+Targeted+Excel+Sheet/28264/
https://techcommunity.microsoft.com/t5/excel-blog/excel-4-0-xlm-macros-now-restricted-by-default-for-customer/ba-p/3057905
F5 January 2022 Patches
https://support.f5.com/csp/article/K40084114
McAfee Privilege Escalation
https://kc.mcafee.com/corporate/index?page=content&id=SB10378
]]> 6:12 mcafee, f5, vba, excel, macro, wininet.dll, hsts, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7846 RedLine Stealer; Google QR Code Bug; Linux Kernel Bug; Crypto.com 2FA Bypass; Windows GPOs to Avoid Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RedLine Stealer; Google QR Code Bug; Linux Kernel Bug; Crypto.com 2FA Bypass; Windows GPOs to Avoid https://traffic.libsyn.com/securitypodcast/7846.mp3 https://isc.sans.edu/podcastdetail/7846 Fri, 21 Jan 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/
Google Camera Alters QR Codes
https://www.heise.de/hintergrund/Googles-Kamera-verfaelscht-Links-in-QR-Codes-6332669.html
https://www.androidpolice.com/google-camera-randomly-changes-some-qr-code-urls-on-android-12/
Linux Kernel Privilege Escalation / Container Escape
https://seclists.org/oss-sec/2022/q1/54
https://access.redhat.com/security/cve/cve-2022-0185
Crypto.com 2FA Bypass
https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/
Windows Policies to Avoid
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178
]]> 6:14 windows, group policies, crypto.com, 2FA, MFA, Linux, kernel, camera, qr code, google ftp, redline, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7844 0.0.0.0 and Emotet; WebKit Patch; acer Care Center; Serv-U Patch; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 0.0.0.0 and Emotet; WebKit Patch; acer Care Center; Serv-U Patch; https://traffic.libsyn.com/securitypodcast/7844.mp3 https://isc.sans.edu/podcastdetail/7844 Thu, 20 Jan 2022 02:25:02 GMT https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/
Linux Patch to Make 0.0.0.0/8 Routable
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96125bf9985a
WebKit Patch for Cross Origin Database Name Leak
https://trac.webkit.org/changeset/288078/webkit
ACER Care Center Privilege Escalation
https://aptw.tf/2022/01/20/acer-care-center-privesc.html
Imporper Input Validation Vulnerability in Serv-U
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
]]> 6:13 serv-u, asus, webkit, acer, linux, emotet, spambot, 0.0.0.0, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7842 Phishing with Ads; Virustotal Hacking; Oracle Patches; Box MFA Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phishing with Ads; Virustotal Hacking; Oracle Patches; Box MFA Bypass https://traffic.libsyn.com/securitypodcast/7842.mp3 https://isc.sans.edu/podcastdetail/7842 Wed, 19 Jan 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/
Virustotal Credential
https://www.safebreach.com/blog/2022/the-perfect-cyber-crime/
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2022.html
Box MFA Bypass
https://www.varonis.com/blog/box-mfa-bypass-sms
]]> 5:30 box, mfa, oracle, virustotal, phishing, advertisement, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7840 Smarter Log4Shell; Special MSFT Update; Cisco CCMP Patch; Zoho Patch; Google Chrome Private Network Restriction Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Smarter Log4Shell; Special MSFT Update; Cisco CCMP Patch; Zoho Patch; Google Chrome Private Network Restriction https://traffic.libsyn.com/securitypodcast/7840.mp3 https://isc.sans.edu/podcastdetail/7840 Tue, 18 Jan 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/
Microsoft Releases Special Update to Deal with January Update Fail
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/
Cisco Unified Contact Center Management Portal and Unifed Contact Center Domain Manager Privilege Escalation Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4
Zoho Critical Security Patch Released in Desktop Central and Desktop Central MSP
https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022
Google Chrome Restricting Private Network Access
https://developer.chrome.com/blog/private-network-access-preflight/
]]> 5:26 chrome, private networks, pna, preflight, zoho, desktop central, cisco, CCMP, microsoft, patches, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7838 NTFS Alt. Data Streams; MSFT Resumes Windows Updates; Safari IndexDB Leak; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NTFS Alt. Data Streams; MSFT Resumes Windows Updates; Safari IndexDB Leak; https://traffic.libsyn.com/securitypodcast/7838.mp3 https://isc.sans.edu/podcastdetail/7838 Mon, 17 Jan 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/
Microsoft Resumes Windows Server 2019 Cumulative Updates
https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/
Safari Index DB Leak
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
]]> 5:17 safari, indexdb, microsoft, windows server, 2019, updates, ads, ntfs, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7836 MSFT Patch Issues; Jenkins Advisory; Qakbot Decryptor; Android 2G Disable; MSFT Defender Weakness Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Issues; Jenkins Advisory; Qakbot Decryptor; Android 2G Disable; MSFT Defender Weakness https://traffic.libsyn.com/securitypodcast/7836.mp3 https://isc.sans.edu/podcastdetail/7836 Fri, 14 Jan 2022 02:00:02 GMT https://borncity.com/win/2022/01/12/patchday-windows-8-1-server-2012-r2-updates-11-januar-2022-mgliche-boot-probleme/
https://support.microsoft.com/en-us/topic/january-11-2022-kb5009624-monthly-rollup-23f4910b-6bdd-475c-bb4d-c0e961aff0bc
https://support.microsoft.com/en-us/topic/january-11-2022-kb5009595-security-only-update-060870c2-ad08-40e5-b000-a9f6d40c0831
Jenkins Security Advisory 2022-01-1
https://www.jenkins.io/security/advisory/2022-01-12/
Qakbot Configuration Decryptor
https://github.com/drole/qakbot-registry-decrypt
Android allows Disabling 2G
https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/
Weakness in Microsoft Defender
https://twitter.com/splinter_code/status/1481073265380581381
]]> 5:31 microsoft defender, adnroid, 2g, quakbot, jenkins, microsoft, updates, reboot, hyper-v, uefi, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7834 CVE-2020-21907 http.sys update; SonicWall Vuln Details; iOS/iPadOS Update; RDP Vuln Details; RATs vs Cloud Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CVE-2020-21907 http.sys update; SonicWall Vuln Details; iOS/iPadOS Update; RDP Vuln Details; RATs vs Cloud https://traffic.libsyn.com/securitypodcast/7834.mp3 https://isc.sans.edu/podcastdetail/7834 Thu, 13 Jan 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234/
Details Released Regarding Patched Sonicwall Vulnerabilities
https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/
iOS/iPad OS Fixing HomeKit Vulnerability / Private Relay issues
https://support.apple.com/en-us/HT201222
https://www.macrumors.com/2022/01/12/apple-icloud-private-relay-ios-15-2/
Atticking RDP From Inside
https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
Nanocore, Netwire and AsyncRAT Spreading Campaign Uses Public Cloud Infrastructre
https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
]]> 5:31 nanocore, netwire, asyncrat, duckdns, rdp, ios, ipados, cve-2022-219-7, http.sys, homekit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7832 MSFT Patch Tuesday (#wormable #http.sys vuln); Adobe Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Tuesday (#wormable #http.sys vuln); Adobe Updates https://traffic.libsyn.com/securitypodcast/7832.mp3 https://isc.sans.edu/podcastdetail/7832 Wed, 12 Jan 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/
Adobe Updates
https://helpx.adobe.com/security.html
]]> 6:32 microsoft, patch tuesday, wormable, http.sys, adobe, reader, acrobat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7830 macOS "powerdir" vuln; URL Parser Vulns; npm libs sabotaged Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. macOS "powerdir" vuln; URL Parser Vulns; npm libs sabotaged https://traffic.libsyn.com/securitypodcast/7830.mp3 https://isc.sans.edu/podcastdetail/7830 Tue, 11 Jan 2022 02:00:01 GMT https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access
Exploiting URL Parsers
https://claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf
NPM libs "colors" and "faker" sabotaged by developer
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
]]> 5:39 npm, colors, faker, url parsers, macos, powerdir, tcc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7828 Cobalt Strike via MSBuild; H2 JNDI Vuln; Trojanized dnSpy; Fin7 BadUSB Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cobalt Strike via MSBuild; H2 JNDI Vuln; Trojanized dnSpy; Fin7 BadUSB https://traffic.libsyn.com/securitypodcast/7828.mp3 https://isc.sans.edu/podcastdetail/7828 Mon, 10 Jan 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/
The JNDI Strikes Back: Unauthenticated RCE in H2 Database Console
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
Trojanized dnSpy app drops malware cocktail
https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/
FIN7 Attackers Sending Malicious USB Sticks
https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/
]]> 5:31 fin7, usb, badusb, rubberducky, dnspy, malware, cryptowallet, jndi, h2, database, cobalt stike, msbuild, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7826 Malware Targeting Chinese; Google Docs Comment Abuse; Google Voice Auth Scam Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Targeting Chinese; Google Docs Comment Abuse; Google Voice Auth Scam https://traffic.libsyn.com/securitypodcast/7826.mp3 https://isc.sans.edu/podcastdetail/7826 Fri, 07 Jan 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Malicious+Python+Script+Targeting+Chinese+People/28220/
Google Docs Comment Exploit Allows for Distribution of Phishing and Malware
https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware
Google Voice Authentication Scams
https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-against-google-voice-authentication-scams
Norton Crypto Miner
https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx
]]> 5:28 python, china, chinese, google, docs, comments, phshing, voice, norton, miner, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7824 Malware Code Reuse; ZLoader Exploiting Signature Bug; VMWare CD-Rom Vuln; Honda Y2K22 Bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Code Reuse; ZLoader Exploiting Signature Bug; VMWare CD-Rom Vuln; Honda Y2K22 Bug https://traffic.libsyn.com/securitypodcast/7824.mp3 https://isc.sans.edu/podcastdetail/7824 Thu, 06 Jan 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/Code+Reuse+In+the+Malware+Landscape/28216/
ZLoader Campaign Exploiting Signature Verification Bug
https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/
VMWare Virtual CD-Rom Vulnerability
https://www.vmware.com/security/advisories/VMSA-2022-0001.html
Honda Y2k22 Bug
https://www.bleepingcomputer.com/news/technology/honda-acura-cars-hit-by-y2k22-bug-that-rolls-back-clocks-to-2002/
]]> 5:29 honda, y2k22, malware, code reuse, zloader, signatures, vmware, cd-rom, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7822 BlockInput; Windows Server RDP Patch; Malicious Telegram Installer; Web Skimmer vs. Real Estate Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BlockInput; Windows Server RDP Patch; Malicious Telegram Installer; Web Skimmer vs. Real Estate https://traffic.libsyn.com/securitypodcast/7822.mp3 https://isc.sans.edu/podcastdetail/7822 Wed, 05 Jan 2022 02:05:01 GMT https://isc.sans.edu/forums/diary/A+Simple+Batch+File+That+Blocks+People/28212/
Windows Server Remote Desktop Emergency Update
https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#2772
Malicious Telegram Installer Includes Purple Fox Rootkit
https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit
Web Skimmer Campaign Targets Real Estate Websites
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
]]> 5:20 web skimmer, telegram, windows server, blockinput, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7820 Fake AV Phish; Trend Micro Bug; E-Commerce Bots; iOS Homekit DoS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake AV Phish; Trend Micro Bug; E-Commerce Bots; iOS Homekit DoS https://traffic.libsyn.com/securitypodcast/7820.mp3 https://isc.sans.edu/podcastdetail/7820 Tue, 04 Jan 2022 02:00:02 GMT https://isc.sans.edu/forums/diary/McAfee+Phishing+Campaign+with+a+Nice+Fake+Scan/28208/
Trend Micro Apex One Patch
https://success.trendmicro.com/solution/000289996
E-commerce Bots Using Cheap Domain Registration Services
https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/
iOS Homekit DoS Vulnerability
https://trevorspiniolas.com/doorlock/doorlock.html
]]> 5:38 ios, homekit, dos, trend micro, apex, ecommerce, bots, mcafee, phish, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7818 Exchange Server Y2k+22; Agent Tesla Updates; SSD Firmware Tampering; iLO Bleed; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exchange Server Y2k+22; Agent Tesla Updates; SSD Firmware Tampering; iLO Bleed; https://traffic.libsyn.com/securitypodcast/7818.mp3 https://isc.sans.edu/podcastdetail/7818 Mon, 03 Jan 2022 02:00:01 GMT https://isc.sans.edu/forums/diary/Exchange+Server+Email+Trapped+in+Transport+Queues/28204/
https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447
Agent Tesla Updates
https://isc.sans.edu/forums/diary/Agent+Tesla+Updates+SMTP+Data+Exfiltration+Technique/28190/
https://isc.sans.edu/forums/diary/Do+you+want+your+Agent+Tesla+in+the+300+MB+or+8+kB+package/28202/
Forensics Issues and Techniques to Improve Security in SSD with Flex Capacity Feature
https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf
iLO Bleed Attack
https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
]]> 7:35 exchange, agent tesla, forensics, ssd, flex capacity, ilo bleed, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7816 Log4j Summary; MSFT Defender Log4j False Pos; T-Mobile SIM Swapping; Fisher Price Phone Flaw Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Log4j Summary; MSFT Defender Log4j False Pos; T-Mobile SIM Swapping; Fisher Price Phone Flaw https://traffic.libsyn.com/securitypodcast/7816.mp3 https://isc.sans.edu/podcastdetail/7816 Thu, 30 Dec 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Log4j+2+Security+Vulnerabilities+Update+Guide/28188/
Microsoft Defender Log4j False Positives
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-log4j-scanner-triggers-false-positive-alerts/
T-Mobile SIM Swapping Alerts
https://www.bleepingcomputer.com/news/security/t-mobile-says-new-data-breach-caused-by-sim-swap-attacks/
Fisher Price Bluetooth Phone Privcy Flaw
https://www.pentestpartners.com/security-blog/audio-bugging-with-the-fisher-price-chatter-bluetooth-telephone/
]]> 4:10 fisher price, bluetooth, t-mobile, sim swapping, log4j, microsoft, defender, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7814 One More #Log4j Vuln; LotL Classifiers; LastPass Credentials Stuffing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. One More #Log4j Vuln; LotL Classifiers; LastPass Credentials Stuffing https://traffic.libsyn.com/securitypodcast/7814.mp3 https://isc.sans.edu/podcastdetail/7814 Wed, 29 Dec 2021 02:00:02 GMT https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832
LotL Classifiers
https://isc.sans.edu/forums/diary/LotL+Classifier+tests+for+shells+exfil+and+miners/28184/
LastPass Credential Stuffing
https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/
]]> 4:54 log4j, log4shell, lastpass, lotl, lolbins, cve-2021-44832, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7812 Cobaltstrike via MSBuild; Bypassing MacOS Gatekeeper; Spider-Miner Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cobaltstrike via MSBuild; Bypassing MacOS Gatekeeper; Spider-Miner https://traffic.libsyn.com/securitypodcast/7812.mp3 https://isc.sans.edu/podcastdetail/7812 Tue, 28 Dec 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Attackers+are+abusing+MSBuild+to+evade+defenses+and+implant+Cobalt+Strike+beacons/28180/
Bypassing File Quarantine, Gatekeeper and Notarization Requirements
https://objective-see.com/blog/blog_0x6A.html
Spider-Miner: Trojanized Version of Spiderman No Way Home
https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/
]]> 4:41 spider man, miner, monero, macos, notarization, gatekeeper, quarantine, MSBuild, Cobalt Strike, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7810 #log4j/#log4shell and IMDS + more Crypto Miners; MSFT Vuln/Malicious Driver Reporting; Azure Source Code Leak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #log4j/#log4shell and IMDS + more Crypto Miners; MSFT Vuln/Malicious Driver Reporting; Azure Source Code Leak https://traffic.libsyn.com/securitypodcast/7810.mp3 https://isc.sans.edu/podcastdetail/7810 Mon, 27 Dec 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/log4shell+and+cloud+provider+internal+meta+data+services+IMDS/28168/
https://isc.sans.edu/forums/diary/Defending+Cloud+IMDS+Against+log4shell+and+more/28170/
Log4j/Log4Shell Pushing Crypto Miner
https://isc.sans.edu/forums/diary/Example+of+how+attackers+are+trying+to+push+crypto+miners+via+Log4Shell/28172/
Microsoft Vulnerable and Malicious Driver Reporting Center
https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/
Azure Source Code Leak
https://blog.wiz.io/azure-app-service-source-code-leak/
]]> 5:46 azure, app service, microsoft, drivers, log4j, log4shell, miner, imds, meta data services, aws, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7808 Forensics Challenge Solution; CAB-less 40444; COVID Home Test Weakness Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Forensics Challenge Solution; CAB-less 40444; COVID Home Test Weakness https://traffic.libsyn.com/securitypodcast/7808.mp3 https://isc.sans.edu/podcastdetail/7808 Thu, 23 Dec 2021 03:40:02 GMT https://isc.sans.edu/forums/diary/December+2021+Forensic+Contest+Answers+and+Analysis/28160/
CAB-less 40444
https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/
Ellume COVID Home Test Weakness
https://github.com/FSecureLABS/Ellume-COVID-Test_Research-Files
]]> 4:00 covid, ellume, cab-less, cve-2021-40444, forensic challenge, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7806 More Undetectes PS Droppers; Apache Patches; Auerswald PBX Backdoor; Garrett Metal Detectors Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Undetectes PS Droppers; Apache Patches; Auerswald PBX Backdoor; Garrett Metal Detectors https://traffic.libsyn.com/securitypodcast/7806.mp3 https://isc.sans.edu/podcastdetail/7806 Wed, 22 Dec 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/More+Undetected+PowerShell+Dropper/28158/
Apache Patches
https://httpd.apache.org/security/vulnerabilities_24.html
Auerswald COMpact Multiple Backdoors
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/-auerswald-compact-multiple-backdoors
Vulnerabilities in Garrett Metal Detectors
https://blog.talosintelligence.com/2021/12/vuln-spotlight-garrett-metal-detector.html#more
]]> 4:59 garrett, metal detectors, auerswald, pbxs, dropper, powershell, antivirus, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7804 Agent Tesla Code Reuse; VMWare Workspace ONE; KNXlock Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Agent Tesla Code Reuse; VMWare Workspace ONE; KNXlock https://traffic.libsyn.com/securitypodcast/7804.mp3 https://isc.sans.edu/podcastdetail/7804 Tue, 21 Dec 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/
VMWare Workspace ONE Patch / log4j status
https://www.vmware.com/security/advisories.html
Attacks Against Building Automation
https://limessecurity.com/en/knxlock/
]]> 5:55 knxlock, building automation, knx, vmware, powerpoint, tesla, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7802 Automating Public DNS Changes; Office 2021 VPA Version; More #Log4j/Log4Shell fun Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Automating Public DNS Changes; Office 2021 VPA Version; More #Log4j/Log4Shell fun https://traffic.libsyn.com/securitypodcast/7802.mp3 https://isc.sans.edu/podcastdetail/7802 Mon, 20 Dec 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/DR+Automation+Using+Public+DNS+APIs/28146/
Office 2021: VBA Project Version
https://isc.sans.edu/forums/diary/Office+2021+VBA+Project+Version/28150/
Log4j Updates
https://www.blumira.com/analysis-log4shell-local-trigger/
https://logging.apache.org/log4j/2.x/security.html
]]> 6:31 log4j, log4shell, office 2021, vba versions, disaster recovery, dns, dr, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7800 Contact Form Campaigns; BT vs. WiFi; Lenovo IMController; Log4j update #log4j #log4shell #lenovo Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Contact Form Campaigns; BT vs. WiFi; Lenovo IMController; Log4j update #log4j #log4shell #lenovo https://traffic.libsyn.com/securitypodcast/7800.mp3 https://isc.sans.edu/podcastdetail/7800 Fri, 17 Dec 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/
Bluetooth Used to Extract WiFi Secrets
https://arxiv.org/pdf/2112.05719.pdf
Lenovo Privilege Escalation Vulnerability
https://support.lenovo.com/cy/en/product_security/len-75210
https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/
Log4j Updates
https://github.com/cisagov/log4j-affected-db
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
https://twitter.com/sans_isc/status/1471611522694717445

]]> 7:42 log4j, lenovo, xml, imcontroller, bluetooth, wifi, coexistance, contact forms, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7798 Undetected Powershell Backdoor; Adobe Update; RDP Client Deserialization Vuln; webkit vs PS4 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Undetected Powershell Backdoor; Adobe Update; RDP Client Deserialization Vuln; webkit vs PS4 https://traffic.libsyn.com/securitypodcast/7798.mp3 https://isc.sans.edu/podcastdetail/7798 Thu, 16 Dec 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Simple+but+Undetected+PowerShell+Backdoor/28138/
Adobe Security Updates
https://helpx.adobe.com/security.html
Remote Deserialization Bug in Microsoft RDP Client Through Smart Card Extension
https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/
Webkit Bug Exploitable in PS4
https://arstechnica.com/gaming/2021/12/new-ps4-homebrew-exploit-points-to-similar-ps5-hacks-to-come/
]]> 5:45 ps4, webkit, rdp, client, adobe, deserialization, powershell, backdoor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7796 Microsoft Patches; Log4j Updates; Log4j Scanner/Patcher; Apple Updates #log4j $log4shell Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Log4j Updates; Log4j Scanner/Patcher; Apple Updates #log4j $log4shell https://traffic.libsyn.com/securitypodcast/7796.mp3 https://isc.sans.edu/podcastdetail/7796 Wed, 15 Dec 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/
Log4j Updates
https://isc.sans.edu/forums/diary/Log4j+2150+and+previously+suggested+mitigations+may+not+be+enough/28134/
Log4j Scanner
https://github.com/dtact/divd-2021-00038--log4j-scanner
Apple Updates
https://support.apple.com/en-us/HT201222
]]> 5:20 apple, log4j, ios, macos, ipados, watchos, tvos, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7794 Log4Shell "wrapup"; Google Chrome Update; Malicious PyPi Packages Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Log4Shell "wrapup"; Google Chrome Update; Malicious PyPi Packages https://traffic.libsyn.com/securitypodcast/7794.mp3 https://isc.sans.edu/podcastdetail/7794 Tue, 14 Dec 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/
https://www.youtube.com/watch?v=oC2PZB5D3Ys
Google Chrome Update
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
Malicious PyPi Packages
https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2
]]> 5:07 pypi, backdoor, google chrome, 0day, log4shell, log4j, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7792 Infocon Raised to Yellow for #Log4Shell / #Log4j2 Vulnerablity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Infocon Raised to Yellow for #Log4Shell / #Log4j2 Vulnerablity https://traffic.libsyn.com/securitypodcast/7792.mp3 https://isc.sans.edu/podcastdetail/7792 Mon, 13 Dec 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/
Log4j Zero Day
https://www.lunasec.io/docs/blog/log4j-zero-day/
Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data
https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/
Log4Shell Vendor Bulletins
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
]]> 7:44 log4shell, log4j, log4j2, java, logs, api, rce, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7790 Discord Phishing; Microtik Issues; log4j RCE 0 Day; Sonicwall SMA 100 Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Discord Phishing; Microtik Issues; log4j RCE 0 Day; Sonicwall SMA 100 Patch https://traffic.libsyn.com/securitypodcast/7790.mp3 https://isc.sans.edu/podcastdetail/7790 Fri, 10 Dec 2021 02:40:01 GMT https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/
Vulnerable Microtik Routers
https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/
log4j RCE 0-day
https://www.lunasec.io/docs/blog/log4j-zero-day/
Sonicwall SMA 100 Patch
https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/
]]> 6:30 sonicwall, log4j, rce, 0-day, microtik, phishing, discord, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7788 Forensic Challenge; Phishing with MSFT OAuth; Android Patchday Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Forensic Challenge; Phishing with MSFT OAuth; Android Patchday https://traffic.libsyn.com/securitypodcast/7788.mp3 https://isc.sans.edu/podcastdetail/7788 Thu, 09 Dec 2021 02:30:01 GMT https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
Android Patch Day
https://source.android.com/security/bulletin/2021-12-01?hl=en
]]> 5:30 android, github, microsoft, forensic, challenge, contest, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7786 Webshells; AWS Outages; Kafka Exposed; Windows 10 RCE; Browser XS Bugs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Webshells; AWS Outages; Kafka Exposed; Windows 10 RCE; Browser XS Bugs https://traffic.libsyn.com/securitypodcast/7786.mp3 https://isc.sans.edu/podcastdetail/7786 Wed, 08 Dec 2021 02:35:01 GMT https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/
AWS Outage
https://status.aws.amazon.com
Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed
https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/
Windows 10 RCE: The exploit is in the link
https://positive.security/blog/ms-officecmd-rce
XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
https://xsinator.com/paper.pdf
]]> 5:37 xsinator, cross-site, xs leak, browser, windows 10, rce, link, ms-officemd, kafdrop, kafka, aws, webshells, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7784 OOB Networks for Incident Handling; Unitrends Backup Updates; Deanonymizing Tor; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OOB Networks for Incident Handling; Unitrends Backup Updates; Deanonymizing Tor; https://traffic.libsyn.com/securitypodcast/7784.mp3 https://isc.sans.edu/podcastdetail/7784 Tue, 07 Dec 2021 02:25:01 GMT https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/
Kaseya Unitrends Backup Appliance Updates
https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961
Is KAX17 Performing De-Anonymization Attacks Against Tor Users?
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8
Google Chrome Update No 0-Days
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
]]> 5:30 google chrome, kax17, nusenu, twitter, out of band, ransomware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Dr. Johannes B. Ullrich full 7782 UPX is forever; Airgap Attacks; Ubiquity Insider Extortion Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. UPX is forever; Airgap Attacks; Ubiquity Insider Extortion https://traffic.libsyn.com/securitypodcast/7782.mp3 https://isc.sans.edu/podcastdetail/7782 Mon, 06 Dec 2021 02:45:01 GMT https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/
Survey of Airgap Attacks
https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/
Ubiquity Victim of Insider Extortion
https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-charged-stealing-confidential-data-and-extorting
]]> 5:22 upx, airgap, usb, ubiquity, insider, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7780 TA551 Pushing IcedID; pip-audit; Wifi-Router Flaws; #HolidayHack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TA551 Pushing IcedID; pip-audit; Wifi-Router Flaws; #HolidayHack https://traffic.libsyn.com/securitypodcast/7780.mp3 https://isc.sans.edu/podcastdetail/7780 Fri, 03 Dec 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/
pip-audit scanning Python packages for known vulnerabilities
https://pypi.org/project/pip-audit/
Wifi Router Flaws
https://www.iot-inspector.com/blog/router-security-check-2021/
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
]]> 14:23 holiday, hack challenge, wifi, router, pip-audit, ta551, icedid, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7778 Webhook.site Exfiltration; NSS Library Vuln; EwDoor vs. AT&T; JAMF Pro Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Webhook.site Exfiltration; NSS Library Vuln; EwDoor vs. AT&T; JAMF Pro Patch https://traffic.libsyn.com/securitypodcast/7778.mp3 https://isc.sans.edu/podcastdetail/7778 Thu, 02 Dec 2021 02:05:01 GMT https://isc.sans.edu/forums/diary/InfoStealer+Using+webhooksite+to+Exfiltrate+Data/28088/
Mozilla NSS Library Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
EwDoor Botnet is Attacking AT&T Customers
https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/
JAMF Pro 10.32 Patch
https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
]]> 6:15 ewdoor, att, nss, mozillay, webhook, jamf, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7776 Composer vs PHPUnit; Microsoft Defender False Pos; HP Printer Vuln; Win10 Arbitrary File Read Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Composer vs PHPUnit; Microsoft Defender False Pos; HP Printer Vuln; Win10 Arbitrary File Read https://traffic.libsyn.com/securitypodcast/7776.mp3 https://isc.sans.edu/podcastdetail/7776 Wed, 01 Dec 2021 02:40:01 GMT https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/
Microsoft Defender Scares Admins with Emotet False Positivies
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/
Printing Shellz HP Printer Vulnerabilities
https://blog.f-secure.com/hp-printer-vulnerabilities/?_ga=2.125707850.1160056027.1638325485-2056233716.1638325485
Unpatched Local Privilege Escalation in Mobile Device Management Service
https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html
]]> 6:24 mdm, windows, mobile device management, shellz, hp printer, defender, emotet, phpunit, composer, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7774 Wireshark Update; Google Cloud Security; Zoom Patch; Slack vs DNSSEC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Wireshark Update; Google Cloud Security; Zoom Patch; Slack vs DNSSEC https://traffic.libsyn.com/securitypodcast/7774.mp3 https://isc.sans.edu/podcastdetail/7774 Tue, 30 Nov 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/
Google Cloud Security Report
https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf
Zoom Patch
https://explore.zoom.us/en/trust/security/security-bulletin/
Slack DNSSEC Experience Reports
https://slack.engineering/what-happened-during-slacks-dnssec-rollout/
]]> 5:25 dnssec, slack, zoom, google, cloud, wireshark, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7772 Disappearing Phish; Trickbot HTML Resolution Check; QNAP QVR Patch; CronRAT Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Disappearing Phish; Trickbot HTML Resolution Check; QNAP QVR Patch; CronRAT https://traffic.libsyn.com/securitypodcast/7772.mp3 https://isc.sans.edu/podcastdetail/7772 Mon, 29 Nov 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/
Trickbot Phishing Checks Screen Resolution to Evade Researchers
https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/
QNAP QVR Patch
https://www.qnap.com/de-de/security-advisory/qsa-21-51
CronRAT Malware Hiding in cron
https://sansec.io/research/cronrat
]]> 6:04 cronrat, malware, cron, crontab, qnap, qvr, trickbot, html, resolution, phishing, ip address, allow list, block list, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7770 Improved YARA Maldoc Signature; Windows Installer 0-Day; VMWare VCenter Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Improved YARA Maldoc Signature; Windows Installer 0-Day; VMWare VCenter Vulnerability https://traffic.libsyn.com/securitypodcast/7770.mp3 https://isc.sans.edu/podcastdetail/7770 Wed, 24 Nov 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/YARA+Rule+for+OOXML+Maldocs+Less+False+Positives/28066/
Zero-Day Windows Installer Exploit
https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/
VMWare VCenter Vulnerability and Patch
https://www.vmware.com/security/advisories/VMSA-2021-0027.html
]]> 3:13 vmware, vcenter, windows, installer, exploit, 0day, yara, ooxml, office, maldocs, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7768 Office Macro YARA Rules; Magento Exploits; Exchange PoC (CVE-2021-42321); Windows PrivEsc 0-Day PoC; CloudLinux RCE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Office Macro YARA Rules; Magento Exploits; Exchange PoC (CVE-2021-42321); Windows PrivEsc 0-Day PoC; CloudLinux RCE https://traffic.libsyn.com/securitypodcast/7768.mp3 https://isc.sans.edu/podcastdetail/7768 Tue, 23 Nov 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Simple+YARA+Rules+for+Office+Maldocs/28062/
Retailers Urged to Patch Magento
https://www.theregister.com/2021/11/22/ncsc_magento_updates_black_friday_reminder/
PoC of CVE-2021-42321: pop mspaint.exe on the target
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
BeC Via Exchange Flaws
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html
Windows Priv. Escalation PoC
https://github.com/klinix5/InstallerFileTakeOver
PHP deserialize vulnerablity in CloudLinux Imunity360
https://blog.talosintelligence.com/2021/11/vulnerability-spotlight-php-deserialize.html
]]> 4:25 php, deserialization, cloudlinux, imunify360, imunity360, bec, exchange, cve-2021-42321, magento, yara, maldocs, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7766 Hikvision Exploited; Detecting PAM Backdoors Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hikvision Exploited; Detecting PAM Backdoors https://traffic.libsyn.com/securitypodcast/7766.mp3 https://isc.sans.edu/podcastdetail/7766 Mon, 22 Nov 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/
Detecting PAM Backdoors
https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/
Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem
https://dl.acm.org/doi/pdf/10.1145/3460120.3484768
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/
]]> 5:00 cve-2021-42306, credmanifest, azure, rusted anchors, ca, web, pki, tls, pam, backdoors, hikvision, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7764 JavaScript Delivers Agent Tesla; GitHub vs cookies.sqlite; Fatpipe VPN Exploited; Abusing ClouDNS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. JavaScript Delivers Agent Tesla; GitHub vs cookies.sqlite; Fatpipe VPN Exploited; Abusing ClouDNS https://traffic.libsyn.com/securitypodcast/7764.mp3 https://isc.sans.edu/podcastdetail/7764 Fri, 19 Nov 2021 03:00:02 GMT https://isc.sans.edu/forums/diary/JavaScript+Downloader+Delivers+Agent+Tesla+Trojan/28050/
Exposed Firefox cookies.sqlite Databases
https://www.theregister.com/2021/11/18/firefox_cookies_github/
FBI Warns of Fatpipe VPN Exploits
https://www.ic3.gov/Media/News/2021/211117-2.pdf
Abusing ClouDNS
https://blog.netlab.360.com/the-pitfall-of-threat-intelligence-whitelisting-specter-botnet-is-taking-over-top-legit-dns-domains-by-using-cloudns-service/
]]> 6:42 cloudns, fbi, fatpipe, firefox, cookies.sqlite, javascript, tesla, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7762 DDS Implementation Vuln; Siemens Nucleus TCP/IP Flaws; Netgear UPNP; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DDS Implementation Vuln; Siemens Nucleus TCP/IP Flaws; Netgear UPNP; https://traffic.libsyn.com/securitypodcast/7762.mp3 https://isc.sans.edu/podcastdetail/7762 Thu, 18 Nov 2021 02:00:01 GMT https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02
Siemens TCP/IP Flaws
https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucleus-tcp-ip-stack/
Netgear UPNP Stack Based Buffer Overflow
https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html
]]> 4:35 netgear, upnp, siemens, tcp/ip, dds, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7760 Emotet Returns; NPM Security; Intel CPU Debug Vulnerablity; Router Vulnerablity List Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet Returns; NPM Security; Intel CPU Debug Vulnerablity; Router Vulnerablity List https://traffic.libsyn.com/securitypodcast/7760.mp3 https://isc.sans.edu/podcastdetail/7760 Wed, 17 Nov 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Emotet+Returns/28044/
GitHub Improves npm Security
https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/
Intel CPU Debug Vulnerability
https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-intel-processors-used-in-laptops-cars-and-other-devices/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
Home Router Vulnerability Listing
https://modemly.com/m1/pulse
]]> 6:43 home router, vulnerability, intel, cpu, github, emotet, npm, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7758 MSFT Update Fixes Auth Failures; Clipboard AD Passwd Change; Parking Pages Distribute Malware; Rowhamer 4 ever; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Update Fixes Auth Failures; Clipboard AD Passwd Change; Parking Pages Distribute Malware; Rowhamer 4 ever; https://traffic.libsyn.com/securitypodcast/7758.mp3 https://isc.sans.edu/podcastdetail/7758 Tue, 16 Nov 2021 02:00:01 GMT https://support.microsoft.com/en-us/topic/november-14-2021-kb5008601-os-build-14393-4771-out-of-band-c8cd33ce-3d40-4853-bee4-a7cc943582b9
Using Copy Paste to Change Microsoft AD Password
https://isc.sans.edu/forums/diary/Changing+your+AD+Password+Using+the+Clipboard+Not+as+Easy+as+Youd+Think/28036/
Parking Pages Used to Distrbute Malware
https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/
Blacksmith Revives Rowhamer
https://comsec.ethz.ch/research/dram/blacksmith/
]]> 6:41 blacksmisth, rowhamer, parking pages, malware, namesilo, mirosoft, ad, password, copy, paste, clipboard, emergency update, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7756 Not So Fake FBI E-Mails; BASE64 Maldocd Reversing; zoom and vmware update; windows priv esc 0-day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Not So Fake FBI E-Mails; BASE64 Maldocd Reversing; zoom and vmware update; windows priv esc 0-day https://traffic.libsyn.com/securitypodcast/7756.mp3 https://isc.sans.edu/podcastdetail/7756 Mon, 15 Nov 2021 02:00:02 GMT https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails
https://isc.sans.edu/forums/diary/External+Email+System+FBI+Compromised+Sending+Out+Fake+Warnings/28034/
https://twitter.com/spamhaus/status/1459450061696417792
Reversing Obfuscated Maldoc with BASE64
https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare VCenter Update
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
Windows User Profile 0-Day LPE
https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
]]> 5:45 lpe, windows, 0-day, vmware, user profile, vcenter, zoom, maldoc, base64, fbi, email, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7754 In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder https://traffic.libsyn.com/securitypodcast/7754.mp3 https://isc.sans.edu/podcastdetail/7754 Fri, 12 Nov 2021 02:00:02 GMT https://www.sans.org/press/announcements/alan-paller-cyber-security-industry-titan-and-sans-institute-founder-passes-away/
https://isc.sans.edu/forums/diary/In+Memory+of+Alan+Paller/28026/
]]> 3:00 alan paller, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7752 Shadow IT and Phishing; PaloAlto GlobalProtect Vuln; Citrix DoS Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Shadow IT and Phishing; PaloAlto GlobalProtect Vuln; Citrix DoS Vuln; https://traffic.libsyn.com/securitypodcast/7752.mp3 https://isc.sans.edu/podcastdetail/7752 Thu, 11 Nov 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Shadow+IT+Makes+People+More+Vulnerable+to+Phishing/28022/
PaloAlto Networks GlobalProtect VPN CVE-2021-3064
https://www.randori.com/blog/cve-2021-3064/?i=2
Citrix ADC/Gateway/SD-WAN WANOP Patch
https://support.citrix.com/article/CTX330728
HPE Aruba Breach
https://www.arubanetworks.com/support-services/security-bulletins/central-incident-faq/
LiveStream: Application Security; Web Apps, APIs & Microservices
youtu.be/6gGB7skXvpg
2pm ET Today (not 1pm as mentioned in the podcast]]> 6:35 hpe, aruba, citrix, adc, sd-wan, paloalto, shadow it, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7750 Microsoft Patches; Adobe Patches; BusyBox Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Adobe Patches; BusyBox Patches; https://traffic.libsyn.com/securitypodcast/7750.mp3 https://isc.sans.edu/podcastdetail/7750 Wed, 10 Nov 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+November+2021+Patch+Tuesday/28018/
Adobe Patches
https://helpx.adobe.com/security.html
BusyBox Vulnerabilities
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
]]> 6:35 busybox, adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7748 Abusing Security Tools; ManageEngine ADSelfService Attacks; Machine Learning Image Scaling Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Abusing Security Tools; ManageEngine ADSelfService Attacks; Machine Learning Image Scaling Attacks https://traffic.libsyn.com/securitypodcast/7748.mp3 https://isc.sans.edu/podcastdetail/7748 Tue, 09 Nov 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/AbUsing+Security+Tools+Controls+for+the+Bad/28014/
Targeted Attack Campaign Against ManageEngine ADSelfService Plus
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
Image-Scaling Attacks in Machine Learning
https://www.usenix.org/system/files/sec20fall_quiring_prepub.pdf
]]> 7:15 machine learning, manageengine, adselfservice, abusing, pam, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7746 Extracting Cobalt Strike Keys from Memory; xmount; Proactive SIMs; Thunderbird Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Extracting Cobalt Strike Keys from Memory; xmount; Proactive SIMs; Thunderbird Patches https://traffic.libsyn.com/securitypodcast/7746.mp3 https://isc.sans.edu/podcastdetail/7746 Mon, 08 Nov 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/
XMount for Disk Images
https://isc.sans.edu/forums/diary/Xmount+for+Disk+Images/28002/
More Proactive SIMs
https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189
Thunderbird Update
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/
]]> 5:11 sim, xmount, cobalt strike, thunderbird, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7744 October Packets Challenge Solution; Linux Kernel RCE; Cisco Patches; WebAssembly Security Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. October Packets Challenge Solution; Linux Kernel RCE; Cisco Patches; WebAssembly Security https://traffic.libsyn.com/securitypodcast/7744.mp3 https://isc.sans.edu/podcastdetail/7744 Fri, 05 Nov 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/October+2021+Forensic+Contest+Answers+and+Analysis/27998/
CVE-2021-43267: Remote Linux Kernel Heap Overflow in TIPC Module
https://www.sentinelone.com/labs/tipc-remote-linux-kernel-heap-overflow-allows-arbitrary-code-execution/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
The Security Risk of Lacking Compiler Protection in WebAssembly
https://arxiv.org/abs/2111.01421
]]> 7:03 webassembly, cisco, patches, tipc, linux, kernel, overflow, forensic, challenge, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7742 Patch Gitlab; More Exchange Action; Blackmatter Shutting Down Again; Android 0-Day Patched Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Patch Gitlab; More Exchange Action; Blackmatter Shutting Down Again; Android 0-Day Patched https://traffic.libsyn.com/securitypodcast/7742.mp3 https://isc.sans.edu/podcastdetail/7742 Thu, 04 Nov 2021 02:00:02 GMT https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
New Proxy Shell Exploits Seen Against Exchange
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html
Blackmatter Shutting Down Again
https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/
Android 0-Day Patched
https://source.android.com/security/bulletin/2021-11-01
]]> 5:11 Android, 0day, blackmatter, ransomware, proxy shell, exchange, gitlab, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7740 BrakTooth Update; XSS to Root; Pentaho Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BrakTooth Update; XSS to Root; Pentaho Vuln; https://traffic.libsyn.com/securitypodcast/7740.mp3 https://isc.sans.edu/podcastdetail/7740 Wed, 03 Nov 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Revisiting+BrakTooth+Two+Months+Later/27992/
Escalating XSS to Sainthood with Nagios
https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html
Pentaho Business Analytics Vulnerablity
https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf
]]> 5:41 pentaho, xss, nagios, braktooth, bluetooth, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7738 Hiding Source Code; Detecting Header Smuggling; Kaspersky AWS SES Token Lost Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hiding Source Code; Detecting Header Smuggling; Kaspersky AWS SES Token Lost https://traffic.libsyn.com/securitypodcast/7738.mp3 https://isc.sans.edu/podcastdetail/7738 Tue, 02 Nov 2021 02:00:01 GMT https://www.trojansource.codes/trojan-source.pdf
Detecting HTTP Header Smuggling Vulnerabilities
https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks
Kaspersky Lost Amazon Simple Email Service Token
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing
]]> 7:03 kaspersky, amazon, simple email service, ses, http, header, smuggling, trojan source, compiler, editor, unicode, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7736 RDP Scans; Sysmon Update; Chrome Updates; Android Rooting Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RDP Scans; Sysmon Update; Chrome Updates; Android Rooting Malware https://traffic.libsyn.com/securitypodcast/7736.mp3 https://isc.sans.edu/podcastdetail/7736 Mon, 01 Nov 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/
Sysmon Update
https://isc.sans.edu/forums/diary/Sysinternals+Autoruns+and+Sysmon+updates/27986/
Google Chrome Updates
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
AbstractEmu Malware Roots Android
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
Microsoft Defender For Endpoint Web Content Filtering
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/web-content-filtering-now-generally-available-on-windows/ba-p/2893357
]]> 5:22 rdp, sysmon, chrome, android, abstractemd, malware, microsoft, defender, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7734 Critical Hikvision Patch; MacOS SIP Vuln; NPM Typosquatting Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Critical Hikvision Patch; MacOS SIP Vuln; NPM Typosquatting https://traffic.libsyn.com/securitypodcast/7734.mp3 https://isc.sans.edu/podcastdetail/7734 Fri, 29 Oct 2021 02:05:02 GMT https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
Shrootless Vulnerability in MacOS
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/
More Malicious NPM Libraries
https://www.theregister.com/2021/10/27/npm_roblox_ransomware/
]]> 5:36 npm, noblox, shrootless, sip, macos, hikvision, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7732 OWA Phishing; Apple Fixes iOS 0-Day; Adobe Patches; DoH Pinkbot; Jira Insight Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OWA Phishing; Apple Fixes iOS 0-Day; Adobe Patches; DoH Pinkbot; Jira Insight Patch https://traffic.libsyn.com/securitypodcast/7732.mp3 https://isc.sans.edu/podcastdetail/7732 Thu, 28 Oct 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974/
Apple Security Updates Details Available
https://support.apple.com/en-us/HT201222
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
PinkBot Botnet Uses DoH
https://blog.netlab.360.com/pinkbot/
Jira Insight Patch
https://confluence.atlassian.com/adminjiraserver/jira-service-management-security-advisory-2021-10-20-1085186548.html
]]> 5:09 jira, insight, h2, pinkbot, dns over https, adobe, apple, udpates, outlook, owa, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7730 Apple Updates; Craigslist Hijack; UltimaSMS Malware; Firefox Proxy Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; Craigslist Hijack; UltimaSMS Malware; Firefox Proxy Malware https://traffic.libsyn.com/securitypodcast/7730.mp3 https://isc.sans.edu/podcastdetail/7730 Wed, 27 Oct 2021 02:00:02 GMT https://support.apple.com/en-sa/HT201222
Craigslist E-Mail Hijack
https://www.inky.com/blog/urgency-mail-relay-serve-phishers-well-on-craigslist
UltimaSMS Android Malware
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
Firefox Proxy Malware
https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/
]]> 5:35 firefox, update, proxy, ultimasms, android, craigslist, email, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7728 Decrypt Cobalt Strike; Critical Discourse Vuln; ua-parser-js malware; BillQuick Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Decrypt Cobalt Strike; Critical Discourse Vuln; ua-parser-js malware; BillQuick Ransomware https://traffic.libsyn.com/securitypodcast/7728.mp3 https://isc.sans.edu/podcastdetail/7728 Tue, 26 Oct 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/
Critical Discourse Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse
Discourse Discussion Platform RCE
https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq
https://0day.click/recipe/discourse-sns-rce/
ua-parser-js malware
https://github.com/advisories/GHSA-pjwm-rvh2-c87w
Vulnerable Billing Software BillQuick Web Used to Deploy Ransomware
https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
]]> 4:44 billquick, cobalt strike, ua-parser-js, discourse, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7726 Malware Quiz; Odd ZIP Files; Decrypting Cobalt Strike Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Quiz; Odd ZIP Files; Decrypting Cobalt Strike https://traffic.libsyn.com/securitypodcast/7726.mp3 https://isc.sans.edu/podcastdetail/7726 Mon, 25 Oct 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/October+2021+Contest+Forensic+Challenge/27960/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypting Cobalt Strike Configurations Using Known Secret Keys https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/ Tracking BLE Fingerprints https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf GPS Software Bug https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-rollover-bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/]]> 5:35 GPS, Tracking, ble, cobalt strike, zip, malware, packets, quiz, challenge, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7724 Stolen Images Malware; FiveSys Signed Rootkit; Oracle CPU; WinRAR Vuln; Bad NPM Packages Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Stolen Images Malware; FiveSys Signed Rootkit; Oracle CPU; WinRAR Vuln; Bad NPM Packages https://traffic.libsyn.com/securitypodcast/7724.mp3 https://isc.sans.edu/podcastdetail/7724 Fri, 22 Oct 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/
FiveSys Rootkit Signed By Microsoft
https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2021.html
WinRAR Vulnerability
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
Crypto Mining npm Libraries
https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
]]> 6:18 cryptomining, npm, winrar, oracle, cpu, fivesys, windows, microsoft, certificate, sliver, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7722 Leaked Covid Certs; Chrome Removes FTP; Squirrel VM Bug; BlackByte Decryptor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Leaked Covid Certs; Chrome Removes FTP; Squirrel VM Bug; BlackByte Decryptor https://traffic.libsyn.com/securitypodcast/7722.mp3 https://isc.sans.edu/podcastdetail/7722 Thu, 21 Oct 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/
Google Chrome 95 Released
https://chromestatus.com/roadmap
Squirrel VM Bug
https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html
BlackByte Decryptor Released
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
https://github.com/SpiderLabs/BlackByteDecryptor
]]> 5:38 blackbyte, Decryptor, squirrel, vm, games, google, chrome, ftp, covid 19, certificates, vaccination, virustotal, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7720 Great CN Firewall Experiment; Fake Gov Sites; TA505 Coming Back; Blackmatter Advise Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Great CN Firewall Experiment; Fake Gov Sites; TA505 Coming Back; Blackmatter Advise https://traffic.libsyn.com/securitypodcast/7720.mp3 https://isc.sans.edu/podcastdetail/7720 Wed, 20 Oct 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/
Fake Government Assistance Websites
https://www.ic3.gov/Media/Y2021/PSA211015
TA505 Coming Back
https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant
BlackMatter Ransomware
https://us-cert.cisa.gov/ncas/alerts/aa21-291a
]]> 4:45 blackmatter, ransomware, ta505, government websites, phishing, chinese, firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7718 Certificated Auth for C2; PowerShell Patches; JunOS Patches; TianFu Cup Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Certificated Auth for C2; PowerShell Patches; JunOS Patches; TianFu Cup https://traffic.libsyn.com/securitypodcast/7718.mp3 https://isc.sans.edu/podcastdetail/7718 Tue, 19 Oct 2021 02:05:01 GMT https://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/
PowerShell Updates
https://github.com/PowerShell/Announcements/issues/27
Juniper JunOS Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
TianFu Cup
https://tianfucup.com/en/#canjia
]]> 5:06 junos, tianfu, junipter, powershell, certificates, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7716 Apache 2.4.49/50 Exploited; Warranty Repairs; Malicious NFTs; Bitcoins for Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apache 2.4.49/50 Exploited; Warranty Repairs; Malicious NFTs; Bitcoins for Ransomware https://traffic.libsyn.com/securitypodcast/7716.mp3 https://isc.sans.edu/podcastdetail/7716 Mon, 18 Oct 2021 02:05:01 GMT https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/
Warranty Repairs and Non Removable Storage Risks
https://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/
Crypto Wallet Compromised on OpenSea NFT Marketplace
https://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/
$5.2 Billion worth of Bitcoin Transactions Linked to Ransomware
https://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf
]]> 5:34 bitcoin, ransomware, nft, crypto wallet, opensea, warranty, removable storage, apache, directory traversal, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7714 Windows Port Forward; SMTP Brute Forcing; Fake Ad Blocker; Romance Crypto Coin Scam; Sysmon4Linux; VMWare/Foxit Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows Port Forward; SMTP Brute Forcing; Fake Ad Blocker; Romance Crypto Coin Scam; Sysmon4Linux; VMWare/Foxit Updates https://traffic.libsyn.com/securitypodcast/7714.mp3 https://isc.sans.edu/podcastdetail/7714 Fri, 15 Oct 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/
Please Fix Your E-Mail Brute Forcing Tool
https://isc.sans.edu/forums/diary/Please+fix+your+EMail+Brute+forcing+tool/27930/
Ad Blocker Injects Ads
https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/
Romance Scams Go After Crypto Currency
https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/
Sysmon For Linux
https://github.com/Sysinternals/SysmonForLinux
Foxit Updates
https://www.foxit.com/support/security-bulletins.html

VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2021-0023.html
]]> 6:32 vmware, foxit, sysmon, linux, romance, crypto, apple, ad blocker, email, brute forcing, netsh, port forwarding, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7712 Microsoft Patch Tuesday; Adobe Patches; PyPi Removes Malicious mitmproxy2 Module Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Patches; PyPi Removes Malicious mitmproxy2 Module https://traffic.libsyn.com/securitypodcast/7712.mp3 https://isc.sans.edu/podcastdetail/7712 Wed, 13 Oct 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
PyPi Remove mitmproxy2 Module
https://twitter.com/maximilianhils/status/1447525552370458625
https://web.archive.org/web/20211012105244/https://gist.github.com/mhils/7ff29d50b25a1c99e06834cf95684333
]]> 5:54 pypi, mitmproxy, mitmproxy2, adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7710 Odd Web Log Summary; iOS/iPadOS 15.0.2 (0-day); GitKraken weak keys; Lets Encrypt Outage Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd Web Log Summary; iOS/iPadOS 15.0.2 (0-day); GitKraken weak keys; Lets Encrypt Outage https://traffic.libsyn.com/securitypodcast/7710.mp3 https://isc.sans.edu/podcastdetail/7710 Tue, 12 Oct 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/
Apple Updates iOS/iPadOS to 15.0.2
https://saaramar.github.io/IOMFB_integer_overflow_poc/
https://support.apple.com/en-us/HT212846
Weak SSH Keys Used with GitKraken
https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/
Let's Encrypt Outage
https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6164b5af714e1f053880ba0c
]]> 5:04 letsencrypt, gitkraken, keypair, ssh keys, apple, ios, ipados, 15.0.2, http requests, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7708 WebLogic Xploits; Sorting Things; Telegram Auto-Delete; MSFT Disabling Excel 4.0 Macros; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WebLogic Xploits; Sorting Things; Telegram Auto-Delete; MSFT Disabling Excel 4.0 Macros; https://traffic.libsyn.com/securitypodcast/7708.mp3 https://isc.sans.edu/podcastdetail/7708 Mon, 11 Oct 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/
Sorting Things Out - Sorting Data by IP Address
https://isc.sans.edu/forums/diary/Sorting+Things+Out+Sorting+Data+by+IP+Address/27916/
https://gitlab.com/slackermedia/bashcrawl
Telegram Does Not Remove Auto-Deleted Messages from Cache
https://habr.com/en/post/580582/
Microsoft To Disable Excel 4.0 Macros By Default
https://twitter.com/GelosSnake/status/1446192775087722497
https://m365admin.handsontek.net/macro-settings-update-to-disable-excel-4-0-macros-by-default/
]]> 5:24 weblogic, oracle, sort, bash, telegram, excel, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7706 Hunting IPTV Boxes; Apache 2.4.51 Released; FontOnLake Rootkit; osquery 5; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hunting IPTV Boxes; Apache 2.4.51 Released; FontOnLake Rootkit; osquery 5; https://traffic.libsyn.com/securitypodcast/7706.mp3 https://isc.sans.edu/podcastdetail/7706 Fri, 08 Oct 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/
Another Update For Apache
https://httpd.apache.org
Font on Lake Rootkit
https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/
osquery 5 with macOS Endpoint Security
https://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos
]]> 6:21 osquery, macos, fontonlake, rootkit, linux, apache, iptv, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7704 Apache Flaw Details; VMWare ESXi Ransomware; AT&T SIM Forensics; Google Pushing 2SV Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apache Flaw Details; VMWare ESXi Ransomware; AT&T SIM Forensics; Google Pushing 2SV https://traffic.libsyn.com/securitypodcast/7704.mp3 https://isc.sans.edu/podcastdetail/7704 Thu, 07 Oct 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Apache+2449+Directory+Traversal+Vulnerability+CVE202141773/27908/
Python Ransomware Targeting ESXi Server
https://www.sophos.com/en-us/press-office/press-releases/2021/10/sophos-researchers-uncover-new-python-ransomware-targeting-an-esxi-server-and-virtual-machines.aspx
AT&T SIM Forensics
https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c
Google Making Additional 2FA Push
https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/
]]> 5:19 Google, 2FA, ATT, SIM, Forensics, Python, ESXi, VMWare, Ransomware, Apache, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7702 Looking Glass; Facebook Postmortem; Apache 2.4.49 Vuln; Windows 11/2022 Released Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Looking Glass; Facebook Postmortem; Apache 2.4.49 Vuln; Windows 11/2022 Released https://traffic.libsyn.com/securitypodcast/7702.mp3 https://isc.sans.edu/podcastdetail/7702 Wed, 06 Oct 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Looking+Glasses+Debugging+Network+Connectivity+Issues/27904/
Facebook Postmortem
https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/
Apache 2.4.49 Directory Traversal Vulnerability
https://blog.sonatype.com/apache-servers-actively-exploited-in-wild-importance-of-prompt-patching
Windows 11 Released
https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work/
https://www.microsoft.com/en-us/download/details.aspx?id=55319
]]> 5:40 windows 11, apache 2.4.49, path traversal, facebook, looking glass, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7700 Facebook Outage; Dark Botnet Update; Apache Airflow Credential Leakage #facebookout #airflow #bgp Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Facebook Outage; Dark Botnet Update; Apache Airflow Credential Leakage #facebookout #airflow #bgp https://traffic.libsyn.com/securitypodcast/7700.mp3 https://isc.sans.edu/podcastdetail/7700 Tue, 05 Oct 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/
Boutique "Dark" Botnet Hunting for Crumbs
https://isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/
Apache Airflow May Leak Credentials
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
]]> 5:47 apache, airflow, dark.iot, dark, botnet, facebook, outage, bgp, dns, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7698 cvtres.exe Malicious Use; More Chrome Patches; Security Awareness Month; Gatekeeper Bypass; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. cvtres.exe Malicious Use; More Chrome Patches; Security Awareness Month; Gatekeeper Bypass; https://traffic.libsyn.com/securitypodcast/7698.mp3 https://isc.sans.edu/podcastdetail/7698 Mon, 04 Oct 2021 02:05:01 GMT https://isc.sans.edu/forums/diary/New+Tool+to+Add+to+Your+LOLBAS+List+cvtresexe/27892/
Google Chrome Continuing Updates
https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop
Cyber Security Awareness Month
https://www.sans.org/security-awareness-training/resources/
https://isc.sans.edu/tag.html?tag=csam
FCC Attempts to Fight SIM Swapping
https://docs.fcc.gov/public/attachments/DOC-376199A1.pdf
MacOS Gatekeeper Bypass
https://labs.f-secure.com/blog/the-discovery-of-cve-2021-1810/
]]> 5:51 macos, gatekeeper, fcc, sim swapping, security awareness month, google, chrome, lolbas, cvtres.exe, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7696 Visa/Apple Express Transit Relay; FluBot Fake Updates; Azure Brute-Forceing; Domain Dumpster Diving @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Visa/Apple Express Transit Relay; FluBot Fake Updates; Azure Brute-Forceing; Domain Dumpster Diving @sans_edu https://traffic.libsyn.com/securitypodcast/7696.mp3 https://isc.sans.edu/podcastdetail/7696 Fri, 01 Oct 2021 02:00:02 GMT https://www.bbc.com/news/technology-58719891
FluBot Offering Fake FlutBot Protection
https://twitter.com/CERTNZ/status/1443701853665980440
Undetected Azure Active Directory Brute-Force Attacks
https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
SANS.edu Student Christopher DeWees: Expired Domain Dumpster Diving https://www.sans.edu/cyber-research/40505/
]]> 14:59 sans.edu, dewees, domains, expired, azure, active directory, brute forcing, flubot, visa, apple, express transit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7694 gpsd Bug; Airtag XSS; CISA/NSA VPN Guidance; Facebook Opensourcing Mariana Trench Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. gpsd Bug; Airtag XSS; CISA/NSA VPN Guidance; Facebook Opensourcing Mariana Trench https://traffic.libsyn.com/securitypodcast/7694.mp3 https://isc.sans.edu/podcastdetail/7694 Thu, 30 Sep 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
Apple Airtags Stored XSS
https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216
CISA/NSA Guidance To Configure VPNs
https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF
Facebook Open Sourcing "Mariana Trench" Tool To Analyze Android and Java Apps
https://engineering.fb.com/2021/09/29/security/mariana-trench/
]]> 5:28 facebook, mariana trench, android, vpn, apple, airtag, xss, ntp, gps, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7692 Current TLS/SSL Versions; Malicious Browser Crypto Wallets; Easier Exchange Emergency Mitigations Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Current TLS/SSL Versions; Malicious Browser Crypto Wallets; Easier Exchange Emergency Mitigations https://traffic.libsyn.com/securitypodcast/7692.mp3 https://isc.sans.edu/podcastdetail/7692 Wed, 29 Sep 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/TLS+13+and+SSL+the+current+state+of+affairs/27882/
EFF Discontinues HTTPS Everywhere Plugin
https://www.eff.org/deeplinks/2021/09/https-actually-everywhere
Malicious CryptoCoin Wallet
https://discourse.mozilla.org/t/got-hacked-by-the-add-on-called-safepal-wallet/85797
Microsoft Automates Exchange Mitigations
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155
]]> 5:39 exchange, mitigations, cryptocoin, safepol, eff, https, tls, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7690 Trend Micro ServerProtct Auth Bypass; Let's Encrypt Root Expiration; ERMAC Android Malware; QNAP Vulns; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Trend Micro ServerProtct Auth Bypass; Let's Encrypt Root Expiration; ERMAC Android Malware; QNAP Vulns; https://traffic.libsyn.com/securitypodcast/7690.mp3 https://isc.sans.edu/podcastdetail/7690 Tue, 28 Sep 2021 02:00:02 GMT https://www.zerodayinitiative.com/advisories/ZDI-21-1115/
Let's Encrypt Root CA Expiration
https://community.letsencrypt.org/t/production-chain-changes/150739
ERMAC Android Malware
https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html
QNAP Vulnerabilities
https://www.qnap.com/en/security-advisory/QSA-21-35
]]> 5:47 trend micro, let's encrypt, ermac, qnap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7688 Mobile Device Inventory; Autodiscover Attacks; iOS 3x0Day; Cisco CAPWAP Vuln; Sonicall SMA 100 Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mobile Device Inventory; Autodiscover Attacks; iOS 3x0Day; Cisco CAPWAP Vuln; Sonicall SMA 100 Patch https://traffic.libsyn.com/securitypodcast/7688.mp3 https://isc.sans.edu/podcastdetail/7688 Mon, 27 Sep 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+Users+Mobile+Devices+Simple+Inventory/27868/
Autodiscover Attacks
https://autodiscover-vulnerable-tlds.com
https://wiki.mozilla.org/Public_Suffix_List
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
Three More 0-Day Vulnerabilities in iOS
https://habr.com/en/post/579714/
original russian version: https://habr.com/en/post/579716/
Cisco CAPWAP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf
Sonicwall SMA 100 Series Vulnerablity
https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/
]]> 6:13 sonicwall, sma, cisco, capwap, ios, bug bounty, autodiscover, active sync, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7686 VBA Creates Excel4 Downloader; WPBT Unpatched Flaw; Patch for Older iOS/macOS; Broken Digital Signatures Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VBA Creates Excel4 Downloader; WPBT Unpatched Flaw; Patch for Older iOS/macOS; Broken Digital Signatures https://traffic.libsyn.com/securitypodcast/7686.mp3 https://isc.sans.edu/podcastdetail/7686 Fri, 24 Sep 2021 02:05:01 GMT https://isc.sans.edu/forums/diary/Excel+Recipe+Some+VBA+Code+with+a+Touch+of+Excel4+Macro/27864/
Windows Platform Binary Table Weakness
https://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/
Apple Patches Older iOS/MacOS Versions
https://support.apple.com/en-us/HT201222
Broken Digital Signatures Used to Foil Malware Detection
https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/
]]> 5:31 digital signatures, apple, ios, macos, WPBT, excel, macro, excel4, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7684 Obfuscated MSHTML Exploits; Exchange Autodiscovery Leak; Nagios Vuln; Apple SDK Removes TLS1.0/1.1 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscated MSHTML Exploits; Exchange Autodiscovery Leak; Nagios Vuln; Apple SDK Removes TLS1.0/1.1 https://traffic.libsyn.com/securitypodcast/7684.mp3 https://isc.sans.edu/podcastdetail/7684 Thu, 23 Sep 2021 11:35:01 GMT https://isc.sans.edu/forums/diary/An+XMLObfuscated+Office+Document+CVE202140444/27860/
Exchange Autodiscovering Leaks Credentials
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
Nagios Vulnerabilities
https://claroty.com/2021/09/21/blog-research-securing-network-management-systems-nagios-xi/
Apple Deprecating TLS 1.0/1.1
https://developer.apple.com/news/?id=bv8ur34d
]]> 6:53 nagios, exchange, autodiscovery, xml, office, mshtml, word, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7682 iOS 15 Private Relay; macOS Finder Vuln; vCenter Advisory; NetGear Circle Parental Control Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. iOS 15 Private Relay; macOS Finder Vuln; vCenter Advisory; NetGear Circle Parental Control Vuln; https://traffic.libsyn.com/securitypodcast/7682.mp3 https://isc.sans.edu/podcastdetail/7682 Wed, 22 Sep 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/A+First+Look+at+Apples+iOS+15+Private+Relay+feature/27858/
macOS Finder Security Feature Bypass Leads to Possible RCE
https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/
VMWare vCenter Advisory
https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html
NetGear Circle Parental Control Vulnerablity
https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
]]> 5:40 netgear, circle, vmware, vCenter, macos, finder, private relay, ios 15, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7680 OMIGOD Scans; Apple Updates; ADSelfService Plus Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OMIGOD Scans; Apple Updates; ADSelfService Plus Exploit https://traffic.libsyn.com/securitypodcast/7680.mp3 https://isc.sans.edu/podcastdetail/7680 Tue, 21 Sep 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/OMIGOD+Exploits+Captured+in+the+Wild+Researchers+responsible+for+half+of+scans+for+related+ports/27852/
Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari)
https://support.apple.com/en-us/HT201222
ManageEngine ADSelfService Plus Exploited
https://us-cert.cisa.gov/ncas/alerts/aa21-259a
]]> 6:24 manageengine, adselfservice, apple, ios, ipados, tvos, watchos, xcode, safari, omigod, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7678 iOS Calendar Invites; MSHTML Exploit Docs; Mirai Hunting OMIGOD; Netgear Exploits Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. iOS Calendar Invites; MSHTML Exploit Docs; Mirai Hunting OMIGOD; Netgear Exploits https://traffic.libsyn.com/securitypodcast/7678.mp3 https://isc.sans.edu/podcastdetail/7678 Mon, 20 Sep 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/
Simple Analysis of a CVE-2021-40444 (MSHTML) Document
https://isc.sans.edu/forums/diary/Simple+Analysis+Of+A+CVE202140444+docx+Document/27848/
Mirai Botnet Hunting OMIGOD
https://twitter.com/1ZRR4H/status/1438580885142507528
https://isc.sans.edu/port.html?port=1270
Exploit for Netgear Flaws Available
https://gynvael.coldwind.pl/?id=742
]]> 5:47 netgear, mirai, omigod, botnet, mshtml, calendar, ical, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7676 Brute Force Phishing; PrintNightmare Patch Stops Printing; Linux Malware on Windows ... and more Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Brute Force Phishing; PrintNightmare Patch Stops Printing; Linux Malware on Windows ... and more https://traffic.libsyn.com/securitypodcast/7676.mp3 https://isc.sans.edu/podcastdetail/7676 Fri, 17 Sep 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/
PrintNightmare Fix Breaks Network Printing
https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/
Malware Taking Advantage of Linux Subsystem for Windows
https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/
Travis CI Patch
https://travis-ci.community/t/security-bulletin/12081
IBM System x IMM Vulnerability
https://support.lenovo.com/es/en/product_security/len-66347
Fake iTerm installing Malware on OS X
https://objective-see.com/blog/blog_0x66.html
]]> 6:30 iterm, ibm, system x, imm, travis ci, travis, linux, windows, subsystem, lsw, phishing, printnightmare, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7674 Hancitor MSFT OneDrive; Azure Linux OMIGOD Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hancitor MSFT OneDrive; Azure Linux OMIGOD Vulnerability https://traffic.libsyn.com/securitypodcast/7674.mp3 https://isc.sans.edu/podcastdetail/7674 Thu, 16 Sep 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Hancitor+campaign+abusing+Microsofts+OneDrive/27838/
"Secret"Agent Exposes Azure Customers To Unauthorized Code Execution
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
]]> 5:29 omigod, wiz, azure, linux, omi, vulnerability, hancitor, microsoft, onedrive, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7672 Microsoft Patches; Adobe Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Adobe Patches; https://traffic.libsyn.com/securitypodcast/7672.mp3 https://isc.sans.edu/podcastdetail/7672 Wed, 15 Sep 2021 02:05:01 GMT https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
]]> 5:22 adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7670 Apple Updates; Gooble Chrome Patches; WooCommerce Currency Conv. Flaw; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; Gooble Chrome Patches; WooCommerce Currency Conv. Flaw; https://traffic.libsyn.com/securitypodcast/7670.mp3 https://isc.sans.edu/podcastdetail/7670 Tue, 14 Sep 2021 02:05:01 GMT https://support.apple.com/en-us/HT201222
Citizenlab Discloses NSO Exploit Details
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Google Chrome Update
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
WooCommerce Multi Currency Plugin Vulnerablity
https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/
]]> 5:08 woocommerce, currency, plugin, google, chrome, citizenlab, nso, exploit, apple, ios, ipados, watchos, macos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7668 MSFT DNS Logs to Elastic; MSHTML Exploits; Lock Screen Bypass; Citrix Patches; nodejs tar vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT DNS Logs to Elastic; MSHTML Exploits; Lock Screen Bypass; Citrix Patches; nodejs tar vuln https://traffic.libsyn.com/securitypodcast/7668.mp3 https://isc.sans.edu/podcastdetail/7668 Mon, 13 Sep 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/
Exploit Generator for CVE-2021-40444
https://github.com/lockedbyte/CVE-2021-40444
Windows Lock Screen Bypass
https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html
Citrix Hypervisor Update
https://support.citrix.com/article/CTX325319
GitHub Identifies Vulnerable node.js Packages
https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
]]> 5:33 github, node.js, citrix, windows, lock screen, mshtml, dns, elasticsearch, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7666 ISC/DShield API Updates; MSHTML Vulnerablity Update; GitHub check-spelling Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ISC/DShield API Updates; MSHTML Vulnerablity Update; GitHub check-spelling Vuln https://traffic.libsyn.com/securitypodcast/7666.mp3 https://isc.sans.edu/podcastdetail/7666 Fri, 10 Sep 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/
Update on Windows MSHTML Vulnerability
https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/
GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage
https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md
]]> 6:30 mshtml, windows, api, threatfead, new domains, github, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7664 Protonmail Correction; BazarLoader "Stolen Images"; Thyotic SS; Zoho Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Protonmail Correction; BazarLoader "Stolen Images"; Thyotic SS; Zoho Vuln; https://traffic.libsyn.com/securitypodcast/7664.mp3 https://isc.sans.edu/podcastdetail/7664 Thu, 09 Sep 2021 02:00:01 GMT https://protonmail.com/blog/climate-activist-arrest/
https://protonmail.com/privacy-policy
"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/
Thyotic Secret Server Critical Update
https://docs.thycotic.com/ss/11.0.0/release-notes/ss-rn-11-0-000007.md
Zoho Vulnerablity Exploited
https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html
]]> 5:39 zoho, thyotic, bazarloader, protonmail, protonvpn, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7662 MSHTML 0-Day Exploited; ProtonVPN Privacy; What's App Moderation; Stashing Payload in Log Files (CLFS); Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSHTML 0-Day Exploited; ProtonVPN Privacy; What's App Moderation; Stashing Payload in Log Files (CLFS); https://traffic.libsyn.com/securitypodcast/7662.mp3 https://isc.sans.edu/podcastdetail/7662 Wed, 08 Sep 2021 02:05:01 GMT https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
ProntonMail/VPN Releasing User's IP Address
https://protonmail.com/blog/climate-activist-arrest/
What's App End To End Encryption Questioned (but upheld)
https://twitter.com/evacide/status/1435288900587589632?s=20
PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS)
https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
]]> 5:43 privatelog, stashlog, fireeye, clfs, log files, whats app, protonmail, protonvpn, mshtml, microsoft, cve-2021-40444, activex, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7660 Confluence Update; ProxyShell Update; Ghostscript RCE; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Confluence Update; ProxyShell Update; Ghostscript RCE; https://traffic.libsyn.com/securitypodcast/7660.mp3 https://isc.sans.edu/podcastdetail/7660 Tue, 07 Sep 2021 02:00:01 GMT https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
https://www.jenkins.io/blog/2021/09/04/wiki-attacked/
ProxyShell Update
https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/
RCE-0-Day for GhostScript 9.50
https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
Netgear Switch Auth Bypass
https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145
]]> 5:25 netgear, ghostscript, proxyshell, confluence, exchange, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7658 Hurricane Scams; Confluence Attacked; Cisco Ent. NFVIS; GPU Malware; @sans_edu : Cloud Forensics Triage Framework Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hurricane Scams; Confluence Attacked; Cisco Ent. NFVIS; GPU Malware; @sans_edu : Cloud Forensics Triage Framework https://traffic.libsyn.com/securitypodcast/7658.mp3 https://isc.sans.edu/podcastdetail/7658 Fri, 03 Sep 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/
Active Exploitation of Confluence Server CVE-2021-26084
https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/
GitHub Removing old Ciphers / Keys
https://github.blog/2021-09-01-improving-git-protocol-security-github/
Cisco Enterprise NFV Infrastructure Software Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh
Hackers are Selling Tool to Hide Malware in GPUs
https://www.ehackingnews.com/2021/09/hackers-are-selling-tool-to-hide.html
Michael Beck: Cloud Forensics Triage Framework (CFTF)
https://www.sans.org/white-papers/40415/
]]> 14:10 sans_edu, forensics, cloud, cftf, gpu, malware, cisco, authentication, confluence, atlassian, github, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7656 Java Malware STRRAT; Baby Monitor Exposed; Annke NVR; ProxyWare Abuse Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Java Malware STRRAT; Baby Monitor Exposed; Annke NVR; ProxyWare Abuse https://traffic.libsyn.com/securitypodcast/7656.mp3 https://isc.sans.edu/podcastdetail/7656 Thu, 02 Sep 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/
IPC360 Baby Monitor Vulnerability
https://www.bitdefender.com/files/News/CaseStudies/study/402/Bitdefender-PR-Whitepaper-VictureIPC-creat5590-en-EN.pdf
Annke Network Video Recorder Vulnerability
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02
ProxyWare Abuse
https://blog.talosintelligence.com/2021/08/proxyware-abuse.html
]]> 6:00 proxyware, annke, video recorder, nvr, baby monitor, ipc360, strrat, java, jre, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7654 More Bluetooth Vulns; Fortress Home Sec. Remote Disarm; PostgreSQL set_user Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Bluetooth Vulns; Fortress Home Sec. Remote Disarm; PostgreSQL set_user https://traffic.libsyn.com/securitypodcast/7654.mp3 https://isc.sans.edu/podcastdetail/7654 Wed, 01 Sep 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/
Fortress Home Security System Weakness
https://threatpost.com/fortress-home-security-remote-disarmament/169069/
PostgreSQL set_user Module Vulnerability
https://www.postgresql.org/about/news/set_user-201-released-2279/
]]> 5:27 postgresql, set_user, fortress, braktooth, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7652 Crypto Clipboard Fun; Exchange ProxyToken; LockFile Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Crypto Clipboard Fun; Exchange ProxyToken; LockFile Ransomware https://traffic.libsyn.com/securitypodcast/7652.mp3 https://isc.sans.edu/podcastdetail/7652 Tue, 31 Aug 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/
ProxyToken Vulnerability in Exchange
https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server
LockFile Ransomware Evasion Tricks
https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html
]]> 5:54 lockfile, ransomware, proxytoken, exchange, clipboard, crypto, bitcoin, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7650 Cosmos DB Vulnerability; Open Redirect Phishing; Parallels Priv Escalation Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cosmos DB Vulnerability; Open Redirect Phishing; Parallels Priv Escalation https://traffic.libsyn.com/securitypodcast/7650.mp3 https://isc.sans.edu/podcastdetail/7650 Mon, 30 Aug 2021 10:15:02 GMT https://chaosdb.wiz.io
Phishing via Open Redirects
https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/
Parallels Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/208188
https://www.zerodayinitiative.com/advisories/ZDI-21-1000/
]]> 5:04 parallels, phishing, redirects, azure, chasodb, cosmos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7648 Cisco Advisories; Geth DoS Vuln; Confluence Patch; VMWare Updates; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cisco Advisories; Geth DoS Vuln; Confluence Patch; VMWare Updates; https://traffic.libsyn.com/securitypodcast/7648.mp3 https://isc.sans.edu/podcastdetail/7648 Fri, 27 Aug 2021 02:05:02 GMT https://tools.cisco.com/security/center/publicationListing.x
GETH DoS Vulnerability
https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8
Confluence Security Advisory
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
VMWare Updates
https://www.vmware.com/security/advisories.html
]]> 5:44 vmware, updates, confluence, atlassian, geth, dos, cisco, nexus, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7646 SPF Survey for .CZ; OpenSSL Update; F5 BigIP Update; SideWalk Backdoor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SPF Survey for .CZ; OpenSSL Update; F5 BigIP Update; SideWalk Backdoor https://traffic.libsyn.com/securitypodcast/7646.mp3 https://isc.sans.edu/podcastdetail/7646 Thu, 26 Aug 2021 02:05:01 GMT https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/
OpenSSL Update
https://www.openssl.org/news/vulnerabilities.html
F5 Update
https://support.f5.com/csp/article/K50974556
https://support.f5.com/csp/article/K41351250
SideWalk Backdoor
https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/
]]> 5:44 sidewalk, backdoor, f5, big-ip, openssl, spf, cz, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7644 Searching for ENV; WhatsApp Malware; SteelSeries Keyboard Priv esc; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Searching for ENV; WhatsApp Malware; SteelSeries Keyboard Priv esc; https://traffic.libsyn.com/securitypodcast/7644.mp3 https://isc.sans.edu/podcastdetail/7644 Wed, 25 Aug 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/
Modified WhatsApp Spreading Malware
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
Privilege Escalation without Pluggin in Device
http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all
]]> 5:21 steelseries, keyboard, privilege escalation, twilio, whatsapp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7642 OOB SMS Phish; Razer Mouse Priv Esc; Realtek Vuln Exploited; Exposed MSFT PowerApps Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OOB SMS Phish; Razer Mouse Priv Esc; Realtek Vuln Exploited; Exposed MSFT PowerApps https://traffic.libsyn.com/securitypodcast/7642.mp3 https://isc.sans.edu/podcastdetail/7642 Tue, 24 Aug 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/
Elevate Priviledges with Razer Mouse
https://twitter.com/j0nh4t/status/1429049506021138437
Realtek Vulnerabilites Exploited
https://securingsam.com/realtek-vulnerabilities-weaponized/
Exposed Microsoft Power Apps
https://www.upguard.com/breaches/power-apps
]]> 5:41 microsoft power apps, power apps, razer, mouse, realtek, sms, oob, out of band, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7640 Waiting for C2; DOCX with EXE; Securing Cloud PCs; Cloud PC Security; Pegasus Scam Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Waiting for C2; DOCX with EXE; Securing Cloud PCs; Cloud PC Security; Pegasus Scam https://traffic.libsyn.com/securitypodcast/7640.mp3 https://isc.sans.edu/podcastdetail/7640 Mon, 23 Aug 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/
DOCX with Embdedded EXE
https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/
Securing Your Windows 365 Cloud PCs
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129
Pegasus Fraud Scam
https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html
Proper Audit Logging for Office 365
https://zolder.io/office-365-audit-logging/
]]> 5:10 zolder, office 365, pregasus, scam, windows 365, docx, c2, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7638 Lightning Strike; Cisco Won't fix EoL Router Bugs; Blackberry QNX bug; @sans_edu student @markmorow Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Lightning Strike; Cisco Won't fix EoL Router Bugs; Blackberry QNX bug; @sans_edu student @markmorow https://traffic.libsyn.com/securitypodcast/7638.mp3 https://isc.sans.edu/podcastdetail/7638 Fri, 20 Aug 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/
Cisco Small Business Router Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5
Blackberry QNX Products Vulnerability
https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory
https://www.sans.org/white-papers/40390/
]]> 15:17 sans.edu, blackberry, qnx, cisco, lightning, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7636 Moving Back to the Office; Adobe Updates; Tetris Spyware; HolesWarm Malware; Trickbot Tricks; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Moving Back to the Office; Adobe Updates; Tetris Spyware; HolesWarm Malware; Trickbot Tricks; https://traffic.libsyn.com/securitypodcast/7636.mp3 https://isc.sans.edu/podcastdetail/7636 Thu, 19 Aug 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/
Adobe Patches
https://helpx.adobe.com/security.html
Several Web Sites Infected with Chinese Spyware
https://imp0rtp3.wordpress.com/2021/08/12/tetris/
Trickbot Tricks Users with 1Password
https://www.ehackingnews.com/2021/08/trickbot-employs-bogus-1password.html

]]> 4:52 trickbot, 1password, adobe, patches, office, chinese, jsonp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7634 Laravel Bug Exploited; ThroughTek Kaley Vuln; Fortinet FortiWeb; Google Chrome Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Laravel Bug Exploited; ThroughTek Kaley Vuln; Fortinet FortiWeb; Google Chrome Update https://traffic.libsyn.com/securitypodcast/7634.mp3 https://isc.sans.edu/podcastdetail/7634 Wed, 18 Aug 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Laravel+v842+exploit+attempts+for+CVE20213129+debug+mode+Remote+code+execution/27758/
ThroughTek "Kaley" Protocol Vulnerability
https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html
Fortinet FortiWeb Vulnerability
https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/
]]> 6:14 fortinet, fortiweb, throughtek, kaley, video, laravel, ignition, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7632 Malware Bazaar Tricks; Realtek Vuln; STARTTLS; NodeJS DNS Flaw; Racoon Infostealer Self-Infection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Bazaar Tricks; Realtek Vuln; STARTTLS; NodeJS DNS Flaw; Racoon Infostealer Self-Infection https://traffic.libsyn.com/securitypodcast/7632.mp3 https://isc.sans.edu/podcastdetail/7632 Tue, 17 Aug 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Extra+Tip+For+Triage+Of+MALWARE+Bazaars+Daily+Malware+Batches/27754/
Realtek SDK Vulnerability
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/
https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
STARTTLS Vulnerabilities
https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak
Racoon Infostealer Self Infection
https://mobile.twitter.com/HRock/status/1427259563363950596
]]> 5:19 racoon, infosteeler, self infection, starttls, realtek, malware bazaar, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7630 Exchange E-Discovery Scans; Danabot Malspam; Weaponizing Middleboxes; COTS Encryption in Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exchange E-Discovery Scans; Danabot Malspam; Weaponizing Middleboxes; COTS Encryption in Ransomware https://traffic.libsyn.com/securitypodcast/7630.mp3 https://isc.sans.edu/podcastdetail/7630 Mon, 16 Aug 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/
Danabot Distributed Through Malspam
https://isc.sans.edu/forums/diary/Example+of+Danabot+distributed+through+malspam/27744/
Weaponizing Middleboxes
https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/
https://www.usenix.org/conference/usenixsecurity21/presentation/bock
Deep Blue Magic Ransomware
https://www.ehackingnews.com/2021/08/deepbluemagic-newly-discovered.html
]]> 5:49 exchange, e-discovery, danabot, malspam, middleboxes, deep blue magic, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7628 More Print Nightmare (and used in Ransomware Attacks); PolyNetwork Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Print Nightmare (and used in Ransomware Attacks); PolyNetwork Attacks https://traffic.libsyn.com/securitypodcast/7628.mp3 https://isc.sans.edu/podcastdetail/7628 Fri, 13 Aug 2021 02:00:02 GMT https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
Print Nightmare Abused by Ransomware Gangs
https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/
PolyNetwork Attack
https://www.theregister.com/2021/08/10/poly_networks_cryptocurrency_theft/
]]> 3:11 polynetwork, print nightmare, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7626 Encrypted ZIP to Cobalt Strike; MacOS AdLoad; 5G Issues; Cloud DNS; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Encrypted ZIP to Cobalt Strike; MacOS AdLoad; 5G Issues; Cloud DNS; https://traffic.libsyn.com/securitypodcast/7626.mp3 https://isc.sans.edu/podcastdetail/7626 Thu, 12 Aug 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/
New AdLoad Campaign Goes Undetected by XProtect
https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/
Android FlyTrap Malware Hitting Facebook Users
https://www.ehackingnews.com/2021/08/android-malware-flytrap-hacks-facebook.html
5G Shortcuts allow Evesdropping
https://www.wired.com/story/5g-network-stingray-surveillance-non-standalone/
Cloud DNS Service Weeknesses
https://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain
]]> 5:55 cloud dns, 5g, lte, stringray, android, flytrap, malware, facebook, adload, macos, ta551, bazarloader, cobalt strike, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7624 Microsoft Patches; Adobe Patches; cPanel Vulns; Firefox Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Adobe Patches; cPanel Vulns; Firefox Update https://traffic.libsyn.com/securitypodcast/7624.mp3 https://isc.sans.edu/podcastdetail/7624 Wed, 11 Aug 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/
Adobe Patches
https://helpx.adobe.com/security.html
cPanel/WHM Vulnerabilities
https://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-cpanel-whm/
Firefox Update Released
https://www.mozilla.org/en-US/firefox/91.0/releasenotes/
]]> 5:24 firefox, cpanel, adobe, microsoft, patches, xss, xee, csrf, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7622 Exchange ProxyShell; Synology and Router Attacks; Firefox Experiment; Messanging Bugs; HTTP2 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exchange ProxyShell; Synology and Router Attacks; Firefox Experiment; Messanging Bugs; HTTP2 https://traffic.libsyn.com/securitypodcast/7622.mp3 https://isc.sans.edu/podcastdetail/7622 Tue, 10 Aug 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/
Synology Warns of Brute Force Attacks
https://www.synology.com/en-global/company/news/article/BruteForce/Synology %20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet
Router Auth Bypass
https://threatpost.com/auth-bypass-bug-routers-exploited/168491/
Firefox Version 100 Experiment
https://bugzilla.mozilla.org/show_bug.cgi?id=1719070
Interaction Less Vulnerabilities in Messaging Apps
https://www.ehackingnews.com/2021/08/the-interaction-less-flaws-in-messaging.html
HTTP2 Vulnerabilities
https://portswigger.net/research/http2#conclusion
]]> 5:50 exchange, blackhat, router, synology, firefox, messaging apps, http2, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7620 Malicious Word Doc; Malware Bazaar Dailies; Go/Rust Octal IP Vuln; Master Faces; Pulse(In)Secure; Hadoop RCE Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious Word Doc; Malware Bazaar Dailies; Go/Rust Octal IP Vuln; Master Faces; Pulse(In)Secure; Hadoop RCE Exploited https://traffic.libsyn.com/securitypodcast/7620.mp3 https://isc.sans.edu/podcastdetail/7620 Mon, 09 Aug 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Malicious+Microsoft+Word+Remains+A+Key+Infection+Vector/27716/
Malware Bazaar Daily Download
https://isc.sans.edu/forums/diary/MALWARE+Bazaar+Download+daily+malware+batches/27728/
Go/Rust IP Address Validation Vulnerability
https://github.com/rust-lang/rust/pull/83652
Facial Recognition "Master Keys"
https://arxiv.org/pdf/2108.01077.pdf
Pulse Secure Patch Bypass
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858
Hadoop ResourceManager Vulnerability Exploited
https://blog.netlab.360.com/wei-xie-kuai-xun-teamtntxin-huo-dong-tong-guo-gan-ran-wang-ye-wen-jian-ti-gao-chuan-bo-neng-li/
]]> 5:23 hadoop, pulsesecure, facial recognition, go, rust, ip address, netmask, microsoft, word, malware, malwarebazaar, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7618 Cisco RV340/345; Telegram Self Destruct Bug; Bypassing MacOS TCC; Windows Hello Bypass Details; @sans_edu CSP Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cisco RV340/345; Telegram Self Destruct Bug; Bypassing MacOS TCC; Windows Hello Bypass Details; @sans_edu CSP Bypass https://traffic.libsyn.com/securitypodcast/7618.mp3 https://isc.sans.edu/podcastdetail/7618 Fri, 06 Aug 2021 02:05:02 GMT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy
Telegram Flawed Self Destruct in MacOS
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/telegram-self-destruct-not-always/
Significant Vulnerabilities in MacOS Privacy Protections
https://www.darkreading.com/application-security/researchers-find-significant-vulnerabilities-in-mac-os-privacy-protections
Windows Hello Bypass
https://threatpost.com/microsofts-patch-windows-hello-faulty/168392/
STI Student: James Casteel; Content Security Policy Bypass: Exploiting Misconfigurations https://www.sans.org/white-papers/40380
]]> 15:26 sans.edu, csp, james casteel, windows hello, mac os, privacy, tcc, telegram, cisco patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7616 Possible UN Peacekeeping Phish; NichStack Vulns; Cloud Security; LockBit Recruiting Insiders; Office 365 Phish Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Possible UN Peacekeeping Phish; NichStack Vulns; Cloud Security; LockBit Recruiting Insiders; Office 365 Phish https://traffic.libsyn.com/securitypodcast/7616.mp3 https://isc.sans.edu/podcastdetail/7616 Thu, 05 Aug 2021 08:42:34 GMT https://isc.sans.edu/forums/diary/Pivoting+and+Hunting+for+Shenanigans+from+a+Reported+Phishing+Domain/27710/
NichStack TCP/IP Vulnerabilities
https://jfrog.com/blog/infrahalt-14-new-security-vulnerabilities-found-in-nichestack/
Securing the Cloud
https://www.sans.org/newsletters/ouch/securely-using-the-cloud/
Lockbit Recruiting Insiders
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/
Sneaky Phishing Hittin Office 365 Users
https://www.ehackingnews.com/2021/08/microsoft-warns-office-365-users-of.html
]]> 5:53 un phish, nichstack, tcp/ip, cloud, ouch, lockbit, insider, office 365, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7614 2FA Issues; Crazy Smishing; Google Chrome and Android Patch; NSA Kubernetes Hardening Guides Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 2FA Issues; Crazy Smishing; Google Chrome and Android Patch; NSA Kubernetes Hardening Guides https://traffic.libsyn.com/securitypodcast/7614.mp3 https://isc.sans.edu/podcastdetail/7614 Tue, 03 Aug 2021 21:42:29 GMT https://isc.sans.edu/forums/diary/Three+Problems+with+Two+Factor+Authentication/27704/
Crazy Smishing
https://isc.sans.edu/forums/diary/Is+this+the+Weirdest+Phishing+SMishing+Attempt+Ever/27706/
Google Chrome Update
https://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html
https://www.bleepingcomputer.com/news/google/google-chrome-to-no-longer-show-secure-website-indicators/
Google Android Update
https://source.android.com/security/bulletin/2021-08-01?hl=en
DoD/NSA Publichses Kubernetes Hardening Guides
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
]]> 5:10 kubernetes, google, android, chrome, patches, phishing, smishing, 2fa, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7612 DNS Queries Noise; BAT mods on the fly; "-" npm; RPC Filters vs PetitPotam; Pneumatic Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS Queries Noise; BAT mods on the fly; "-" npm; RPC Filters vs PetitPotam; Pneumatic Vulnerabilities https://traffic.libsyn.com/securitypodcast/7612.mp3 https://isc.sans.edu/podcastdetail/7612 Tue, 03 Aug 2021 02:00:01 GMT https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/
Changing BAT Files on the Fly
https://isc.sans.edu/forums/diary/Changing+BAT+Files+On+The+Fly/27700/
Empty NPM Package has Over 700,000 Downloads
https://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/
Blocking PetitPotam with netsh RPC Filters
https://twitter.com/gentilkiwi/status/1421949715986403329
Pneumatic Tube Vulnerabilities
https://www.blackhat.com/us-21/briefings/schedule/index.html#a-hole-in-the-tube-uncovering-vulnerabilities-in-critical-infrastructure-of-healthcare-facilities-23546
]]> 6:12 petitpotam, tubes, pneumatic, rpc filters, netsh, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7610 .reg Malware; Excessive Exchange Permissions (patched); Node.js Patch; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. .reg Malware; Excessive Exchange Permissions (patched); Node.js Patch; https://traffic.libsyn.com/securitypodcast/7610.mp3 https://isc.sans.edu/podcastdetail/7610 Sun, 01 Aug 2021 18:39:40 GMT https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/
Excessive Exchange Permissions (Patched)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2186
Node.JS July 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/
Malicious PyPi Packages
https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/
REvil / Darkside May be Back as Blackmatter
https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/
]]> 5:26 revil, darkside, blackmatter, pypi, node.js, exchange, permissions, registry, .reg file, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7608 Archive.org Malware; PyPI Security Analysis; Malware via Template Injection; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Archive.org Malware; PyPI Security Analysis; Malware via Template Injection; https://traffic.libsyn.com/securitypodcast/7608.mp3 https://isc.sans.edu/podcastdetail/7608 Fri, 30 Jul 2021 01:09:26 GMT https://isc.sans.edu/forums/diary/Malicious+Content+Delivered+Through+archiveorg/27688/
A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI
https://arxiv.org/abs/2107.12699
Crimea "manifesto" deploys VBA Rat using double attack vectors
https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/
]]> 5:31 crimea, vba, rat, macro, template, pypi, archive.org, waybackmachine, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7606 IT Support Extortion; AV-Test Android; UBEL Android Malware; PunkSpider Reboot; AFRINIC IPv4 Heist Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IT Support Extortion; AV-Test Android; UBEL Android Malware; PunkSpider Reboot; AFRINIC IPv4 Heist https://traffic.libsyn.com/securitypodcast/7606.mp3 https://isc.sans.edu/podcastdetail/7606 Thu, 29 Jul 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/A+sextortion+email+fromIT+support/27682/
AV-Test Compares Android Anti-Virus Software
https://www.av-test.org/en/news/15-security-apps-for-android-in-an-endurance-test/
Oscorp evolves into UBEL: Advanced Android Malware
https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution
QOMPLX Reboots Punkspider
https://www.globenewswire.com/da/news-release/2021/07/20/2265860/0/en/QOMPLX-Reboots-Punkspider.html
AFRINIC IPv4 Address Heist
https://lists.afrinic.net/pipermail/community-discuss/2021-July/004122.html
]]> 8:32 afrinic, ipv4, qomplx, oscorp, ubel, av-test, google, android, sextortion, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7604 Details for CVE-2021-30807 (macOS/iOS); Zimbra XSS/SSRF; Ransomware via GPOs; Safe Links for MSFT Teams Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Details for CVE-2021-30807 (macOS/iOS); Zimbra XSS/SSRF; Ransomware via GPOs; Safe Links for MSFT Teams https://traffic.libsyn.com/securitypodcast/7604.mp3 https://isc.sans.edu/podcastdetail/7604 Wed, 28 Jul 2021 02:00:02 GMT https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/
Zimbra 8.8.15 XSS and SSRF Vulnerability
https://blog.sonarsource.com/zimbra-webmail-compromise-via-email
LockBit Ransomware Uses Group Policies
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-automates-windows-domain-encryption-via-group-policies/
Microsoft Extending SafeLinks to Teams
https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/microsoft-teams-gets-more-phishing-protection/ba-p/2585559
]]> 6:42 microsoft, safelinks, teams, lockbit, ransomware, printer, zimbra, xss, ssrf, ios, macos, cvs-2021-30807, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7602 Recovering Malspam Password; Apple Patches 0-day; Multi OS Malware; GitHub Love for Go Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Recovering Malspam Password; Apple Patches 0-day; Multi OS Malware; GitHub Love for Go https://traffic.libsyn.com/securitypodcast/7602.mp3 https://isc.sans.edu/podcastdetail/7602 Tue, 27 Jul 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Failed+Malspam+Recovering+The+Password/27674/
Apple Patches 0-Day
https://support.apple.com/en-us/HT201222
Attackers Adopt Exotic Programming Languages
https://blogs.blackberry.com/en/2021/07/old-dogs-new-tricks-attackers-adopt-exotic-programming-languages
LemonDuck/LemonCat Coinminers Going Multi-OS
https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/
GitHub Expending Supply Chain Security Support to Go
https://github.blog/2021-07-22-github-supply-chain-security-features-go-community/
]]> 6:07 apple, encryption, zip, john the ripper, lemonduck, lemoncat, github, go, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7600 PetitPotam ADCS Domain Admin Vulnerability; Mac Malware; VidMe Domain Owner Change Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PetitPotam ADCS Domain Admin Vulnerability; Mac Malware; VidMe Domain Owner Change https://traffic.libsyn.com/securitypodcast/7600.mp3 https://isc.sans.edu/podcastdetail/7600 Mon, 26 Jul 2021 02:10:03 GMT https://isc.sans.edu/forums/diary/Active+Directory+Certificate+Services+ADCS+PKI+domain+admin+vulnerability/27668/
XCSSET Mac Malware Target Google Chrome / Telegram
https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html
Defunct Video Hosting Site Flooding Normal Websites With Porn
https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn
]]> 6:26 petitpotam, adcs, domain, certificate, ntlm, ntlm relay, xccset, xcode, vidme, adult, porn, video, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7598 Akamai Outage; "Summer of SAM" Continues; Oracle CPU; Jira Vulnerability; Kaminsky DNS Flaw Still a Problem Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Akamai Outage; "Summer of SAM" Continues; Oracle CPU; Jira Vulnerability; Kaminsky DNS Flaw Still a Problem https://traffic.libsyn.com/securitypodcast/7598.mp3 https://isc.sans.edu/podcastdetail/7598 Fri, 23 Jul 2021 02:10:02 GMT https://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/
"Summer of SAM" Continues
https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2021.html
Kaseya Decryptor Available
https://www.kaseya.com/potential-attack-on-kaseya-vsa/
Jira Data Center and Jira Service Management Data Center Security Advisory
https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html
Forgot password? Taking over user accounts Kaminsky style
https://sec-consult.com/blog/detail/forgot-password-taking-over-user-accounts-kaminsky-style/
]]> 6:28 jira, kaseya, oracle, summer of sam, microsoft, windows, akamai, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7596 Summer of Sam Update; Apple Patches; XLoader for Mac; Pulse Secure Backdoors Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Summer of Sam Update; Apple Patches; XLoader for Mac; Pulse Secure Backdoors https://traffic.libsyn.com/securitypodcast/7596.mp3 https://isc.sans.edu/podcastdetail/7596 Thu, 22 Jul 2021 02:10:02 GMT https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/
Apple Patches Everything
https://support.apple.com/en-us/HT201222
Formbook/XLoader Malware Ported to Mac
https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/
Pulse Secure Backdoors
https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices
]]> 6:34 pulse secure, formbook, xloader, apple, microsoft, summer of sam, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7594 Windows #summerofsam Vuln; HP Driver Vuln; Linux Priv Escalation; Fortinet Vulns Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows #summerofsam Vuln; HP Driver Vuln; Linux Priv Escalation; Fortinet Vulns https://traffic.libsyn.com/securitypodcast/7594.mp3 https://isc.sans.edu/podcastdetail/7594 Wed, 21 Jul 2021 02:05:03 GMT https://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/
HP Printer Drivers Allows Privilege Escalation
https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/
Linux Local Privilege Escalation in Filesystem Layer
https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
FortiManager and FortiAnalyzer Vulnerability
https://www.fortiguard.com/psirt/FG-IR-21-067
]]> 7:00 fortimanager, fortianalyzer, linux, privilege escalation, filesystem, hp, printer, drivers, sam, summerofsam, registry, hives, permissions, windows, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7592 Print Nightmare Cont.; Apple Updates; iOS Format String RCE; Surfside Condo Scams Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Print Nightmare Cont.; Apple Updates; iOS Format String RCE; Surfside Condo Scams https://traffic.libsyn.com/securitypodcast/7592.mp3 https://isc.sans.edu/podcastdetail/7592 Tue, 20 Jul 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/
iOS/WatchOS/tvOS/Safari Updates
https://support.apple.com/en-us/HT201222
iOS Format String Vulnerability Exploitable as RCE
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
Surfside Condo Collapse Scams
https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/
]]> 5:44 surfside, condo, collapse, scams, identity theft, ios, RCE, format string, apple, updates, windows, print spooler, print nightmare, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7590 BaseXX Obfuscation; Juniper Radius Issue; NSO Group Leak; Password Autofill Dangers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BaseXX Obfuscation; Juniper Radius Issue; NSO Group Leak; Password Autofill Dangers https://traffic.libsyn.com/securitypodcast/7590.mp3 https://isc.sans.edu/podcastdetail/7590 Mon, 19 Jul 2021 02:10:02 GMT https://isc.sans.edu/forums/diary/Multiple+BaseXX+Obfuscations/27640/
Juniper Patches: Radius Vulnerability
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11180&cat=SIRT_1&actp=LIST
fail2ban vulnerability
https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
NSO Group Victims Leaked
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
Dangers of Autofilling Passwords
https://marektoth.com/blog/password-managers-autofill/#analysis
]]> 6:11 autofilling, passwords, nso, nso group, pegasus, fail2ban, whois, juniper, basexx, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7588 USPS Phish; Sonicwall Ransomware; WooCommerce SQL Injection; KiwiSDR Backdoor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. USPS Phish; Sonicwall Ransomware; WooCommerce SQL Injection; KiwiSDR Backdoor https://traffic.libsyn.com/securitypodcast/7588.mp3 https://isc.sans.edu/podcastdetail/7588 Fri, 16 Jul 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/
Sonicwall Warns of Ransomware
https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/
WooCommerce Flaw Exploited
https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/
KiwiSDR Backdoor
https://www.bleepingcomputer.com/news/security/software-maker-removes-backdoor-giving-root-access-to-radio-devices/
]]> 5:58 kiwisdr, backdoor, woocommercer, wordpress, sonicwall, usps, phishing, telegram, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7586 Malspam Fail; Firefox and SAP updates; Joker Android Malware; less.js vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malspam Fail; Firefox and SAP updates; Joker Android Malware; less.js vulnerabilities https://traffic.libsyn.com/securitypodcast/7586.mp3 https://isc.sans.edu/podcastdetail/7586 Thu, 15 Jul 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/One+way+to+fail+at+malspam+give+recipients+the+wrong+password+for+an+encrypted+attachment/27634/
Firefox Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/
SAP Netweaver Vulnerabilities
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
Joker Android Fleezware
https://blog.zimperium.com/joker-is-still-no-laughing-matter/
less.js RCE
https://www.softwaresecured.com/exploiting-less-js
]]> 5:38 rce, less.js, joker, android, sap, netweaver, firefox, malspam, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7584 Microsoft Patch Tuesday; Adobe Patches; ForgeRock OpenAM Exploited; GMAIL adds BIMI Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Patches; ForgeRock OpenAM Exploited; GMAIL adds BIMI https://traffic.libsyn.com/securitypodcast/7584.mp3 https://isc.sans.edu/podcastdetail/7584 Wed, 14 Jul 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Microsoft+July+2021+Patch+Tuesday/27628/
Adobe Patch Tuesday
https://helpx.adobe.com/security/products/acrobat/apsb21-51.html
ForgeRock OpenAM Vulnerability
https://backstage.forgerock.com/knowledge/kb/article/a47894244
GMail Supporting BIMI
https://cloud.google.com/blog/products/identity-security/bringing-bimi-to-gmail-in-google-workspace
]]> 6:32 bimi, gmail, forgerock, openam, adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7582 Kaseya Patch; Solarwinds Advisory; Mint Mobile Breach; Twitter Verified Account Mistake Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Kaseya Patch; Solarwinds Advisory; Mint Mobile Breach; Twitter Verified Account Mistake https://traffic.libsyn.com/securitypodcast/7582.mp3 https://isc.sans.edu/podcastdetail/7582 Tue, 13 Jul 2021 02:00:02 GMT https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417
Solarwinds Advisory CVE-2021-35211
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
Mint Mobile Breach and Porting
https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/
Twitter Verified Account Mistake
https://twitter.com/conspirator0/status/1414475519609999366
]]> 6:04 kaseya, solarwindws, mint mobile, serv-u, twitter, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7580 SSTP Scans; Hancitor XLL Files; Android Updates; Cisco Updates; Job Seekers Targeted Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SSTP Scans; Hancitor XLL Files; Android Updates; Cisco Updates; Job Seekers Targeted https://traffic.libsyn.com/securitypodcast/7580.mp3 https://isc.sans.edu/podcastdetail/7580 Mon, 12 Jul 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Secure+Socket+Tunneling+Protocol/27622/
Hancitor tries XLL as Initial Malware File
https://isc.sans.edu/forums/diary/Hancitor+tries+XLL+as+initial+malware+file/27618/
Android Updates
https://source.android.com/security/bulletin/2021-07-01
Cisco Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4
Job Seekers Attacked with Malicious Documents
https://www.ehackingnews.com/2021/07/job-seeking-engineers-have-become.html
]]> 5:36 microsoft, sstp, vpn, nacitor, xll, android, cisco, job seekers, lazarus, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7578 sudo and Python; Fake Kaseya Patches; Sonicwall Exploit; WildPressure MacOS Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. sudo and Python; Fake Kaseya Patches; Sonicwall Exploit; WildPressure MacOS Malware https://traffic.libsyn.com/securitypodcast/7578.mp3 https://isc.sans.edu/podcastdetail/7578 Fri, 09 Jul 2021 02:10:02 GMT https://isc.sans.edu/forums/diary/Using+Sudo+with+Python+For+More+Security+Controls/27614/
Fake Kaseya Updates Include CobaltStrike Payload
https://www.theregister.com/2021/07/07/kaseya_malware_patches_/
WildPressure macOS Trojan
https://www.kaspersky.com/about/press-releases/2021_wildpressures-multi-platform-malware-hits-macos-in-the-middle-east
https://www.patreon.com/posts/53462690
iCloud Password Reset Weaknesss
https://thezerohack.com/apple-vulnerability-bug-bounty

]]> 5:33 icloud, password reset, wildpressure, macos, trojan, kaseya, fake, update, sudo, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7576 Printnightmare Update Update; GitLab Update; Vuln Nuget Packages Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Printnightmare Update Update; GitLab Update; Vuln Nuget Packages https://traffic.libsyn.com/securitypodcast/7576.mp3 https://isc.sans.edu/podcastdetail/7576 Thu, 08 Jul 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Microsoft+Releases+Patches+for+CVE202134527/27610/
GitLab Update
https://www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html
Vulnerable NuGet Packages
https://blog.secure.software/third-party-code-comes-with-some-baggage
]]> 5:55 nuget, gitlab, microsoft, printnightmare, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7574 Printnightmare Patch; Kaseya; Kaspersky Password Manager; Amazon Echo Dot Forensics Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Printnightmare Patch; Kaseya; Kaspersky Password Manager; Amazon Echo Dot Forensics https://traffic.libsyn.com/securitypodcast/7574.mp3 https://isc.sans.edu/podcastdetail/7574 Wed, 07 Jul 2021 02:05:02 GMT https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Kaseya Update
https://www.kaseya.com/potential-attack-on-kaseya-vsa/
Kaspersky Password Manager
https://donjon.ledger.com/kaspersky-password-manager/
Amazon Echo Dot After Reset Artifacts
https://dl.acm.org/doi/pdf/10.1145/3448300.3467820
]]> 8:34 kaspesky, password, manager, random numbers, amazone, echo, dot, forensics, microsoft, printnightmare, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7572 Kaseya REvil Update; Printnightmare Update; RPM Key Issues; Node.JS Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Kaseya REvil Update; Printnightmare Update; RPM Key Issues; Node.JS Patches https://traffic.libsyn.com/securitypodcast/7572.mp3 https://isc.sans.edu/podcastdetail/7572 Tue, 06 Jul 2021 02:10:03 GMT https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident
https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b
https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/
Printnightmare Update
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c
https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/
https://github.com/LaresLLC/CVE-2021-1675
Expired RPM Key Problem
https://github.com/rpm-software-management/rpm/issues/1598
Node.JS Update
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
]]> 6:39 node.js, revil, rpm, pgp, keys, printnightmare, kasey, ransomware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7570 Special Podcast: Kaseya VSA REvil Ransomware Incident Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Special Podcast: Kaseya VSA REvil Ransomware Incident https://traffic.libsyn.com/securitypodcast/7570.mp3 https://isc.sans.edu/podcastdetail/7570 Sun, 04 Jul 2021 21:32:14 GMT https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident
https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b
https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/

]]> 5:14 Kaseya, REVIL, Ransomware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7568 Special Podcast: Print Spooler Vulnerability (CVE-2021-34527, CVE-2021-1675) Update/Summary #printnightmare Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Special Podcast: Print Spooler Vulnerability (CVE-2021-34527, CVE-2021-1675) Update/Summary #printnightmare https://traffic.libsyn.com/securitypodcast/7568.mp3 https://isc.sans.edu/podcastdetail/7568 Fri, 02 Jul 2021 14:10:55 GMT https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c
https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/
https://github.com/LaresLLC/CVE-2021-1675
]]> 7:42 cve-2021-34527, CVE-2021-1675, print spooler, printnightmare, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7566 CVE-2021-1675 Printnightmare; IE11 PDF Patch; Netgear Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CVE-2021-1675 Printnightmare; IE11 PDF Patch; Netgear Vuln; https://traffic.libsyn.com/securitypodcast/7566.mp3 https://isc.sans.edu/podcastdetail/7566 Thu, 01 Jul 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/CVE20211675+Incomplete+Patch+and+Leaked+RCE+Exploit/27588/
Internet Explorer PDF Update
https://support.microsoft.com/en-us/topic/june-29-2021-kb5004760-os-builds-19041-1082-19042-1082-and-19043-1082-out-of-band-9508f7a2-0713-432f-b06c-1ae6d802a2f7
NETGEAR Router Vulnerabilities (DGN-2200v1)
https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
]]> 6:57 printnightmare, print spooler, windows, cve-2021-1675, internet explorer, pdf, netgear, router, dgb-2200v1, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7564 Phish Without Link; June Contest Solution; WD MyBook Details; Adobe Experience Manager PoC; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phish Without Link; June Contest Solution; WD MyBook Details; Adobe Experience Manager PoC; https://traffic.libsyn.com/securitypodcast/7564.mp3 https://isc.sans.edu/podcastdetail/7564 Wed, 30 Jun 2021 02:05:03 GMT https://isc.sans.edu/forums/diary/Diving+into+a+Google+Sweepstakes+Phishing+Email/27578/
Forensics Contest Solution / Winner
https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/
WD MyBook Details
https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/
Adobe Experience Manager PoC
https://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-aem-crx-package-manager/
]]> 5:53 phishing, google, sweepstakes, forensics, wd mybook, western digital, adobe, experience manager, poc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7560 LDAP Scans; CD/DVD Destruction; Zyxel Exploits; Cisco Vuln; Microsoft Signed Rootkit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LDAP Scans; CD/DVD Destruction; Zyxel Exploits; Cisco Vuln; Microsoft Signed Rootkit https://traffic.libsyn.com/securitypodcast/7560.mp3 https://isc.sans.edu/podcastdetail/7560 Mon, 28 Jun 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/
CD/DVD Destruction
https://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/
Zyxel Exploits
https://twitter.com/JAMESWT_MHT/status/1407987022170578946
https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018137&lang=EN
Cisco Vulnerability Exploited
https://threatpost.com/cisco-asa-bug-exploited-poc/167274/
Microsoft Signs Netfilter Rootkit
https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
]]> 6:13 cisco, microsoft, netfilter, rootkit, signature, zyxel, cd, dvd, destruction, drill, ldap, ad, scans, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7558 Cookie Trading; Atlassian Vulnerabilities; Dell BIOS Connect; ATM NFC Jackpotting Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cookie Trading; Atlassian Vulnerabilities; Dell BIOS Connect; ATM NFC Jackpotting https://traffic.libsyn.com/securitypodcast/7558.mp3 https://isc.sans.edu/podcastdetail/7558 Fri, 25 Jun 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/
A supply-chain breach: Taking over an Atlassian account
https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf
Dell Bios Connect Vulnerability
https://eclypsium.com/2021/06/24/biosdisconnect/
ATM Jackpotting via NFC
https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/
]]> 6:20 atm, jackpotting, nfc, dell, bios, bios connect, atlassian, jira, cookies, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7556 DNS SaaS Vulnerabilities; Cortex XSOAR Vuln; Carbon Black Patch; EFF DMCA Statement Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS SaaS Vulnerabilities; Cortex XSOAR Vuln; Carbon Black Patch; EFF DMCA Statement https://traffic.libsyn.com/securitypodcast/7556.mp3 https://isc.sans.edu/podcastdetail/7556 Thu, 24 Jun 2021 02:00:02 GMT https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377
Paloalto Cortex XSOAR Vulnerablity
https://security.paloaltonetworks.com/CVE-2021-3044
VMWare Carbon Black App Control Authentication Bypass
https://www.vmware.com/security/advisories/VMSA-2021-0012.html?
Standing With Security Researchers Against Misuse of the DMCA
https://www.eff.org/deeplinks/2021/06/dmca-security-researcher-statement
]]> 6:28 dmca, eff, vmware, carbon black, paloalto, cortex, xsoar, dns, aws, route 53, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7554 Phishing Avoiding Reports; PyPi Cryptominer; dovecot TLS Fix; Incomplete Sonicwall Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phishing Avoiding Reports; PyPi Cryptominer; dovecot TLS Fix; Incomplete Sonicwall Patch https://traffic.libsyn.com/securitypodcast/7554.mp3 https://isc.sans.edu/podcastdetail/7554 Wed, 23 Jun 2021 02:10:03 GMT https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/
PyPi Cryptomining Malware
https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection
Dovecot TLS Implementation Vulnerability
https://hackerone.com/reports/1204962
(see the link to the PDF for more details)
Sonicwall Patch Incomplete
https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/
]]> 6:10 sonicwall, dovecot, tls, starttls, pypi, phishing, abuse, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7552 Darkside Imposture; Tesla RAT Update; Tpr Browser Update; Schneider PowerLogic; AutoCAD Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Darkside Imposture; Tesla RAT Update; Tpr Browser Update; Schneider PowerLogic; AutoCAD https://traffic.libsyn.com/securitypodcast/7552.mp3 https://isc.sans.edu/podcastdetail/7552 Tue, 22 Jun 2021 02:00:03 GMT https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610
Darkside Impersonators
https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/
Tesla RAT COVID-19 Vaccination Phish
https://threatpost.com/agent-tesla-covid-vax-phish/167082/
Tor Browser Update
https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/
Schneider PowerLogic Vulnerabilities
https://www.ehackingnews.com/2021/06/six-major-flaws-identified-in-schneider.html
AutoCAD Update
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004
]]> 5:28 autocad, schneider, powerlogic, tor, browser, darkside, tesla, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7550 Azure Network Monitoring #2; Google Open Redirects; NIST RDS Hahes; iOS Wifi Bug; NSA VoIP Security Guide Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Azure Network Monitoring #2; Google Open Redirects; NIST RDS Hahes; iOS Wifi Bug; NSA VoIP Security Guide https://traffic.libsyn.com/securitypodcast/7550.mp3 https://isc.sans.edu/podcastdetail/7550 Mon, 21 Jun 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/
Google Open Redirect Being Abused
https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/
Easy Access to the NIST RDS Database
https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/
iOS Wifi Bug
https://blog.chichou.me/2021/06/20/quick-analysis-wifid/
NSA VoIP Security Guide
https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF
]]> 5:40 nsa, voip, ios, wifi, ssid, format string, nist, rds, dns, google, redirects, azure, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7548 Azure Network Monitoring; Fake Ledger; Vulnerable Defibrilators; Prolexic Outage Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Azure Network Monitoring; Fake Ledger; Vulnerable Defibrilators; Prolexic Outage https://traffic.libsyn.com/securitypodcast/7548.mp3 https://isc.sans.edu/podcastdetail/7548 Fri, 18 Jun 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/
Fake Ledger Hardware Wallets
https://www.ledger.com/phishing-campaigns-status#phishing-campaigns
https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/
Zoll Defibrilator Dashboard Vulnerability
https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01
Akamai Prolexic Outage
https://threatpost.com/hiccup-akamais-ddos-outages/167004/
]]> 5:48 akamai, prolexic, zoll, defibrilator, ledger, cryptocoin, azure, network forensics, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7546 June Forensic Quiz; ThroughTek IP Camera Vuln; Peleton Vuln; MSFT Defender Detecting Jailbreak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. June Forensic Quiz; ThroughTek IP Camera Vuln; Peleton Vuln; MSFT Defender Detecting Jailbreak https://traffic.libsyn.com/securitypodcast/7546.mp3 https://isc.sans.edu/podcastdetail/7546 Thu, 17 Jun 2021 02:10:03 GMT https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/
ThroughTek IP Camera SDK Vulnerability
https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/
Peleoton Insecure Boot Vulnerability
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/
Microsoft Defender for Endpoint Detecting Jailbroken Devices
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730
]]> 5:26 microsoft, defender, endpoint, ios, jailbreak, android, peleton, boot, forensic, quiz, throughtek, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7544 Newish Mirai going after Sonicall/DLink/Cisco; MSFT Teams Bug; Google Open Sources Homomorphic Encryption Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Newish Mirai going after Sonicall/DLink/Cisco; MSFT Teams Bug; Google Open Sources Homomorphic Encryption https://traffic.libsyn.com/securitypodcast/7544.mp3 https://isc.sans.edu/podcastdetail/7544 Wed, 16 Jun 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLink+Cisco+and+more/27528/
Google Open Sourcing Homomorphic Encrypion Libraries
https://developers.googleblog.com/2021/06/our-latest-updates-on-fully-homomorphic-encryption.html
Stealing Tokens, emails, files and more in Microsoft Teams
https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138
]]> 6:06 tokens, emails, files, teams, google, homomorphic encryption, mirai, sonicwall, dlink, cisco, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7542 Apple iOS 12.5.4; NIST.gov DNS issues; Akkadian Bugs; Exchange Online MFA Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple iOS 12.5.4; NIST.gov DNS issues; Akkadian Bugs; Exchange Online MFA Bypass https://traffic.libsyn.com/securitypodcast/7542.mp3 https://isc.sans.edu/podcastdetail/7542 Tue, 15 Jun 2021 02:00:03 GMT https://support.apple.com/en-us/HT212548
NIST.gov DNS Issues
https://puck.nether.net/pipermail/outages/2021-June/013670.html
Akkadian Provisioning Manager Multiple Vulnerabilities
https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/
Bypassing MFA in Exchange Online
https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/
]]> 5:38 nist, ntp, nist.gov, apple ios, mfa, exchange online, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7540 EoL SonicWall Exploited; Fortinet Still Targeted; PrivacyMic; Linux polkit Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. EoL SonicWall Exploited; Fortinet Still Targeted; PrivacyMic; Linux polkit Vuln https://traffic.libsyn.com/securitypodcast/7540.mp3 https://isc.sans.edu/podcastdetail/7540 Mon, 14 Jun 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Sonicwall+SRA+4600+Targeted+By+an+Old+Vulnerability/27518/
Older Fortinet Vulnerability Still Exploited
https://isc.sans.edu/forums/diary/Fortinet+Targeted+for+Unpatched+SSL+VPN+Discovery+Activity/27520/
PrivacyMic: Utlizing Inaudible Frequencies for Privacy Preserving Daily Activity Recognition
http://alansonsample.com/publications/docs/2021%20-%20CHI%20-%20PrivacyMic-%20Utilizing%20Inaudible%20Frequencies%20for%20Privacy%20Preserving%20Daily%20Activity%20Recognition.pdf
Linux Vulnerability in polkit
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
]]> 6:31 linux, polkit, privacymic, fortinet, sonicwall, sra 4600, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7538 Cookie Banners Don't Work; Citrix Patch; XSS via VoIP; Message Broker DoS Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cookie Banners Don't Work; Citrix Patch; XSS via VoIP; Message Broker DoS Vuln; https://traffic.libsyn.com/securitypodcast/7538.mp3 https://isc.sans.edu/podcastdetail/7538 Fri, 11 Jun 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Are+Cookie+Banners+a+Waste+of+Time+or+a+Complete+Waste+of+Time/27436/
Citrix Application Delivery Controller Vulnerability
https://support.citrix.com/article/CTX297155
VoIP Monitor GUI XSS
https://www.rtcsec.com/post/2021/06/abusing-sip-for-cross-site-scripting-most-definitely/
Denial of Service Vulnerabilitiesin RabbitMQ, EMQ X,and VeneMQ
https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq/
]]> 6:39 mq, mqtt, doc, rabbitmq, emq x, venemq, voip, xss, citrix, cookies, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7536 AV vs. Compilers; TLS App Layer Attack; Google Chrome Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AV vs. Compilers; TLS App Layer Attack; Google Chrome Update https://traffic.libsyn.com/securitypodcast/7536.mp3 https://isc.sans.edu/podcastdetail/7536 Thu, 10 Jun 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Architecture+compilers+and+black+magic+or+what+else+affects+the+ability+of+AVs+to+detect+malicious+files/27510/
ALPACA TLS Attack
https://alpaca-attack.com/ALPACA.pdf
Google Chrome Update
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
]]> 5:45 google chorme, alpaca, anti virus, compilers, tls, application layer, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7534 Microsoft Patch Tuesday; PuzzleMaker Chrome Exploit; Intel Patches; Adobe Updates; CentOS 7 and Letsencrypt Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; PuzzleMaker Chrome Exploit; Intel Patches; Adobe Updates; CentOS 7 and Letsencrypt https://traffic.libsyn.com/securitypodcast/7534.mp3 https://isc.sans.edu/podcastdetail/7534 Wed, 09 Jun 2021 02:10:02 GMT https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/
PuzzleMaker Attacks With Chrome Zero-Day Exploit Chain
https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
Intel Patches
https://www.intel.com/content/www/us/en/security-center/default.html
Adobe Updates
https://helpx.adobe.com/security.html
Let's Encrypt and CentOS 7
https://blog.devgenius.io/lets-encrypt-change-affects-openssl-1-0-x-and-centos-7-49bd66016af3
]]> 6:42 lets encrypt, centos 7, adobe, intel, patches, puzlemaker, microsoft, patch tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7532 Amazon Sidewalk Going Live; Windows Container Malware; Colonial Pipeline Ransom Recovered Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Amazon Sidewalk Going Live; Windows Container Malware; Colonial Pipeline Ransom Recovered https://traffic.libsyn.com/securitypodcast/7532.mp3 https://isc.sans.edu/podcastdetail/7532 Tue, 08 Jun 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Amazon+Sidewalk+Cutting+Through+the+Hype/27502/
Windows Container Malware
https://unit42.paloaltonetworks.com/siloscape/
Darkside Ransom Confiscated
https://www.documentcloud.org/documents/20799023-affidavit-1-in-application-by-the-united-states-for-a-seizure-warrant-for-one-account-for-investigation-of-18-usc-ss-981a1a-and-other-offenses-nd-cal-321-mj-70945
]]> 5:56 darkside, windows, containers, malware, escape, amazon, sidewalk, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7530 Port 37; QNAP Patch; GitHub Patches Policy; WebEx Patch; VMWare Exploit Active Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Port 37; QNAP Patch; GitHub Patches Policy; WebEx Patch; VMWare Exploit Active https://traffic.libsyn.com/securitypodcast/7530.mp3 https://isc.sans.edu/podcastdetail/7530 Mon, 07 Jun 2021 02:05:03 GMT https://isc.sans.edu/forums/diary/Strange+goings+on+with+port+37/27496/
QNAP Video Station RCE Vulnerability
https://www.qnap.com/de-de/security-advisory/qsa-21-21
Updated GitHub Policy
https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/
Cisco WebEx Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT
VMWare vCenter Server Vulnerability Actively Exploited
https://thehackernews.com/2021/06/alert-critical-rce-bug-in-vmware.html
]]> 4:57 vmware, vcenter, exploit, cisco, webex, github, qnap, rce, video station, port 37, ethereum, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7528 Zoom CIS Benchmark @boeke; BIG-IP Vuln; WE.LOCK Vuln; 2xWordpress Plugin Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Zoom CIS Benchmark @boeke; BIG-IP Vuln; WE.LOCK Vuln; 2xWordpress Plugin Vuln; https://traffic.libsyn.com/securitypodcast/7528.mp3 https://isc.sans.edu/podcastdetail/7528 Fri, 04 Jun 2021 02:00:03 GMT https://github.com/turbot/steampipe-mod-zoom-compliance
F5 BIG-IP Edge Client for Windows Vulnerability
https://support.f5.com/csp/article/K20346072
Fancy Product Designer Wordpress Plugin Vulnerability
https://www.welivesecurity.com/2021/06/03/zero-day-popular-wordpress-plugin-exploited-take-over-websites/
WordPress Pushes Jetpack Plugin Patch
https://www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/
We.Lock Vulnerability
https://github.com/CriticalSecurity/welock]]> 6:01 wordpress, jetpack, fancy product designer, plugin, f5, big-ip, edge client, cis, zoom, benchmark, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7526 Realtek WPA2 Vuln; Huawei LTE Vuln; NortonLifeLock Crypto; OpenPGP RNP Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Realtek WPA2 Vuln; Huawei LTE Vuln; NortonLifeLock Crypto; OpenPGP RNP Patch https://traffic.libsyn.com/securitypodcast/7526.mp3 https://isc.sans.edu/podcastdetail/7526 Thu, 03 Jun 2021 02:10:02 GMT https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day
Huawei LTE USB Stick E3372 Vulnerablity
https://www.theregister.com/2021/06/02/huawei_lte_usb_stick_vulnerability/
NortonLifeLock Crypto
https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx
OpenPGP RNP Patch
https://www.rnpgp.org/advisories/ri-2021-001/
]]> 5:28 openpgp, nortonlifelock, crypt miner, norton, symantec, huawei, realtek, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7524 LOLBAS with finger.exe; Bypassing Ransomware Protections; Firefox Patches; Edge https by default coming Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LOLBAS with finger.exe; Bypassing Ransomware Protections; Firefox Patches; Edge https by default coming https://traffic.libsyn.com/securitypodcast/7524.mp3 https://isc.sans.edu/podcastdetail/7524 Wed, 02 Jun 2021 02:10:02 GMT https://isc.sans.edu/forums/diary/Guildma+is+now+using+Finger+and+Signed+Binary+Proxy+Execution+to+evade+defenses/27482/
Bypassing Protected Folders Protections
https://dl.acm.org/doi/10.1145/3431286
Firefox 89 Released
https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/
Microsoft Edge Will make https default
https://blogs.windows.com/msedgedev/2021/06/01/available-for-preview-automatic-https-helps-keep-your-browsing-more-secure/
]]> 6:12 microsoft edge, firefox, edge, protected folders, ransomware, guildma, finger, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7522 Malicious PS Hosted by Google; SonicWall Advisory; HPE Advisory; Siemens PLC memory protection bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious PS Hosted by Google; SonicWall Advisory; HPE Advisory; Siemens PLC memory protection bypass https://traffic.libsyn.com/securitypodcast/7522.mp3 https://isc.sans.edu/podcastdetail/7522 Tue, 01 Jun 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Malicious+PowerShell+Hosted+on+scriptgooglecom/27468/
Sonicwall Advisory
https://www.sonicwall.com/support/product-notification/security-advisory-on-prem-sonicwall-network-security-manager-nsm-command-injection-vulnerability/210525121534120/
Hewlett Packard Enterprise Systems Insight Manger (SIM) Advisory
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us
Memory Protection Bypass in Siemens PLCs
https://claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
]]> 4:59 plc, siemens, hp, advisory, vulenrability, sonicwall, powershell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7520 64 Bit AV Evasion; Unpatched MacOS/iOS Vuln; VSCode Extension Vuln; M1RACLES Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 64 Bit AV Evasion; Unpatched MacOS/iOS Vuln; VSCode Extension Vuln; M1RACLES https://traffic.libsyn.com/securitypodcast/7520.mp3 https://isc.sans.edu/podcastdetail/7520 Fri, 28 May 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/All+your+Base+arenearly+equal+when+it+comes+to+AV+evasion+but+64bit+executables+are+not/27466/
Unpatches WebKit Vulnerablity in iOS/macOS
https://blog.theori.io/research/webkit-type-confusion/
VSCode Extension Vulnerabilities
https://snyk.io/blog/visual-studio-code-extension-security-vulnerabilities-deep-dive/
M1RACLES
https://m1racles.com
]]> 6:58 m1, m1racles, miracles, vscode, extensions, webkit, ios, macos, evasion, 64-bit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7518 Bluetooth Vulnerabilities Trends; Google Chrom Update; PDF Certification Attacks; nginx Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Bluetooth Vulnerabilities Trends; Google Chrom Update; PDF Certification Attacks; nginx Vulnerability https://traffic.libsyn.com/securitypodcast/7518.mp3 https://isc.sans.edu/podcastdetail/7518 Thu, 27 May 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/A+Survey+of+Bluetooth+Vulnerabilities+Trends/27460/
Google Chrome Update
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html

Attacks on PDF Certification
https://www.pdf-insecurity.org
nginx vulnerability
https://x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/
]]> 5:57 nginx, pdf, google chrome, vulnerabilities, updates, bluetooth, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7516 Finding Phishing; VMware Advisory; Trend Micro Bugs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Finding Phishing; VMware Advisory; Trend Micro Bugs https://traffic.libsyn.com/securitypodcast/7516.mp3 https://isc.sans.edu/podcastdetail/7516 Wed, 26 May 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolkit/27456/
VMware Advisory
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
Trend Micro Bugs
https://blog.talosintelligence.com/2021/05/vuln-spotlight-trend-i.html
]]> 4:59 trend micro, bugs, vmware, advisory, hurricane electric, phishing, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7514 Apple Patches 0-Days; Bluetooth Vulnerabilities; NAGIOS Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Patches 0-Days; Bluetooth Vulnerabilities; NAGIOS Patches https://traffic.libsyn.com/securitypodcast/7514.mp3 https://isc.sans.edu/podcastdetail/7514 Tue, 25 May 2021 02:05:02 GMT https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/
https://support.apple.com/en-us/HT201222
Bluetooth Vulnerabilities
https://kb.cert.org/vuls/id/799380
https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf
NAGIOS Vulnerabilities
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
]]> 4:56 nagios, bluetooth, ios, macos, apple, 0-day, bigsur, catalina, mojave, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7512 Phishing without Server; Anti-Debugging; WinRM exposes http.sys; Firefox Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phishing without Server; Anti-Debugging; WinRM exposes http.sys; Firefox Exploit https://traffic.libsyn.com/securitypodcast/7512.mp3 https://isc.sans.edu/podcastdetail/7512 Mon, 24 May 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Serverless+Phishing+Campaign/27446/
Locking Kernel32.dll As Anti-Debugging Technique
https://isc.sans.edu/forums/diary/Locking+Kernel32dll+As+AntiDebugging+Technique/27444/
WinRM Vulnerable to http.sys Vulnerability
https://twitter.com/JimDinMN/status/1395071966487269376
Mozilla Firefox "Content-Type Confusion" Unsafe Code Execution
https://besteffortteam.it/mozilla-firefox-content-type-confusion-unsafe-code-execution/
]]> 6:25 mozilla, firefox, winrm, anti-debugging, serverless, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7510 DNS Videos; Ransomware Leak Abused; Exchange Patch Speed; GPS vs. IP Geolocation @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS Videos; Ransomware Leak Abused; Exchange Patch Speed; GPS vs. IP Geolocation @sans_edu https://traffic.libsyn.com/securitypodcast/7510.mp3 https://isc.sans.edu/podcastdetail/7510 Fri, 21 May 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/
And Ransomware Just Got a Bit Meaner
https://isc.sans.edu/forums/diary/And+Ransomware+Just+Got+a+Bit+Meaner+yes+it+is+possible/27438/
Attackers Scanned for Exchange Servers Five Minutes after Patch Release
https://www.ehackingnews.com/2021/05/microsoft-exchange-bug-report-allowed.html
GPS For Authentication: Is the Juice Worth the Squeeze @sans_edu
https://www.sans.org/reading-room/whitepapers/authentication/gps-authentication-juice-worth-squeeze-40270
]]> 19:50 gps, authentication, exchange, scanning, attackers, speed, patching, ransomware, ireland, youtube, dns, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7508 May Forensic Quiz Solution; CIS Controls 8; iDRAC 9 Vuln; QNAP Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. May Forensic Quiz Solution; CIS Controls 8; iDRAC 9 Vuln; QNAP Vuln https://traffic.libsyn.com/securitypodcast/7508.mp3 https://isc.sans.edu/podcastdetail/7508 Thu, 20 May 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/
CIS Controls V8
https://www.cisecurity.org/controls/v8/
Dell iDRAC 9 Security Update
https://www.dell.com/support/kbdoc/en-us/000186420/dsa-2021-082-dell-emc-idrac-9-security-update-for-improper-authentication-vulnerability
QNAP Pre-Auth Remote Code Execution in MuscStation/MalwareRemover
https://www.shielder.it/advisories/qnap-musicstation-malwareremover-pre-auth-remote-code-execution/
]]> 6:07 qnap, dell, idrac, cis, contest, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7506 RunDLL to JS; Pulse Secure; Vulnerable Stalkerware; Double Encryption Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RunDLL to JS; Pulse Secure; Vulnerable Stalkerware; Double Encryption https://traffic.libsyn.com/securitypodcast/7506.mp3 https://isc.sans.edu/podcastdetail/7506 Wed, 19 May 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/From+RunDLL32+to+JavaScript+then+PowerShell/27428/
New Pulse Secure VPN Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/
Android Stalkerware Vulnerabilities
https://www.welivesecurity.com/2021/05/17/android-stalkerware-threatens-victims-further-exposes-snoopers-themselves/
Double Encrypting Ransomware
https://www.wired.com/story/ransomware-double-encryption/
]]> 5:21 ransomware, double encryption, android, stalkerware, pulse secure, vpn, rundll32, javascript, powershell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7504 2FA vs Ransomware; Ransomware and Cyber Insurance; http.sys PoC; Browser HTML Sanitizer API; SANS.edu Research Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 2FA vs Ransomware; Ransomware and Cyber Insurance; http.sys PoC; Browser HTML Sanitizer API; SANS.edu Research https://traffic.libsyn.com/securitypodcast/7504.mp3 https://isc.sans.edu/podcastdetail/7504 Tue, 18 May 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Ransomware+Defenses/27420/
AXA Stops Ransomware Payments
https://www.insurancejournal.com/news/international/2021/05/09/613255.htm
http.sys Proof of Concept
https://github.com/0vercl0k/CVE-2021-31166
Google/Mozilla colaborating on HTML Sanitizer API
https://wicg.github.io/sanitizer-api/#sanitizer-api
SANS Technology Institute Research Journal
https://www.sans.edu/cyber-research
]]> 6:08 sans.edu, research, journal, google, mozilla, html, sanitizer, api, http.sys, poc, axa, insurance, ransomware, 2fa, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7502 Exposed VNC; VSCode Rust Exploit; Exim PoC Code; Favicon Webshells Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exposed VNC; VSCode Rust Exploit; Exim PoC Code; Favicon Webshells https://traffic.libsyn.com/securitypodcast/7502.mp3 https://isc.sans.edu/podcastdetail/7502 Mon, 17 May 2021 02:05:03 GMT https://isc.sans.edu/forums/diary/Open+Access+to+Industrial+Systems+Interface+is+Also+Far+From+Zero/27418/
Malicious Rust Macro for VSCode
https://github.com/lucky/bad_actor_poc
Exim PoC Released
https://adepts.of0x.cc/exim-cve-2020-28018/
Newly Observed PHP-based skimmmer shows ongoing Magecart Group 12 activity
https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/
]]> 5:41 favicon, webshell, exim, rust, vscode, vnc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7500 Cross Browser Tracking; Cisco AnyConnect Patch; MSBuild Abuse Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cross Browser Tracking; Cisco AnyConnect Patch; MSBuild Abuse https://traffic.libsyn.com/securitypodcast/7500.mp3 https://isc.sans.edu/podcastdetail/7500 Fri, 14 May 2021 02:00:02 GMT https://fingerprintjs.com/blog/external-protocol-flooding/
Cisco AnyConnect Secure Mobility Client Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
MSBuild Abused By Attackers
https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly
]]> 6:48 fingerprint, browser, schems, cisco, anyconnect, msbuild, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7498 Exposed ICS Trending Lower; FragAttack Vendor Bulletins; Adobe Acrobat 0Day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exposed ICS Trending Lower; FragAttack Vendor Bulletins; Adobe Acrobat 0Day https://traffic.libsyn.com/securitypodcast/7498.mp3 https://isc.sans.edu/podcastdetail/7498 Thu, 13 May 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Number+of+industrial+control+systems+on+the+internet+is+lower+then+in+2020but+still+far+from+zero/27412/
Webcast: Ransoming Critical Infrastructure
https://www.sans.org/webcasts/119775
Links to FragAttacks Vendor Bulletins (in German)
https://www.heise.de/news/WLAN-Sicherheitsluecken-FragAttacks-Erste-Updates-6045116.html
Adobe Acrobat Patches
https://helpx.adobe.com/security/products/acrobat/apsb21-29.html
Sending Arbitrary Messages via FindMy
https://positive.security/blog/send-my
]]> 5:51 find my, apple, airtag, adobe, acrobat, patches, fragattacks, pipeline, ics, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7496 MSFT Patch Tuesday (http.sys!!); WiFi Fragmentation/Aggregation Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Tuesday (http.sys!!); WiFi Fragmentation/Aggregation Attacks https://traffic.libsyn.com/securitypodcast/7496.mp3 https://isc.sans.edu/podcastdetail/7496 Wed, 12 May 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408
WiFi Fragmentation Attacks
https://www.fragattacks.com
]]> 6:30 wifi, aggregated frames, fragmentation, microsoft, patch tuesday, http.sys, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7494 Validating IP Addresses; Jailbreaking AirTags; Malicious Tor Exit Nodes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Validating IP Addresses; Jailbreaking AirTags; Malicious Tor Exit Nodes https://traffic.libsyn.com/securitypodcast/7494.mp3 https://isc.sans.edu/podcastdetail/7494 Tue, 11 May 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Correctly+Validating+IP+Addresses+Why+encoding+matters+for+input+validation/27404/
Jail Breaking AirTags
https://twitter.com/ghidraninja/status/1391148503196438529
Malicious Tor Exit Relay Activities
https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df
]]> 5:27 tor, exit nodes, nusenu, airtags, jailbreak, ip addresses, input validation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7492 Research Scans; tsuNAME and Cyclehunter; Foxit Patches; Hypocrit Patch Research Investigation Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Research Scans; tsuNAME and Cyclehunter; Foxit Patches; Hypocrit Patch Research Investigation https://traffic.libsyn.com/securitypodcast/7492.mp3 https://isc.sans.edu/podcastdetail/7492 Mon, 10 May 2021 02:05:03 GMT https://isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/
Cycle Hunter and tsuNAME DDoS Attack
https://github.com/SIDN/CycleHunter
https://tsuname.io/tech_report.pdf
Foxit Reader / Phantom PDF Vulnerabilities
https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06
Hypocrit Patches Reviewed By Linux Foundation
https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/
]]> 5:22 hypocrit patches, linux foundation, umn, foxit, reader, phantom pdf, cycle hunter, tsuname, researchers, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7490 Azure Blob Scans; Qualcomm MSM Vuln.; Google 2SF Default; Celebrite UFED Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Azure Blob Scans; Qualcomm MSM Vuln.; Google 2SF Default; Celebrite UFED Patch https://traffic.libsyn.com/securitypodcast/7490.mp3 https://isc.sans.edu/podcastdetail/7490 Fri, 07 May 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Exposed+Azure+Storage+Containers/27396/
Qualcomm MSM Vulnerability
https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/
Google to Automatically enroll users in 2SF
https://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/
New Cellebrite Vulnerabilities Announced
https://www.ehackingnews.com/2021/05/new-vulnerabilities-in-cellebrites.html
]]> 5:36 cellebrite, google, 2sf, 2fa, mfa, qualcomm, msm, azure, blog, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7488 PCAP Contest; Windows Defender Bug; VMWare Patch; Cisco Patches; Number Recycling Risks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PCAP Contest; Windows Defender Bug; VMWare Patch; Cisco Patches; Number Recycling Risks https://traffic.libsyn.com/securitypodcast/7488.mp3 https://isc.sans.edu/podcastdetail/7488 Thu, 06 May 2021 02:15:02 GMT https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest/27386/
Windows Defender Bug Fills Windows 10 Boot Drive with thousands of files
https://www.bleepingcomputer.com/news/microsoft/windows-defender-bug-fills-windows-10-boot-drive-with-thousands-of-files/
VMWare vRealize Business for Cloud Patch
https://kb.vmware.com/s/article/83475
Cisco Updates SD-WAN vManager / HyperFlex HX
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities
Security and Privacy Risks of Number Recycling at Mobile Carriers in the US
https://recyclednumbers.cs.princeton.edu
]]> 6:17 privacy, security, phone numbers, recycling, cisco, sd-wan, hyperflex, vmware, windows, defnder, forensic, contest, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7486 Android Update; All Dells Vulnerable; Exim Again; Fast Scanning; ICMP Tunnel Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Android Update; All Dells Vulnerable; Exim Again; Fast Scanning; ICMP Tunnel https://traffic.libsyn.com/securitypodcast/7486.mp3 https://isc.sans.edu/podcastdetail/7486 Wed, 05 May 2021 02:15:02 GMT https://source.android.com/security/bulletin/2021-05-01?hl=en
Dell Privilege Escalation Vulnerability
https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/
Exim Mail Server Vulnerabilities
https://www.qualys.com/2021/05/04/21nails/21nails.txt
Quick and Dirty Python: masscan
https://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/
ICMP Tunnel Backdoor
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/
]]> 5:31 icmp, python, masscan, exim, android, dell, firmware update, bios update, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7484 Apple WebKit 0-Day; MSFT Exchange PoC; Micro-Op Caches; Pulse Secure Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple WebKit 0-Day; MSFT Exchange PoC; Micro-Op Caches; Pulse Secure Update https://traffic.libsyn.com/securitypodcast/7484.mp3 https://isc.sans.edu/podcastdetail/7484 Tue, 04 May 2021 02:05:02 GMT https://support.apple.com/en-us/HT201222
PoC Exploit for CVE-2021-28482 (Microsoft Exchange)
https://gist.github.com/testanull/9ebbd6830f7a501e35e67f2fcaa57bda
https://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f
Yet Another Processor Side-Channel: Micro-Ops Caches
http://www.cs.virginia.edu/venkat/papers/isca2021a.pdf
Pulse Secure Update
https://blog.pulsesecure.net/pulse-connect-secure-patch-availability-sa44784/
]]> 4:42 pulse secure, side-channel, micro-ops, poc, exchange, apple, patches, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7482 Qiling Framework @qiling_io; Python ipaddress flaw; exiftool code exec; abus insecurity; sonicwall Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Qiling Framework @qiling_io; Python ipaddress flaw; exiftool code exec; abus insecurity; sonicwall https://traffic.libsyn.com/securitypodcast/7482.mp3 https://isc.sans.edu/podcastdetail/7482 Mon, 03 May 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/
Python "ipaddress" improper input validation
https://sick.codes/sick-2021-014/
EXIF Tool Vulnerabilities
https://twitter.com/wcbowling/status/1385803927321415687
ABUS Secvest Internet Connected Alarm Systems
https://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973
FiveHands Ransomware Installed via SonicWall Flaw
https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html
]]> 5:31 fivehands, ransomware, sonicwall, abus, secvest, alarm, python, exif, ipaddress, qiling, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7480 From Python to .Net; PHP Composer; BadAlloc and RTOS; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. From Python to .Net; PHP Composer; BadAlloc and RTOS; https://traffic.libsyn.com/securitypodcast/7480.mp3 https://isc.sans.edu/podcastdetail/7480 Fri, 30 Apr 2021 02:05:03 GMT https://isc.sans.edu/forums/diary/From+Python+to+Net/27366/
PHP Composer Vulnerability
https://blog.sonarsource.com/php-supply-chain-attack-on-composer
Microsoft Identifies Several Integer Overflow Vulnerablities
https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
]]> 5:19 python, .Net, php, composer, microsoft, malloc, rtos, heapoverflow, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7478 Stopping Google FLoC; RotaJakiro Backdoor; F5 Big IP Kerberos Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Stopping Google FLoC; RotaJakiro Backdoor; F5 Big IP Kerberos Bypass https://traffic.libsyn.com/securitypodcast/7478.mp3 https://isc.sans.edu/podcastdetail/7478 Thu, 29 Apr 2021 02:05:02 GMT https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/
https://amifloced.org
RotaJakiro Backdoor
https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
F5 Big IP Kerberos Spoofing Vulnerablity
https://support.f5.com/csp/article/K51213246
]]> 5:14 f5, big-ip, kerberos, spoofing, rotajakrio, backdoor, linux, floc, google, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7476 Singapore Post Phish; Malicious Ads; MSFT Block Cryptojacking; Linux Priv Escalation Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Singapore Post Phish; Malicious Ads; MSFT Block Cryptojacking; Linux Priv Escalation https://traffic.libsyn.com/securitypodcast/7476.mp3 https://isc.sans.edu/podcastdetail/7476 Wed, 28 Apr 2021 02:05:03 GMT https://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/
Two in Five Victims of Online Scam Adverts Do Not Report to Host Platforms
https://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/
Microsoft Defender Blocks Cryptojacking Malware
https://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/
Linux Privilege Escalation Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211
]]> 4:25 linux, syscall, microsoft, talos, cryptojacking, malicious ads, singapore, phish, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7474 Microstation CAD and VBA; Apple Patches Everything (and 0-Day); Hashicorp code signing key exposed; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microstation CAD and VBA; Apple Patches Everything (and 0-Day); Hashicorp code signing key exposed; https://traffic.libsyn.com/securitypodcast/7474.mp3 https://isc.sans.edu/podcastdetail/7474 Tue, 27 Apr 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/
MacOS 0-Day Bug Patched
https://objective-see.com/blog/blog_0x64.html
https://support.apple.com/en-us/HT201222
Emotet Uninstaller Triggered
https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/
HashiCorp Code Signing Key Exposed By Codecov Compromise
https://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/
]]> 7:23 apple, code signing, gatekeeper, hashicorp, emotet, cad, microstation, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7472 Compacts VBA Macro; Top Honeypot PW; Clickstudios compromise; homebrew vulnerability; Apple AirDrop Privacy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Compacts VBA Macro; Top Honeypot PW; Clickstudios compromise; homebrew vulnerability; Apple AirDrop Privacy https://traffic.libsyn.com/securitypodcast/7472.mp3 https://isc.sans.edu/podcastdetail/7472 Mon, 26 Apr 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/
Base64 Strings Used in Web Scanning
https://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/
Clickstudios Password Manager Compromise
https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/
Homebrew Code Execution Vulnerability
https://brew.sh/2021/04/21/security-incident-disclosure/
Apple AirDrop Shares Personal Data
https://www.informatik.tu-darmstadt.de/fb20/ueber_uns_details_231616.en.jsp
]]> 5:46 airdrop, apple, privacy, homebrew, git, clickstudios, base64, vba, macros, ppt, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7470 Docker and grype; SolarWinds Update; Cellebrite Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Docker and grype; SolarWinds Update; Cellebrite Exploit https://traffic.libsyn.com/securitypodcast/7470.mp3 https://isc.sans.edu/podcastdetail/7470 Fri, 23 Apr 2021 12:12:50 GMT https://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/
Additional SolarWinds Infrastructure
https://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/
Cellebrite Exploit
https://signal.org/blog/cellebrite-vulnerabilities/
Duo 2FA Bypass
https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/]]> 5:51 duo, 2fa, cellebrite, solarwinds, docker, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7468 Univ. of Minnesota and Linux Kernel; 7Zip Qlocker Ransomware; Chrome 0Day Fixed Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Univ. of Minnesota and Linux Kernel; 7Zip Qlocker Ransomware; Chrome 0Day Fixed https://traffic.libsyn.com/securitypodcast/7468.mp3 https://isc.sans.edu/podcastdetail/7468 Thu, 22 Apr 2021 02:00:02 GMT https://lore.kernel.org/lkml/20210421130105.1226686-38-gregkh@linuxfoundation.org/
https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf
QNAP QLocker uses 7-Zip
https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/
Chrome O-Day Fixed
https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html
]]> 6:25 chrome, 0-day, 7zip, qlocker, qnap, linux, kernel, umn, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7466 Pulse Secure VPN 0-Day; Sonic Wall 0=Day; Synology Vuln; Air Fryer Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Pulse Secure VPN 0-Day; Sonic Wall 0=Day; Synology Vuln; Air Fryer Vuln https://traffic.libsyn.com/securitypodcast/7466.mp3 https://isc.sans.edu/podcastdetail/7466 Wed, 21 Apr 2021 02:20:02 GMT https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/
SonicWall Vulnerabilities
https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/
Synology Vulnerability
https://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more
Air Fryer Vulnerability
https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html
]]> 6:15 air fryer, synology, sonicwall, pulse secure, vpn, 0-day, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7464 Finding Phishing Sites; Nagios XI Exploit; XCSSET Malware and M1; qnap/junos patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Finding Phishing Sites; Nagios XI Exploit; XCSSET Malware and M1; qnap/junos patches; https://traffic.libsyn.com/securitypodcast/7464.mp3 https://isc.sans.edu/podcastdetail/7464 Tue, 20 Apr 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/
Nagios XI Vulnerability Exploited by Cryptominers
https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/
XCSSET Malware Adapting to MacOS 11 and M1
https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html
QNAP Patches
https://www.qnap.com/de-de/security-advisories?ref=security_advisory_details
Juniper Updates
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
]]> 5:03 juniper, qnap, bazar, xcsset, macos, m1, nagios, cryptointer, favicon, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7462 More Cobalt Stryike Decode; Codecov Breach; EIPStackGroup Vuln; MSFT Patch Problems Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Cobalt Stryike Decode; Codecov Breach; EIPStackGroup Vuln; MSFT Patch Problems https://traffic.libsyn.com/securitypodcast/7462.mp3 https://isc.sans.edu/podcastdetail/7462 Mon, 19 Apr 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/
Codecov Breach
https://about.codecov.io/security-update/
Google Project Zero Tweaks Disclosure Rules
https://googleprojectzero.blogspot.com
EIPStackGroup OpENer Ethernet/IP
https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02
DNS Problems with Windows 10 Security Update
https://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/
]]> 5:36 dns, windows 10, llmnr, eipstackgroup, pener, ethernet/ip, google, project zero, codecov, cobalt strike, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7460 Internal CA; Top Vuln. Used By SVR; Insecure URL Handling; @sans_edu: Malware Deteciton in TLS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Internal CA; Top Vuln. Used By SVR; Insecure URL Handling; @sans_edu: Malware Deteciton in TLS https://traffic.libsyn.com/securitypodcast/7460.mp3 https://isc.sans.edu/podcastdetail/7460 Fri, 16 Apr 2021 00:43:01 GMT https://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/
Vulnerabilities Used By Russian Foreign Intelligence Service
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/
Insecurity URL Handling
https://positive.security/blog/url-open-rce
SANS Research Paper: Bryan Scarbrough; Malware Detection in Encrypted TLS Traffic Through Machine Learning
https://www.sans.org/reading-room/whitepapers/artificialintelligence/malware-detection-encrypted-tls-traffic-machine-learning-40185
]]> 14:20 sans.edu, research, tls, russian, vulnerabilities, insecure, url, internal CA, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7458 pcap challenge solution; Adobe, Chrome, SAP Patches; Linux/Mac npm Malware; @sans.edu NCL Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. pcap challenge solution; Adobe, Chrome, SAP Patches; Linux/Mac npm Malware; @sans.edu NCL https://traffic.libsyn.com/securitypodcast/7458.mp3 https://isc.sans.edu/podcastdetail/7458 Thu, 15 Apr 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
Chrome 90 Released (and 0-Day Exploits)
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html
https://github.com/avboy1337/1195777-chrome0day
https://github.com/r4j0x00/exploits/tree/master/chrome-0day
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649
Linux/Mac Malware included in npm Module
https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt
Congratulations to the SANS.edu National Cyber League Teams!
https://twitter.com/SANS_EDU/status/1382453652602941440
]]> 6:09 sans.edu, ncl, linux, mac, npm, malware, sap, chrome, adobe, forensics, quiz, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7456 MSFT Patch Tuesday; Name:Wreck DNS Vulns; #PATCHEXCHANGEAGAIN Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Tuesday; Name:Wreck DNS Vulns; #PATCHEXCHANGEAGAIN https://traffic.libsyn.com/securitypodcast/7456.mp3 https://isc.sans.edu/podcastdetail/7456 Wed, 14 Apr 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/
NAME:WRECK DNS Vulnerabilities
https://www.forescout.com/research-labs/namewreck/
]]> 5:43 name:wreck, dns, microsoft, patches, exchange, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7454 Cleartext Cobalt Strike; ASA5506 SSD Failure; PulseSecure VPN Cert Expiration; Rwn2Own; Tesla Google Chrome exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cleartext Cobalt Strike; ASA5506 SSD Failure; PulseSecure VPN Cert Expiration; Rwn2Own; Tesla Google Chrome exploit https://traffic.libsyn.com/securitypodcast/7454.mp3 https://isc.sans.edu/podcastdetail/7454 Tue, 13 Apr 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/
ASA 5506 Series Security Appliances Field Notice
https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72019.html
Expired Certificate for PulseSecure VPN Devices
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/?kA13Z000000fzbR
Pwn2Own Summary
https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html
Tesla Exploited Via Google Chrome Vulnerability
https://leethax0.rs/2021/04/ElectricChrome/
]]> 6:04 tesla, google chrome, pwn2own, certificate, pulsesecure, vpn, asa 5506, ssd, cobalt strike, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7452 Bring Your Own Python; Facebook vs PSL; Malicious Ads Pushing Clubhouse Malware; Identifying Cobalt Strike DNS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Bring Your Own Python; Facebook vs PSL; Malicious Ads Pushing Clubhouse Malware; Identifying Cobalt Strike DNS https://traffic.libsyn.com/securitypodcast/7452.mp3 https://isc.sans.edu/podcastdetail/7452 Mon, 12 Apr 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/
Facebook Mistakingly Suggests Adding Domains To Public Suffix List will Ease Tracking
https://publicsuffix.org
https://www.facebook.com/business/help/331612538028890?id=428636648170202
Facebook Ads Used to Push Clubhouse Related Malware
https://www.ehackingnews.com/2021/04/cybercriminals-used-facebook-ads-to.html
Identifying Cobalt Strike DNS Intrastructure
https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors
]]> 6:48 cobalt strike, dns, facebook, clubhouse, malware, privacy, apple, psl, tld, python, rat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7450 Ransomware Prototype; HTML Lego; Azure Functions Vuln; Cisco SMB Router Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ransomware Prototype; HTML Lego; Azure Functions Vuln; Cisco SMB Router Patches; https://traffic.libsyn.com/securitypodcast/7450.mp3 https://isc.sans.edu/podcastdetail/7450 Fri, 09 Apr 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Simple+Powershell+Ransomware+Creating+a+7Z+Archive+of+your+Files/27286/
HTML Lego: Hidden Phishing at Free JavaScript Site
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/
Royal FLush: Privilege Escalation Vulnerability in Azure Functions
https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/
Cisco Small Business Router Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm
Google Chrome Blocking Port 10080
https://github.com/whatwg/fetch/issues/1191#issuecomment-797659444
]]> 5:42 google, chrome, 10080, cisco, smb, router, royal flush, azure, functions, html, phishing, javascript, powershell, ransomware, 7zip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7448 WiFi IDS; PHP Incident Update; Bleedingtooth; LinkedIn Leak; VMWare Patch; Cisco Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WiFi IDS; PHP Incident Update; Bleedingtooth; LinkedIn Leak; VMWare Patch; Cisco Patch https://traffic.libsyn.com/securitypodcast/7448.mp3 https://isc.sans.edu/podcastdetail/7448 Thu, 08 Apr 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/
Update on PHP Incident
https://externals.io/message/113981
Details about Linux Kernel Bluetooth Vulnerabilities
https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html
LinkedIn Leak
https://www.ehackingnews.com/2021/04/data-stolen-from-500-million-linkedin.html
VMWare Carbon Black Cloud Workload Applicatnce Authentication Bypass
https://www.vmware.com/security/advisories/VMSA-2021-0005.html
Cisco SD-WAN vManage Software Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy
]]> 6:44 cisco, vmware, carbon black, vmanage, sd-wan, linkedin, leak, linux, bluetooth, bleeingtooth, php, wifi, ids, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7446 Malspam, Outlook and RFCs; QNAP Updates EOL Firmware; Gigaset Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malspam, Outlook and RFCs; QNAP Updates EOL Firmware; Gigaset Malware https://traffic.libsyn.com/securitypodcast/7446.mp3 https://isc.sans.edu/podcastdetail/7446 Wed, 07 Apr 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/
SAP Attacks
https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications
QNAP Upates Older EOL Devices
https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322
GIGASET Android Phones Infected by Compromised Update Server
https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html
]]> 5:48 gigaset, android, malware, qnap, updates, patches, SAP, malspam, lokibot, rfs, outlook, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7444 LinkedIn Phish; Malicious Text Files; Rust Privacy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LinkedIn Phish; Malicious Text Files; Rust Privacy https://traffic.libsyn.com/securitypodcast/7444.mp3 https://isc.sans.edu/podcastdetail/7444 Tue, 06 Apr 2021 02:00:02 GMT https://threatpost.com/linkedin-spear-phishing-job-hunters/165240/
Malicious Text Files (CVE-2019-8761)
https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html
Rust Privacy Concerns
https://www.bleepingcomputer.com/news/security/most-loved-programming-language-rust-sparks-privacy-concerns/
]]> 5:45 rust, privacy, text, textedit, linkedin, job search, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7442 Sandbox vs. Real Screenshots; FortiOS Exploitation; GitHub Coin Mining; Facebook Leak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sandbox vs. Real Screenshots; FortiOS Exploitation; GitHub Coin Mining; Facebook Leak https://traffic.libsyn.com/securitypodcast/7442.mp3 https://isc.sans.edu/podcastdetail/7442 Mon, 05 Apr 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/
Exploitation of Fortinet FortiOS Vulnerabilities
https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios
https://www.ic3.gov/Media/News/2021/210402.pdf
GitHub Actions Used to Mine Crypto
https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/
Large Facebook Leak
https://thehackernews.com/2021/04/533-million-facebook-users-phone.html
]]> 5:57 facebook, github, fortios, fortinet, sandboxes, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7440 April PCAP Quiz; Coinhive Update; Forensicating BITS; More Water Trouble; QNAP Vulns Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. April PCAP Quiz; Coinhive Update; Forensicating BITS; More Water Trouble; QNAP Vulns https://traffic.libsyn.com/securitypodcast/7440.mp3 https://isc.sans.edu/podcastdetail/7440 Fri, 02 Apr 2021 02:10:02 GMT https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/
Coinhive Domains Used to Warn Victims
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Detecting Attacker's BITS Utility Use
https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html
Kansas Man Indicted For Tampering With Public Water System
https://www.justice.gov/usao-ks/pr/indictment-kansas-man-indicted-tampering-public-water-system
Older QNAP Devices Vulnerable And No Longer Patched
https://securingsam.com/new-vulnerabilities-allow-complete-takeover/
]]> 6:16 qnap, kansas, water, bits, coinhive, troy hunt, april, quiz, packet, forensics, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7438 Modular InfoStealer; Google Chrome Update; DoH on Linux; Facial Recognition Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Modular InfoStealer; Google Chrome Update; DoH on Linux; Facial Recognition Bypass https://traffic.libsyn.com/securitypodcast/7438.mp3 https://isc.sans.edu/podcastdetail/7438 Thu, 01 Apr 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/
Google Chrome Update / DoH on Linux
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
https://docs.google.com/document/d/1zAdSK393IznaLKQ0ItOmwLBy59fIq9ydxBRJQX-2ntQ/edit#
Chinese Tax Authority Facial Recognition System Fooled
https://www.scmp.com/tech/tech-trends/article/3127645/chinese-government-run-facial-recognition-system-hacked-tax
]]> 4:53 china, tax, facial recognition, biometrics, google chrome, doh, linux, infostealer, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7436 TLS Survey; Perl Netmask Vulnerability; VMWare vRealize; pre-pw0ned docker images Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TLS Survey; Perl Netmask Vulnerability; VMWare vRealize; pre-pw0ned docker images https://traffic.libsyn.com/securitypodcast/7436.mp3 https://isc.sans.edu/podcastdetail/7436 Wed, 31 Mar 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/
Perl Netmask Vulnerability
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
VMWare vRealize Vulnerability
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
Pre-P0wned Docker Containers
https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/
]]> 5:37 pre-pwoned docker, docker, xmrig, miner, vmware, vrealie, ssrf, perl, netmask, tls, shodan, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7434 RTF Shellcode; PHP Git Repo Compromise; npm "netmask" package vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RTF Shellcode; PHP Git Repo Compromise; npm "netmask" package vuln https://traffic.libsyn.com/securitypodcast/7434.mp3 https://isc.sans.edu/podcastdetail/7434 Tue, 30 Mar 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/
PHP git repo compromised
https://news-web.php.net/php.internals/113838
npm "netmask" package vulnerability
https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
]]> 6:54 npm, php, git, github, shellcode, rtf, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7420 Python Keylogger; XcodeSpy; Zoom Screen Sharing Leak; MyBB RCE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python Keylogger; XcodeSpy; Zoom Screen Sharing Leak; MyBB RCE https://traffic.libsyn.com/securitypodcast/7420.mp3 https://isc.sans.edu/podcastdetail/7420 Fri, 19 Mar 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/
New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
Zoom Screen Sharing Leak
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt
MyBB Remote Code Execution
https://blog.mybb.com/2021/03/10/mybb-1-8-26-released-security-release/
]]> 6:04 mybb, zoom, screen sharing, macos, xcodespy, xcode, python, keylogger, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7418 More Covid Phish; iOS Update Changes; Polyglot Twitter Images; Attaching CC to Images Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Covid Phish; iOS Update Changes; Polyglot Twitter Images; Attaching CC to Images https://traffic.libsyn.com/securitypodcast/7418.mp3 https://isc.sans.edu/podcastdetail/7418 Thu, 18 Mar 2021 02:00:02 GMT https://cofense.com/blog/american-rescue-plan-phish/
Apple May Split Security Updates from Other Updates
https://9to5mac.com/2021/03/15/ios-security-fixes-could-soon-be-delivered-separately-from-other-updates-beta-code-suggests/
Polyglot Images on Twitter
https://twitter.com/David3141593/status/1371978592679309315
Magento 2 PHP Credit Card Skimmer Saves to JPG
https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
]]> 5:52 magento, credit card skimmer, jpg, polyglot, images, twitter, apple, updates, dridex, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7416 One Click Exchange Fix; MSFT Azure AD Postmortem; Side Channel Exploits without JavaScript; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. One Click Exchange Fix; MSFT Azure AD Postmortem; Side Channel Exploits without JavaScript; https://traffic.libsyn.com/securitypodcast/7416.mp3 https://isc.sans.edu/podcastdetail/7416 Wed, 17 Mar 2021 02:10:02 GMT https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/
Microsoft Explains Authentication Issues with Azure Active Directory
https://www.documentcloud.org/documents/20515443-authentication-errors-across-multiple-microsoft-services-tracking-id-ln01-p8z
JavaScript Less Side-Channel Exploits
https://arxiv.org/abs/2103.04952
]]> 5:55 javascript, css, side-channel, spectre, microsoft, azure, active directory, exchange, mitigation tool, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7414 NimzaLoader; Win10 Crash Patches; Azure AD Outage; IBM DB2 Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NimzaLoader; Win10 Crash Patches; Azure AD Outage; IBM DB2 Patch https://traffic.libsyn.com/securitypodcast/7414.mp3 https://isc.sans.edu/podcastdetail/7414 Tue, 16 Mar 2021 02:00:02 GMT https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware
Windows 10 Emergency Update to Fix Printing Crashes
https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/
Windows Azure AD Outage
https://status.azure.com/status
IBM DB2 Patch
https://www.ibm.com/support/pages/node/6427855
]]> 5:02 db2, ibm, windows, azure, ad, windows 10, nimzaloader, nim, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7412 Wireshark Exploit; Google Chrome; zhtrap @360netlab; twitter bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Wireshark Exploit; Google Chrome; zhtrap @360netlab; twitter bug https://traffic.libsyn.com/securitypodcast/7412.mp3 https://isc.sans.edu/podcastdetail/7412 Mon, 15 Mar 2021 02:00:03 GMT https://gitlab.com/wireshark/wireshark/-/issues/17232
Google Chrome Vulnerability Exploited in the Wild
https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193
Malware Installs Honeypot
https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/
Twitter "Memphis" Bug
https://www.bleepingcomputer.com/news/technology/twitter-bug-automatically-suspends-you-when-tweeting-memphis/
]]> 4:53 twitter, memphis, honeypt, malware, google crhome, wireshark, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7410 Piktochart Phishing; ProxyLogon Public PoC; Win10 Crashes; Rob Upchurch: SMHNR DNS Leakage @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Piktochart Phishing; ProxyLogon Public PoC; Win10 Crashes; Rob Upchurch: SMHNR DNS Leakage @sans_edu https://traffic.libsyn.com/securitypodcast/7410.mp3 https://isc.sans.edu/podcastdetail/7410 Fri, 12 Mar 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/
ProxyLogon Public PoC
https://www.praetorian.com/blog/reproducing-proxylogon-exploit/
Windows 10 Crashes After March 10th Updates
https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/
DNS Vulnerability Updates
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dynamic-updates/
Rob Upchurch: Preventing Windows 10 SMHNR DNS Leakage
https://www.sans.org/reading-room/whitepapers/dns/preventing-windows-10-smhnr-dns-leakage-40165
]]> 15:44 rob upchurch, smhnr, dns, windows, vulnerability, exchange, proxylogon, poc, phishing, piktochart, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7408 SharpRDP; F5 Vulnerabilities; Netgear Updates; sigstore Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SharpRDP; F5 Vulnerabilities; Netgear Updates; sigstore https://traffic.libsyn.com/securitypodcast/7408.mp3 https://isc.sans.edu/podcastdetail/7408 Thu, 11 Mar 2021 02:05:03 GMT https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/
F5 Critical Vulnerabilities
https://support.f5.com/csp/article/K02566623
Netgear Updates
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Linux Foundation sigstore
https://sigstore.dev
]]> 5:21 sigstore, google, linux foundation, code signing, f5, netgear, sharprdp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7406 Microsoft Patch Tuesday; Adobe Updates; Verkada Breach; git vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Updates; Verkada Breach; git vuln https://traffic.libsyn.com/securitypodcast/7406.mp3 https://isc.sans.edu/podcastdetail/7406 Wed, 10 Mar 2021 02:15:02 GMT https://isc.sans.edu/forums/diary/Microsoft+March+2021+Patch+Tuesday/27184/
Adobe Updates
https://helpx.adobe.com/security.html
Network Camera Breach
https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/
git vulnerability
https://www.openwall.com/lists/oss-security/2021/03/09/3
]]> 7:13 git, verkata, cameras, adobe, microsoft, patches, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7404 YARA and CyberChef; Apple Patches; Chrome Blocks Port 554; Intel CPU Side Channel Attack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. YARA and CyberChef; Apple Patches; Chrome Blocks Port 554; Intel CPU Side Channel Attack https://traffic.libsyn.com/securitypodcast/7404.mp3 https://isc.sans.edu/podcastdetail/7404 Tue, 09 Mar 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Google Adds Port 554 to "Restricted Ports"
https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc
Yet Another Intel Side Channel Attack
https://arxiv.org/pdf/2103.03443.pdf
]]> 5:35 side channel, intel, ring, google, port 554, restricted ports, yara, cyberchef, apple, webkit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7402 MSFT Exchange; Excel 4 Macros (XLM) AMSI; Apple Find My Device Privacy Leak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Exchange; Excel 4 Macros (XLM) AMSI; Apple Find My Device Privacy Leak https://traffic.libsyn.com/securitypodcast/7402.mp3 https://isc.sans.edu/podcastdetail/7402 Mon, 08 Mar 2021 02:00:03 GMT https://github.com/microsoft/CSS-Exchange/tree/main/Security
https://github.com/nccgroup/Cyber-Defence/tree/master/Intelligence/Exchange
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b
Microsoft Adding Excel 4.0 Macro Hooks to AMSI
https://www.microsoft.com/security/blog/2021/03/03/xlm-amsi-new-runtime-defense-against-excel-4-0-macro-malware/
Apple Find My Device Leak
https://arxiv.org/pdf/2103.02282.pdf
]]> 7:29 apple, find my device, microsoft, exchange, excel, xlm, amsi, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7400 VBS to RAT; Cisco Snort DoS Patch; VMWare View Planer Update; Google FLoC; Supermicro Trickbot Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VBS to RAT; Cisco Snort DoS Patch; VMWare View Planer Update; Google FLoC; Supermicro Trickbot Patch https://traffic.libsyn.com/securitypodcast/7400.mp3 https://isc.sans.edu/podcastdetail/7400 Fri, 05 Mar 2021 12:05:03 GMT https://isc.sans.edu/forums/diary/From+VBS+PowerShell+C+Sharp+Process+Hollowing+to+RAT/27168/
Cisco Patches Snort Related Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n
VMWare View Planner Update
https://www.vmware.com/security/advisories/VMSA-2021-0003.html
Google's FLoC Algorithm
https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
Supermicro Trickbot Patch
https://www.supermicro.com/en/support/security/trickbot
]]> 6:01 supermicro, trickbot, google, floc, vmware, view planner, cisco, patches, snort, vbs, powershell, c sharp, rat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7398 Microsoft Exchange Followup; Saltstack Vuln; Grub2 Patches; More Dependency Confusion Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Exchange Followup; Saltstack Vuln; Grub2 Patches; More Dependency Confusion https://traffic.libsyn.com/securitypodcast/7398.mp3 https://isc.sans.edu/podcastdetail/7398 Thu, 04 Mar 2021 02:25:02 GMT https://blog.rapid7.com/2021/03/03/rapid7s-insightidr-enables-detection-and-response-to-microsoft-exchange-0-day/

Saltstack Vulnerability
https://www.immersivelabs.com/resources/blog/why-so-salty-local-privilege-escalation-on-saltstack-minions/
GRUB2 Patches
https://seclists.org/oss-sec/2021/q1/189
Dependency Confusion in the Wild
https://threatpost.com/malicious-code-bombs-amazon-lyft-slack-zillow/164455/
]]> 4:53 dependency confusion, grub2, salt, saltstack, microsoft, exchange, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7396 Qakbot+Cobalt Strike; Exchange Server 0-Day; Google Chrome 0-Day; iOS Jailbreak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Qakbot+Cobalt Strike; Exchange Server 0-Day; Google Chrome 0-Day; iOS Jailbreak https://traffic.libsyn.com/securitypodcast/7396.mp3 https://isc.sans.edu/podcastdetail/7396 Wed, 03 Mar 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/
Exchange Server 0-Day Exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Google Chrome 0-Day Exploits
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
]]> 7:15 google, chrome, exchange, server, 0-day, exploit, qakbot, cobalt strike, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7394 DNS over TLS; Gootloader; AOL Phishing; Spectre in the Wild; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS over TLS; Gootloader; AOL Phishing; Spectre in the Wild; https://traffic.libsyn.com/securitypodcast/7394.mp3 https://isc.sans.edu/podcastdetail/7394 Tue, 02 Mar 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Fun+with+DNS+over+TLS+DoT/27150/
Gootloader Update
https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
AOL Phishing
https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/
Spectre Exploit in the Wild
https://dustri.org/b/spectre-exploits-in-the-wild.html
]]> 6:13 spectre, aol, gootloader, dns, tls, dot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7392 Outlook Phish; Port 26 Followup; Alexa Skills; TMobile Breach Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Outlook Phish; Port 26 Followup; Alexa Skills; TMobile Breach https://traffic.libsyn.com/securitypodcast/7392.mp3 https://isc.sans.edu/podcastdetail/7392 Mon, 01 Mar 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Pretending+to+be+an+Outlook+Version+Update/27144/
Geolocating Satori Botnet Scanning Port 26
https://isc.sans.edu/forums/diary/So+where+did+those+Satori+attacks+come+from/27140/
Alexa Skill Security
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_5A-1_23111_paper.pdf
TMobile Data Breach / SIM Swapping
https://beta.documentcloud.org/documents/20492859-t-mobile-feb-2021-bc-data-breach
]]> 5:02 tmobile, sim swapping, breach, geolocation, satori, part 26, alexa, outlook, phish, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7390 Forensicating Azure VMs; FriarFoxi; JSON Parsers; MacOS 11.2.2 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Forensicating Azure VMs; FriarFoxi; JSON Parsers; MacOS 11.2.2 https://traffic.libsyn.com/securitypodcast/7390.mp3 https://isc.sans.edu/podcastdetail/7390 Fri, 26 Feb 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Forensicating+Azure+VMs/27136/
FriarFox Browser Extension Targeting GMail Accounts
https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global
JSON Parser Inconsistencies
https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
Apple MacOS Update
https://www.reddit.com/r/macbook/comments/kge24m/dead_m1_mac_with_usbc_multiport_adapters/
]]> 5:01 apple, macos, usbc, json, parsers, friarfox, extention, tibet, gmail, azure, vms, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7388 GuLoader/Remcos RAT; vCenter RCE PoC; CNAME Tracking; Cisco MSO Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GuLoader/Remcos RAT; vCenter RCE PoC; CNAME Tracking; Cisco MSO Vuln; https://traffic.libsyn.com/securitypodcast/7388.mp3 https://isc.sans.edu/podcastdetail/7388 Thu, 25 Feb 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Malspam+pushes+GuLoader+for+Remcos+RAT/27132/
vCenter Exploit / Vulnerability Details
https://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477
DNS CNAME Tracking
https://blog.lukaszolejnik.com/large-scale-analysis-of-dns-based-tracking-evasion-broad-data-leaks-included/
Cisco MSO Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv
]]> 5:23 cisco, mso, dns, cname, vcenter, exploit, rce, poc, malspam, guloader, remcosrat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7386 Malicious FD Reply; Firefox Cookies Protection; VMWare Update; Signed PDFs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious FD Reply; Firefox Cookies Protection; VMWare Update; Signed PDFs https://traffic.libsyn.com/securitypodcast/7386.mp3 https://isc.sans.edu/podcastdetail/7386 Wed, 24 Feb 2021 02:05:03 GMT https://isc.sans.edu/forums/diary/Qakbot+in+a+response+to+Full+Disclosure+post/27130/
Firefox Total Cookie Protection
https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
VMWare ESXi / vCenter Server Update
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Replacing Content in Signed PDFs
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-4_24117_paper.pdf
]]> 6:08 signed pdfs, vmware, esxi, vcenter, firefox, qakbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7384 Unprotecting Excel; Brave DNS Leak; Telephony DoS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Unprotecting Excel; Brave DNS Leak; Telephony DoS https://traffic.libsyn.com/securitypodcast/7384.mp3 https://isc.sans.edu/podcastdetail/7384 Tue, 23 Feb 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Unprotecting+Malicious+Documents+For+Inspection/27126/
Brave Browser DNS Leak
https://www.theregister.com/2021/02/22/in_brief_security/
Telephony DoS
https://www.ic3.gov/Media/Y2021/PSA210217
]]> 5:45 tdos, telephony, voip, 911, ios, brave browser, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7382 DDE is Back; More M1 Malware; Malformed URL Prefixes; Sonicwall SMA 100 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DDE is Back; More M1 Malware; Malformed URL Prefixes; Sonicwall SMA 100 https://traffic.libsyn.com/securitypodcast/7382.mp3 https://isc.sans.edu/podcastdetail/7382 Mon, 22 Feb 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Dynamic+Data+Exchange+DDE+is+Back+in+the+Wild/27116/
https://isc.sans.edu/forums/diary/DDE+and+oledump/27122/
macOS Malware "Prototype"
https://redcanary.com/blog/clipping-silver-sparrows-wings/
New Phishing Attack Identifed: Malformed URL Prefixes
https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/
Sonicwall SMA 100 Firmware Update
https://www.sonicwall.com/support/product-notification/additional-sma-100-series-10-x-and-9-x-firmware-updates-required-updated-feb-19-2-p-m-cst/210122173415410/
]]> 5:48 sonicwall, sma 100, url prefixes, macos, m1, malware, dde, dynamic data exchange, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7380 Trickbot; AppleJeus; Python 3 Buffer Overflow; Apple Security Guide Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Trickbot; AppleJeus; Python 3 Buffer Overflow; Apple Security Guide https://traffic.libsyn.com/securitypodcast/7380.mp3 https://isc.sans.edu/podcastdetail/7380 Fri, 19 Feb 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/
AppleJeus
https://us-cert.cisa.gov/ncas/alerts/aa21-048a
Python 3 Buffer Overflow
https://bugs.python.org/issue42938
Apple Platform Security Guide
https://support.apple.com/guide/security/welcome/web
]]> 5:40 apple, python, applejeus, trickbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7378 LinkedInSecureMessage Phish; M1 Malware; Masslogger; QNAP Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LinkedInSecureMessage Phish; M1 Malware; Masslogger; QNAP Patch https://traffic.libsyn.com/securitypodcast/7378.mp3 https://isc.sans.edu/podcastdetail/7378 Thu, 18 Feb 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/
Apple M1 Optimized Malware
https://objective-see.com/blog/blog_0x62.html
QNAP Surveilance Station Vulnerability
https://www.qnap.com/en/security-advisory/qsa-21-07
Masslogger Exfiltrates User Credentials
https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html
]]> 5:53 masslogger, qnap, apple, m1, linkedin, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7376 Port 26; MSFT Servicing Stack; Centreon; NPM VSCode RCE; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Port 26; MSFT Servicing Stack; Centreon; NPM VSCode RCE; https://traffic.libsyn.com/securitypodcast/7376.mp3 https://isc.sans.edu/podcastdetail/7376 Wed, 17 Feb 2021 02:05:03 GMT https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/
Microsoft Pulls Servicing Stack Update
https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/
Network Monitoring Company Centreon Compromised
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
VSCode NPM Extension RCE
https://github.com/jackadamson/CVE-2021-26700
]]> 5:15 npm, vscode, shareit, centreon, microsoft, servicing stack, tcp, port 26, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7374 pfSense vs Bufferbloat; Safer Safebrowsing; Power/Internet Outages; Phone Scam Success Rates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. pfSense vs Bufferbloat; Safer Safebrowsing; Power/Internet Outages; Phone Scam Success Rates https://traffic.libsyn.com/securitypodcast/7374.mp3 https://isc.sans.edu/podcastdetail/7374 Tue, 16 Feb 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Combat+Bufferbloat/27102/
Apple to Proxy Safe Browsing Requests
https://twitter.com/othermaciej/status/1359736220809531393
Power Outages and Some Network Outages as a Result
https://downdetector.com
Phone Scam Success Rates
https://www.helpnetsecurity.com/2021/02/15/lost-money-to-phone-scams/
https://nakedsecurity.sophos.com/2021/02/12/sms-tax-scam-unmasked-bogus-but-believable-dont-fall-for-it/
]]> 6:39 phone scam, sms, taxes, power outage, network outage, apple, safe browsing, pfsense, bufferbloat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7372 AgentTesla in CHM; Telegram Delivery Fraud; Accellion FTA Exploit; mHealth APIs; Bloomberg Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AgentTesla in CHM; Telegram Delivery Fraud; Accellion FTA Exploit; mHealth APIs; Bloomberg https://traffic.libsyn.com/securitypodcast/7372.mp3 https://isc.sans.edu/podcastdetail/7372 Mon, 15 Feb 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/
Telegram used to Defraud Delivery Serivces
https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/
Singtel Suffers Zero-DAy Cyberattack
https://threatpost.com/singtel-zero-day-cyberattack/163938/
Vulnerabilities in Mobile Health Apps
https://approov.io/download/all-that-we-let-in_hacking-mhealth-apps-and-apis.pdf
Bloomberg Supermicro Story
https://www.bloomberg.com/features/2021-supermicro/
https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/
]]> 7:49 bloomberg, mobile health, api, singtel, telegram, agent tesla, accellion, fta, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7370 Hidden Agent Tesla; McAfee Update; Intel Patches; Discord Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hidden Agent Tesla; McAfee Update; Intel Patches; Discord Malware https://traffic.libsyn.com/securitypodcast/7370.mp3 https://isc.sans.edu/podcastdetail/7370 Fri, 12 Feb 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/
McAfee Total Protection Vulnerabilities
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx
Intel Patches
https://blogs.intel.com/technology/2021/02/ipas-security-advisories-for-february-2021
Discord Used to Distribute Malware
https://www.zscaler.com/blogs/security-research/discord-cdn-popular-choice-hosting-malicious-payloads
]]> 5:41 discord, malware, patches, intel, mcafee, agent tesla, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7368 Simple Phish; Phishing Stats; Adobe Patch; Apple Patch; Stupid ISNs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Simple Phish; Phishing Stats; Adobe Patch; Apple Patch; Stupid ISNs https://traffic.libsyn.com/securitypodcast/7368.mp3 https://isc.sans.edu/podcastdetail/7368 Thu, 11 Feb 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/
Google Phishing Statistics
https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams
Adobe Security Updates
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
Apple Sudo Patch
https://support.apple.com/en-us/HT212177
Number:Jack ISN Generation Weaknesses
https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/
]]> 5:47 tcp/ip, tcp, sequence number, isn, number:jack, apple, sudo, adobe, reader, google, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7366 Microsoft Patch Tuesday; Dependency Confusion Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Dependency Confusion https://traffic.libsyn.com/securitypodcast/7366.mp3 https://isc.sans.edu/podcastdetail/7366 Wed, 10 Feb 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/
https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/
Dependency Confusion
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf
]]> 6:31 dependency, npm, pip, python, microsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7364 Tshark Malware Analysis; Bad Barcode Scanner; Morse Code Obfuscation; Water Supply Hacked Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Tshark Malware Analysis; Bad Barcode Scanner; Morse Code Obfuscation; Water Supply Hacked https://traffic.libsyn.com/securitypodcast/7364.mp3 https://isc.sans.edu/podcastdetail/7364 Tue, 09 Feb 2021 02:35:02 GMT https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/
Barcode Scanner Going Bad
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
Morse Code Obfuscation
https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/
Water Treatment Facility Compromised
https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-to-poison-supply-sheriff-says-idUSKBN2A82FV
]]> 5:49 water treatment, lye, firefox, morse code, teamviewer, barcode, tshark, python, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7362 VBA Macros vs. Application Menus; Great Suspender Malware; Chrome 0Day; Plex DDoS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VBA Macros vs. Application Menus; Great Suspender Malware; Chrome 0Day; Plex DDoS https://traffic.libsyn.com/securitypodcast/7362.mp3 https://isc.sans.edu/podcastdetail/7362 Mon, 08 Feb 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/
The Great Suspender Going Malicious
https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/
https://github.com/greatsuspender/thegreatsuspender/issues/1263
Google Chrome Zero Day
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
Plex Media SSDP Amplication DDoS
https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack
]]> 6:00 plex, ssdp, ddos, google chrome, 0day, great suspender, vpa macro, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7360 Data Exfill via Google Sync; MSFT Defender False Pos; MSIE 0Day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Data Exfill via Google Sync; MSFT Defender False Pos; MSIE 0Day https://traffic.libsyn.com/securitypodcast/7360.mp3 https://isc.sans.edu/podcastdetail/7360 Fri, 05 Feb 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/
Microsoft Defender ATP Google Chrome False Positive
https://twitter.com/itquartz/status/1356940218138509312
Social Engineering Attacks against Security Researchers Used IE 0 day
https://enki.co.kr/blog/2021/02/04/ie_0day.html#
https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/
]]> 6:27 ie 0 day, msft defender atp, google chrome, false positive, extension, data sync, google, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7358 From Excel to Cobalt Strike; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. From Excel to Cobalt Strike; https://traffic.libsyn.com/securitypodcast/7358.mp3 https://isc.sans.edu/podcastdetail/7358 Thu, 04 Feb 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/
SolarWinds Vulnerability
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28389
SolarWinds SANS Lightning Summit
https://www.sans.org/webcasts/solarwinds-lightning-summit-118550
SonicWall Patch
https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/
Cisco Advisories
https://tools.cisco.com/security/center/publicationListing.x
Realtek RTL8195A Wi-Fi Module Vulnerability
https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered
]]> 6:03 realtek, cisco, apple, macos, sudo, sonicwall, solarwinds, excel, systembc, cobalt strike, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7356 XSL Script Malware; Camerafirma CA; Kobalos HPC Malware; Agent Tesla vs. AMSI Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. XSL Script Malware; Camerafirma CA; Kobalos HPC Malware; Agent Tesla vs. AMSI https://traffic.libsyn.com/securitypodcast/7356.mp3 https://isc.sans.edu/podcastdetail/7356 Wed, 03 Feb 2021 11:25:02 GMT https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/
Camerfirma Certificate Authority Revocation
https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw
Kobalos HPC Linux Malware
https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/
Agent Tesla Overwries Windows AMSI
https://threatpost.com/agent-tesla-microsoft-asmi/163581/
]]> 6:07 agent tesla, amsi, kobalos, hpc, comerfirma, xsl, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7354 MacOS Update; Objective-See Open Source; iMessage Blastdoor; SonicWall Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MacOS Update; Objective-See Open Source; iMessage Blastdoor; SonicWall Update https://traffic.libsyn.com/securitypodcast/7354.mp3 https://isc.sans.edu/podcastdetail/7354 Tue, 02 Feb 2021 02:00:02 GMT https://support.apple.com/en-us/HT212147
Objective-See Tools Now Open Sources
https://twitter.com/patrickwardle/status/1356149073045143553
iMessage Blastdoor
https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html
SonicWall Update
https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/
]]> 6:07 sonicwall, imessage, blastdoor, objective-see, macos, 11.2, patch, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7352 Perl.com / SpamCop Domain Issues; libgcrypt vulnerability; Fingerprinting QUIC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Perl.com / SpamCop Domain Issues; libgcrypt vulnerability; Fingerprinting QUIC https://traffic.libsyn.com/securitypodcast/7352.mp3 https://isc.sans.edu/podcastdetail/7352 Mon, 01 Feb 2021 02:30:03 GMT https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html
Spamcop Domain Expired
https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/
libgcrypt vulnerability
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
Fingerprinting QUIC
https://arxiv.org/pdf/2101.11871.pdf
]]> 5:25 quic, libgcrypt, spamcop, perl, domain, hijack, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7350 Cryptojacking Worm; Slip Streaming 2.0; Shadowsocks Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cryptojacking Worm; Slip Streaming 2.0; Shadowsocks Update https://traffic.libsyn.com/securitypodcast/7350.mp3 https://isc.sans.edu/podcastdetail/7350 Fri, 29 Jan 2021 02:00:02 GMT https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/
SlipStreaming
https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/
Shadowsocks
https://shadowsocks.org/en/index.html
]]> 6:01 shadowsocks, slip streaming, cryptojacking, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7348 Emotet Takedown and Attack Surface Reduction; Go Lang Vuln; Azure Docker Escape Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet Takedown and Attack Surface Reduction; Go Lang Vuln; Azure Docker Escape https://traffic.libsyn.com/securitypodcast/7348.mp3 https://isc.sans.edu/podcastdetail/7348 Thu, 28 Jan 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/
Go Lang Vulnerability
https://blog.golang.org/path-security
Azure Docker Escape
https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/
]]> 6:17 azure, functions, docker, escape, go, emotet, attack surface, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7346 sudo vulnerability; Quakbot Update; Targeting Security Researchers; Apple Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. sudo vulnerability; Quakbot Update; Targeting Security Researchers; Apple Updates https://traffic.libsyn.com/securitypodcast/7346.mp3 https://isc.sans.edu/podcastdetail/7346 Wed, 27 Jan 2021 02:00:03 GMT https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Quakbot (QBot) Update
https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/
Targeting Security Researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Apple Updates iOS, iPad, tvOS, watchOS, Xcode and iCloud for Windows
https://support.apple.com/en-us/HT201222
]]> 6:41 ios, ipados, tvos, watchos, xcode, icloude, apple, google, quakbot, qgot, sudo, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7344 Hunting DoH Endpoints; Malicious NPM; Mitigating $I30; Proton VPN BSOD Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hunting DoH Endpoints; Malicious NPM; Mitigating $I30; Proton VPN BSOD https://traffic.libsyn.com/securitypodcast/7344.mp3 https://isc.sans.edu/podcastdetail/7344 Tue, 26 Jan 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/
Malicious NPM Module Stealing Discord Passwords
https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains
Mitigating the $I30 Bug
https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/
https://github.com/OSRDrivers/i30Flt
ProtonVPN BSOD
https://protonstatus.com/incidents/124
]]> 4:46 protonvpn, bsod, $i30, ntfs, patch, npm, doh, nmap, nse, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7342 JNLP Malware; SonicWall Breach/Vuln; iObit Breach/Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. JNLP Malware; SonicWall Breach/Vuln; iObit Breach/Ransomware https://traffic.libsyn.com/securitypodcast/7342.mp3 https://isc.sans.edu/podcastdetail/7342 Mon, 25 Jan 2021 02:10:03 GMT https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/
SonicWall Vulnerability Used to Breach SonicWall
https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/
iObit Forum Breached / Used for Ransomware Distribution
https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/
]]> 5:57 iobit, forum, ransomware, sonicwall, jnlp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7340 PS RunSpaces and REvil; SAP Exploit; Oracle Patches; RDP DDoS; High Performance Computing @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PS RunSpaces and REvil; SAP Exploit; Oracle Patches; RDP DDoS; High Performance Computing @sans_edu https://traffic.libsyn.com/securitypodcast/7340.mp3 https://isc.sans.edu/podcastdetail/7340 Fri, 22 Jan 2021 02:05:03 GMT https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/
SAP Exploit Circulating
https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2021.html
RDP Used for DDoS
https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification
Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI
https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010
]]> 13:50 krsi, sans_edu, billy milson, supwercomputers, hpsc, rdp, ddos, oracle, patches, SAP, Powershell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7338 SolarWinds Updates; Cisco Advisories; WebRTC State Issues; Oracle BI XSS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SolarWinds Updates; Cisco Advisories; WebRTC State Issues; Oracle BI XSS https://traffic.libsyn.com/securitypodcast/7338.mp3 https://isc.sans.edu/podcastdetail/7338 Thu, 21 Jan 2021 03:10:03 GMT https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/
Cisco Advisories
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html
Oracle Business Intelligence Enterprise Edition XSS
https://www.exploit-db.com/exploits/49444

]]> 7:10 evesdropping, signal, webrtc, facetime, cisco, solarwinds, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7336 Qakbot Back From Holiday; dnsmasq vulnerabilities; Freakout Malware; Kids Break Screensaver Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Qakbot Back From Holiday; dnsmasq vulnerabilities; Freakout Malware; Kids Break Screensaver https://traffic.libsyn.com/securitypodcast/7336.mp3 https://isc.sans.edu/podcastdetail/7336 Wed, 20 Jan 2021 02:15:02 GMT https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/
Multiple dnsmasq Vulnerabilities
https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf
FreakOut Malware
https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/
Kids Break Screensaver
https://github.com/linuxmint/cinnamon-screensaver/issues/354
]]> 5:49 kids, linux, screensaver, freakout, dnsmasq, qakbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7334 Malicious Document; CIS Cisco NX-OS Benchmark; Shazam Geolocation; Social Engineering via VoIP/Messaging Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious Document; CIS Cisco NX-OS Benchmark; Shazam Geolocation; Social Engineering via VoIP/Messaging https://traffic.libsyn.com/securitypodcast/7334.mp3 https://isc.sans.edu/podcastdetail/7334 Tue, 19 Jan 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/
Center for Internet Security Cisco NX-OS Benchmark
https://www.cisecurity.org/cis-benchmarks/
Exploit for Shazam Geolocation Vulnerablity
https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
Voice Phishing and Internal Messaging Systems Used to Escalate Privileges
https://www.ic3.gov/Media/News/2021/210115.pdf
]]> 5:45 vishing, fbi, exploit, shazam, cid, cisco, nx-os, doc, rtf, maldoc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7332 DNS over HTTPs; Netlogon DC Encforcement Mode; Apple Removing Firewall Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS over HTTPs; Netlogon DC Encforcement Mode; Apple Removing Firewall Bypass https://traffic.libsyn.com/securitypodcast/7332.mp3 https://isc.sans.edu/podcastdetail/7332 Mon, 18 Jan 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/
https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments
Netlogon Domain Controller Enforcement Mode Starting February 9th
https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/
Apple Removing ContentFilterExclusionList
https://www.patreon.com/posts/46179028
]]> 5:11 contentfilterexclusionlist, big sur, macos 11, firewall, apple, netlogon, zerologon, domain controller, dns, https, doh, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7330 Dynamic Excel 4 Analysis; NTFS Corruption; Cisco Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dynamic Excel 4 Analysis; NTFS Corruption; Cisco Vulnerabilities https://traffic.libsyn.com/securitypodcast/7330.mp3 https://isc.sans.edu/podcastdetail/7330 Fri, 15 Jan 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Dynamically+analyzing+a+heavily+obfuscated+Excel+4+macro+malicious+file/26986/
Odd Filename Corrupts NTFS Disks
https://twitter.com/jonasLyk/status/1347900440000811010
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
]]> 4:52 cisco, eol, ntfs, icon, filename, excel, spear phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7328 Hancitor is Back; Intel Anti Ransomware; Clouds Rain; SAP Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hancitor is Back; Intel Anti Ransomware; Clouds Rain; SAP Patches https://traffic.libsyn.com/securitypodcast/7328.mp3 https://isc.sans.edu/podcastdetail/7328 Thu, 14 Jan 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/
Intel Hardware-Enabled Ransomware Protections
https://www.cybereason.com/blog/cybereason-and-intel-introduce-hardware-enabled-ransomware-protections-for-businesses
Making Clouds Rain: RCE in Microsoft Office 365
https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html#fn:1
SAP Security Patch Day
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
]]> 6:02 sap, clouds, rce, office 365, interl, ransomware, hancitor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7326 MSFT Patches; Adobe Patches; Mimecast Cert Stolen; Leaking Silhouettes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patches; Adobe Patches; Mimecast Cert Stolen; Leaking Silhouettes https://traffic.libsyn.com/securitypodcast/7326.mp3 https://isc.sans.edu/podcastdetail/7326 Wed, 13 Jan 2021 02:15:02 GMT https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/
Adobe Patches
https://helpx.adobe.com/security.html
MimeCast Cert Stolen
https://www.mimecast.com/blog/important-update-from-mimecast/
Leaking Silhouettes of Cross-Origin Images
https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/
]]> 6:12 silhouettes, cross-origin, images, mimecast, adobe, msft, patches, updates, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7324 NVD CVEScan; Sysinternals Update; Ubiquity Breach; Run-Only AppleScript Reversing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NVD CVEScan; Sysinternals Update; Ubiquity Breach; Run-Only AppleScript Reversing https://traffic.libsyn.com/securitypodcast/7324.mp3 https://isc.sans.edu/podcastdetail/7324 Tue, 12 Jan 2021 02:00:02 GMT https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/
Sysinternals Update
https://docs.microsoft.com/en-us/sysinternals/
Ubiquiti Breach
https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/
Run-Only AppleScript Reversing
https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
]]> 5:57 run-only, apple script, macos, ubiquiti, unifi, breach, sysinternals, nvd, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7322 String Analysis; CVSS Reliability; Trump Video Malware; Covid Vacine Smishing; dnsrecon Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. String Analysis; CVSS Reliability; Trump Video Malware; Covid Vacine Smishing; dnsrecon https://traffic.libsyn.com/securitypodcast/7322.mp3 https://isc.sans.edu/podcastdetail/7322 Mon, 11 Jan 2021 02:05:02 GMT https://isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/
CVSS Reliablity Survey
https://user-surveys.cs.fau.de/index.php?r=survey/index&sid=248857
Fake Trump Video Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/
SMS Phishing (Smishing)
https://www.bbc.com/news/business-55563748
dnsren vulnerability
https://www.exploit-db.com/exploits/49394
]]> 5:47 dnsrecon, sms, phishing, smishing, trump video, malware, cvss, survey, maldoc, strings, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7320 NIST NVD API; Titan Security Key; Great Suspender Malware; Gnome Desktop Forensics @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NIST NVD API; Titan Security Key; Great Suspender Malware; Gnome Desktop Forensics @sans_edu https://traffic.libsyn.com/securitypodcast/7320.mp3 https://isc.sans.edu/podcastdetail/7320 Fri, 08 Jan 2021 02:30:02 GMT https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/
Titan Security Key
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf
The Great Suspender Google Chrome Extension
https://www.theregister.com/2021/01/07/great_suspender_malware/
Brian Nishida: Ubuntu Artifacts Generated by Gnome Desktop Environment
https://www.sans.org/reading-room/whitepapers/forensics/ubuntu-artifacts-generated-gnome-desktop-environment-40035
]]> 15:50 suspender, google, chrome, titan, u2f, fido2, nisc, nvd, api, sans_edu, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7318 Zyxel Exploitation; Fortinet Patches; Foxit PhatomPDF; Firefox Android Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Zyxel Exploitation; Fortinet Patches; Foxit PhatomPDF; Firefox Android Updates https://traffic.libsyn.com/securitypodcast/7318.mp3 https://isc.sans.edu/podcastdetail/7318 Thu, 07 Jan 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/Scans+for+Zyxel+Backdoors+are+Commencing/26954/
Fortinet Patches
https://www.fortiguard.com/psirt?date=01-2021
Foxit PhantomPDF Patches
https://www.foxitsoftware.com/support/security-bulletins.html
Firefox Android Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/
]]> 4:23 foxit, fortinet, zyxel, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7316 Netfox Detective; ElectroRAT; Chrome to Prefer https; Android Patches; Telegram Location bug/feature Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Netfox Detective; ElectroRAT; Chrome to Prefer https; Android Patches; Telegram Location bug/feature https://traffic.libsyn.com/securitypodcast/7316.mp3 https://isc.sans.edu/podcastdetail/7316 Wed, 06 Jan 2021 02:35:03 GMT https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/
ElectroRAT Drains Cryptocurrency Accounts
https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/
Chrome Will Prefer HTTPS over HTTP By Default
https://chromium-review.googlesource.com/c/chromium/src/+/2568448
Android January Patch Day
https://source.android.com/security/bulletin/2021-01-01
Telegram Publishes Users' Locations Online
https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
]]> 5:52 telegram, gps, location, android, chrome, google, tls, https, electrorat, cryptocurrencies, netfox, pcap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7314 From Small BAT to Infostealer; Citrix DTLS Flaw; Zend Deserialization Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. From Small BAT to Infostealer; Citrix DTLS Flaw; Zend Deserialization https://traffic.libsyn.com/securitypodcast/7314.mp3 https://isc.sans.edu/podcastdetail/7314 Tue, 05 Jan 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/From+a+small+BAT+file+to+Mass+Logger+infostealer/26946/
Citrix Releases Updates Addressing DTLS Flaw
https://support.citrix.com/article/CTX289674
Zend Framework Deserialization Flaw
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007
https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20 %20rce.md
]]> 5:24 zend, laminas, deserialization, php, stream, citrix, dtls, ddos, bat, logger, infostealer, powershell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7312 Traffic Analysis Quiz; Zyxel Backdoor; Microsoft Source Code Leak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Traffic Analysis Quiz; Zyxel Backdoor; Microsoft Source Code Leak https://traffic.libsyn.com/securitypodcast/7312.mp3 https://isc.sans.edu/podcastdetail/7312 Mon, 04 Jan 2021 02:00:03 GMT https://isc.sans.edu/forums/diary/End+of+Year+Traffic+Analysis+Quiz/26940/
Zyxel Backdoor
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
Microsoft Source Code Accessed As a Result of SolarWinds Backdoor
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
]]> 4:22 microsoft, solarwinds, zyxel, wireshark, traffic analysis quiz, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7310 Simple AV Priv Escalation; Go Miner Malware; AutoHotKey Credential Stealer Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Simple AV Priv Escalation; Go Miner Malware; AutoHotKey Credential Stealer https://traffic.libsyn.com/securitypodcast/7310.mp3 https://isc.sans.edu/podcastdetail/7310 Wed, 30 Dec 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Want+to+know+whats+in+a+folder+you+dont+have+a+permission+to+access+Try+asking+your+AV+solution/26932/
Coin Miner Malware Written in Go
https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/?fbclid=IwAR3eFiHCNoqr5mc2UAOcm8nocjUOjZn0cpcAiSoYmn__JtJfBbjqUUT1OwQ
AutoHotKey Credential Stealer
https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html
]]> 4:16 autohotkey, ahk, credential stealer, coinminer, miner, golang, go, av, priviledge escalation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7308 Android vs Let's Encrypt; Insufficient Windows Patch; Google Docs Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Android vs Let's Encrypt; Insufficient Windows Patch; Google Docs Vuln https://traffic.libsyn.com/securitypodcast/7308.mp3 https://isc.sans.edu/podcastdetail/7308 Tue, 29 Dec 2020 02:00:03 GMT https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
Insufficient Patch for Windows 8.1/10 Print Spooler
https://bugs.chromium.org/p/project-zero/issues/detail?id=2096
Google Docs Vulnerability
https://savebreach.com/stealing-private-documents-through-a-google-docs-bug/
CCC Conferences Virtual
https://streaming.media.ccc.de/rc3
]]> 5:28 ccc, google docs, windows, patch, print spooler, google, android, lets encrypt, acme, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7306 Quick Weekend Diaries; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Quick Weekend Diaries; https://traffic.libsyn.com/securitypodcast/7306.mp3 https://isc.sans.edu/podcastdetail/7306 Mon, 28 Dec 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/base64dumppy+Supported+Encodings/26924/
String Analysis and Maldocs
https://isc.sans.edu/forums/diary/Quickie+String+Analysis+Maldocs/26922/
Malicious Word Document Delivering an Octopus Backdoor
https://isc.sans.edu/forums/diary/Malicious+Word+Document+Delivering+an+Octopus+Backdoor/26918/
Analysis Dridex Dropper, IoC extraction
https://isc.sans.edu/forums/diary/Analysis+Dridex+Dropper+IoC+extraction+guest+diary/26920/
AT&T Outage due to Nashville Explosion
https://about.att.com/pages/disaster_relief/nashville.html
SolarWinds SUPERNOVA Malware / API Vulnerability
https://www.solarwinds.com/securityadvisory
Citrix ADC DDoS Attack
https://support.citrix.com/article/CTX289674
Crowdstrike Reporting Tool for Azure
https://github.com/CrowdStrike/CRT
]]> 5:35 crowdstrike, citric, dtls, ddos, solarwinds, supernova, atT, nashville, dridex, octopus, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7304 Wifi Geolocation Malware; New Treck IP Stack Vulns; Detecting Treck IP Stack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Wifi Geolocation Malware; New Treck IP Stack Vulns; Detecting Treck IP Stack https://traffic.libsyn.com/securitypodcast/7304.mp3 https://isc.sans.edu/podcastdetail/7304 Wed, 23 Dec 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Malware+Victim+Selection+Through+WiFi+Identification/26910/
New Treck IP Stack Vulnerabilities
https://treck.com/vulnerability-response-information/
Detecting Treck IP Stack
https://github.com/Forescout/project-memoria-detector
]]> 3:50 treck, ip stack, wifi, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7302 OpenPortStats.com; Dell Wyse Vuln; More Solarwinds Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OpenPortStats.com; Dell Wyse Vuln; More Solarwinds https://traffic.libsyn.com/securitypodcast/7302.mp3 https://isc.sans.edu/podcastdetail/7302 Tue, 22 Dec 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Whats+the+deal+with+openportstatscom/26912/
Dell Wyse ThinOS 8.6 Security Update
https://www.dell.com/support/kbdoc/en-hr/000180768/dsa-2020-281
SolarWinds 2nd Backdoor
https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
SolarWinds Domains
https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/
]]> 6:14 solarwinds, Backdoor, dns, passive dns, dell, wyse, thinsos, openportstats, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7300 Citrix ADC: One Year Later; VirusTotal vs. PE Explorer; Kasachstan TLS; 5G Vuln; Bouncy Castle Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Citrix ADC: One Year Later; VirusTotal vs. PE Explorer; Kasachstan TLS; 5G Vuln; Bouncy Castle https://traffic.libsyn.com/securitypodcast/7300.mp3 https://isc.sans.edu/podcastdetail/7300 Mon, 21 Dec 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/A+slightly+optimistic+tale+of+how+patching+went+for+CVE201919781/26900/
Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working
https://isc.sans.edu/forums/diary/Headsup+VirusTotal+Functionality+in+Sysinternals+Tools+Not+Working/26906/
Kasachstan: Browsers Block Government Certificate Authority
https://www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate/
5G Vulnerabilities
https://positive-tech.com/about/news/vulnerabilities-in-standalone-5g-networks-could-allow-attackers-to-steal-credentials-and-falsify-subscriber-authentication/
Bouncy Castle BCrypt Password Verification Error
https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/
]]> 5:31 bouncey castle, bcrypt, 5g, kasachstan, tls, virustotal, sysinternals, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7298 No Password Github; Android Updates; Trend Micro InterScan Vuln; Malicious Browser Extensions Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. No Password Github; Android Updates; Trend Micro InterScan Vuln; Malicious Browser Extensions https://traffic.libsyn.com/securitypodcast/7298.mp3 https://isc.sans.edu/podcastdetail/7298 Fri, 18 Dec 2020 02:00:03 GMT https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
Google Attempting to Speed Up OS Update Adoption
https://android-developers.googleblog.com/2020/12/treble-plus-one-equals-four.html
Trend Micro InterScan Web Security Virtual Appliance Vulnerability
https://success.trendmicro.com/solution/000283077
Malicios Browser Extensions
https://blog.avast.com/malicious-browser-extensions-avast
]]> 6:20 avast, browser extensions, trend micro, interscan, google, android, qualcom, github, authentication, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7296 Cloud DNS Logs; Solarwinds Update; HPE SIM Vuln; SAP HANA SAML Weakness @martingalloar Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cloud DNS Logs; Solarwinds Update; HPE SIM Vuln; SAP HANA SAML Weakness @martingalloar https://traffic.libsyn.com/securitypodcast/7296.mp3 https://isc.sans.edu/podcastdetail/7296 Thu, 17 Dec 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/
Solarwinds Update
https://www.heise.de/news/l-f-SolarWinds-Backdoor-Hersteller-sorgte-fuer-Ausnahmen-von-AV-Ueberwachung-4990910.html
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Hewlett Packard Enterprise Systems Insight Manager (SIM) Vulnerability
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us
SAP HANA SAML Validation Weakness
https://www.secureauth.com/blog/secureauth-uncovers-saml-validation-weakness-in-sap-hana/
]]> 6:06 SAP, HANA, SAML, HP, SIM, Solarwinds, Cloud, DNS, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7294 FireEye Maldoc; Difference Maker; F5 Big-IP; Google Outage; GoLang XML Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. FireEye Maldoc; Difference Maker; F5 Big-IP; Google Outage; GoLang XML https://traffic.libsyn.com/securitypodcast/7294.mp3 https://isc.sans.edu/podcastdetail/7294 Wed, 16 Dec 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Analyzing+FireEye+Maldocs/26882/
Didier Stevens: 2020 Difference Makers
https://www.sans.org/webcasts/2020-difference-makers-awards-ceremony-117154
F5 Big IP Vulnerabilities
https://support.f5.com/csp/article/K20984059
https://support.f5.com/csp/article/K42696541
https://support.f5.com/csp/article/K37960100
Google Outage
https://status.cloud.google.com/incident/zall/20013
GoLang XML Parser Vulnerabilities
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
]]> 6:21 golang, xml, saml, google, outage, f5, big-ip, didier stevens, difference makers, fireeye, maldoc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7292 SolarWinds Followup; Apple Updates Everything; SOREL-20M Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SolarWinds Followup; Apple Updates Everything; SOREL-20M https://traffic.libsyn.com/securitypodcast/7292.mp3 https://isc.sans.edu/podcastdetail/7292 Tue, 15 Dec 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/
https://sansurl.com/solarwinds
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Sophos and Reversing Labs Release 20 Million Malware Samples
https://github.com/sophos-ai/SOREL-20M
]]> 7:06 sophos, reversing labs, sorel-20m, apple, ios, macos, big sur, solarwinds, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7290 SolarWinds Compromise; Fireeye Yara Rules; Flash Player EOL; Subway UK Spreads Trickbot Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SolarWinds Compromise; Fireeye Yara Rules; Flash Player EOL; Subway UK Spreads Trickbot https://traffic.libsyn.com/securitypodcast/7290.mp3 https://isc.sans.edu/podcastdetail/7290 Mon, 14 Dec 2020 03:15:02 GMT https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/
Writing Yara Rules for Fun and Profit: Notes form the FireEye Breach Countermeasures
https://isc.sans.edu/forums/diary/Writing+Yara+Rules+for+Fun+and+Profit+Notes+from+the+FireEye+Breach+Countermeasures/26870/
Flash Player EoL
https://helpx.adobe.com/flash-player/release-note/fp_32_air_32_release_notes.html
Subway Marketing System Hacked to Send TrickBot Malware Emails
https://www.bleepingcomputer.com/news/security/subway-marketing-system-hacked-to-send-trickbot-malware-emails/
]]> 5:44 solarwinds, flash, yara, fireeye, subway, trickbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7288 ngrok Python Backdoor; Cisco Jabber Patches; SANS Holiday Hackchallenge; Desierailization; @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ngrok Python Backdoor; Cisco Jabber Patches; SANS Holiday Hackchallenge; Desierailization; @sans_edu https://traffic.libsyn.com/securitypodcast/7288.mp3 https://isc.sans.edu/podcastdetail/7288 Fri, 11 Dec 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Python+Backdoor+Talking+to+a+C2+Through+Ngrok/26866/
Cisco Releases Improved Patch for Jabber Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO
https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/

SANS Holiday Hack Challenge
https://holidayhackchallenge.com/2020/
Karim Lalji: Fear of the Unkown: A Metanalysis of Insecure Object Deserialization Vulnerabilities
https://www.sans.org/reading-room/whitepapers/testing/fear-unknown-metanalysis-insecure-object-deserialization-vulnerabilities-39920
]]> 13:21 sans_edu, karim lalji, deserialization, sans holiday hack, cisco, kringlecon, jabber, python, ngrok, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7286 Oblivious DNS over HTTPs; @httparchive almanach; IoT TCP/IP Stacks; Fireeye Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Oblivious DNS over HTTPs; @httparchive almanach; IoT TCP/IP Stacks; Fireeye https://traffic.libsyn.com/securitypodcast/7286.mp3 https://isc.sans.edu/podcastdetail/7286 Thu, 10 Dec 2020 02:00:03 GMT https://blog.cloudflare.com/oblivious-dns/
HTTP Archive Almanach
https://almanac.httparchive.org/en/2020/security
Open Source IoT TCP/IP Stack Vulnerabilities
https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/
Fireeye Red Team Tool Signatures
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
]]> 6:18 fireeye, forescout, tcp/ip, iot, httparchive, almanach, odoh, oblivious, apple, cloudflare, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7284 Microsoft Patches; Adobe Patches; OpenSSL Patches; and more Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patches; Adobe Patches; OpenSSL Patches; and more Patches https://traffic.libsyn.com/securitypodcast/7284.mp3 https://isc.sans.edu/podcastdetail/7284 Wed, 09 Dec 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/December+2020+Microsoft+Patch+Tuesday+Exchange+Sharepoint+Dynamics+and+DNS+Spoofing/26860/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
OpenSSL Patch (Tuesday)
https://www.openssl.org/news/secadv/20201208.txt
]]> 5:51 openssl, adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7282 BASE64 Tricks; MSFT Teamcs RCE; PlayStation Now RCE; Cisco Security Manager RCE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BASE64 Tricks; MSFT Teamcs RCE; PlayStation Now RCE; Cisco Security Manager RCE https://traffic.libsyn.com/securitypodcast/7282.mp3 https://isc.sans.edu/podcastdetail/7282 Tue, 08 Dec 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Corrupt+BASE64+Strings+Detection+and+Decoding/26616/
Microsoft Teams Remote Code Execution Vulnerability (Patched)
https://github.com/oskarsve/ms-teams-rce
PlayStation Now RCE
https://hackerone.com/reports/873614
Cisco Security Manager Java Deserialization Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD
]]> 5:44 base64, MSFT teams, electron, rce, playstation, psnow, cisco, security manager, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7280 Proxy Scanner; De-Pixalating Passwords; Tomcat Info Leak; Google Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Proxy Scanner; De-Pixalating Passwords; Tomcat Info Leak; Google Updates https://traffic.libsyn.com/securitypodcast/7280.mp3 https://isc.sans.edu/podcastdetail/7280 Mon, 07 Dec 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Is+IP+91199118137+testing+Access+to+aahwwx52hostxyz/26852/
Recovering Passwords From Pixelized Screenshots
https://www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema/
Tomcat Information Leak
http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E
Google Updates
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
]]> 5:52 proxy scanner, pixelated passwords, depixalating, tomcat, google, chrome, updates, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7278 Packet Challenge; iOS Zero Click to Exploit; GitHub Report; Implementing CIS Benchmark @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Packet Challenge; iOS Zero Click to Exploit; GitHub Report; Implementing CIS Benchmark @sans_edu https://traffic.libsyn.com/securitypodcast/7278.mp3 https://isc.sans.edu/podcastdetail/7278 Fri, 04 Dec 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Mr+Natural/26844/
An iOS Zero-Click Radio Proximity Exploit Odyssey
https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
Github "State of the Octoverse" Report
https://octoverse.github.com/static/2020-security-report.pdf
Christopher Hurless: Open-Source Endpoint Detection and Response with CIS Benchmarks, OSQuery, Elastic Stack and The Hive
https://www.sans.org/reading-room/whitepapers/incident/open-source-endpoint-detection-response-cis-benchmarks-osquery-elastic-stack-thehive-39900
]]> 16:48 christopher hurless, sans.edu, sti, @sans_edu, cis, benchmark, thehive, osquery, elastic stack, github, ios, radio, wdsl, traffic quiz, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7276 DNS Spoofing; Bladabindi via npm; DarkIRC vs. WebLogic Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS Spoofing; Bladabindi via npm; DarkIRC vs. WebLogic https://traffic.libsyn.com/securitypodcast/7276.mp3 https://isc.sans.edu/podcastdetail/7276 Thu, 03 Dec 2020 02:00:02 GMT https://arxiv.org/abs/2011.12978
New npm Malware Includes Bladabindi Trojan
https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware
DarkIRC Bot Exploits Recent Oracle WebLogic Vulnerablity
https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability
]]> 6:54 Darkirc, weblogic, juniper, npm, bladabindi, dns, spoofing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7274 Xanthe Docker Aware Miner; Ocean Lotus Mac Backdoor; OpenClinic vs OpenClinic GA; Cyberstart Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Xanthe Docker Aware Miner; Ocean Lotus Mac Backdoor; OpenClinic vs OpenClinic GA; Cyberstart https://traffic.libsyn.com/securitypodcast/7274.mp3 https://isc.sans.edu/podcastdetail/7274 Wed, 02 Dec 2020 02:00:02 GMT https://blog.talosintelligence.com/2020/12/xanthe-docker-aware-miner.html#more
Ocean Lotus Mac Backdoor
https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html
OpenClinic vs OpenClinic GA
https://labs.bishopfox.com/advisories/openclinic-version-0.8.2
https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01
https://sourceforge.net/p/open-clinic/discussion/1231980/thread/a2e8909fc5/
Register For Cyberstart
https://www.cyberstartamerica.org
]]> 8:54 cyberstart, openclinic, medical, ocean lotus, backdoor, mac, apple, xanthe, docker, miner, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7272 Decrypting PowerShell; TrendMicro Vuln; WebKit Update; New Skimmer JS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Decrypting PowerShell; TrendMicro Vuln; WebKit Update; New Skimmer JS https://traffic.libsyn.com/securitypodcast/7272.mp3 https://isc.sans.edu/podcastdetail/7272 Tue, 01 Dec 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Decrypting+PowerShell+Payloads+video/26838/
Trend Micro ServerProtect for Linux
https://success.trendmicro.com/solution/000281950
WebKit Vulnerabilities
https://blog.talosintelligence.com/2020/11/vuln-spotlight-webkit-use-after-free-nov-2020.html
New Skimmer JS
https://twitter.com/AffableKraut/status/1333258498910588928
]]> 6:12 skimmer, javascript, webkit, trend micro, powershell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7270 Powershell Patching Windows API; Dangers of IoT Gifts; MobileIron Vuln Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Powershell Patching Windows API; Dangers of IoT Gifts; MobileIron Vuln Exploited https://traffic.libsyn.com/securitypodcast/7270.mp3 https://isc.sans.edu/podcastdetail/7270 Mon, 30 Nov 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Live+Patching+Windows+API+Calls+Using+PowerShell/26826/
Threat Hunting with JARM
https://isc.sans.edu/forums/diary/Threat+Hunting+with+JARM/26832/
https://isc.sans.edu/forums/diary/Quick+Tip+Using+JARM+With+a+SOCKS+Proxy/26834/
Be Careful With IoT Gifts
https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/
https://www.cyberscoop.com/smart-doorbells-amazon-ebay-ncc-vulnerabilities/
Active Exploitation of Mobile Iron Vulnerabilities
https://www.ncsc.gov.uk/news/alert-multiple-actors-attempt-exploit-mobileiron-vulnerability
]]> 6:35 mobileiron, iot, gifts, door bells, doorbells, jarm, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7268 TCP RST; VMware Advisory; Holiday Hack Challenge; @KringleCon Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TCP RST; VMware Advisory; Holiday Hack Challenge; @KringleCon https://traffic.libsyn.com/securitypodcast/7268.mp3 https://isc.sans.edu/podcastdetail/7268 Wed, 25 Nov 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/The+special+case+of+TCP+RST/26824/
VMWare Workspace Vulnerability
https://www.theregister.com/2020/11/24/vmware_urges_sysadmins_to_implement/
Holiday Hack Challenge 2020
https://holidayhackchallenge.com/2020/
]]> 11:17 holiday, hack challenge, vmware, tcp, resets rst, kringlecon, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7266 Cobalt Strike Beacon; Godaddy Social Engineering; FBI Domain Spoofing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cobalt Strike Beacon; Godaddy Social Engineering; FBI Domain Spoofing https://traffic.libsyn.com/securitypodcast/7266.mp3 https://isc.sans.edu/podcastdetail/7266 Tue, 24 Nov 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Quick+Tip+Cobalt+Strike+Beacon+Analysis/26818/
Godaddy Social Engineering Used to Compromise Bitcoin Exchange Domains
https://blog.liquid.com/security-incident-november-13-2020
Spoofed FBI Domains
https://www.ic3.gov/Media/Y2020/PSA201123
]]> 3:42 fbi, domains, godaddy, bitcoin, cobalt strike, beacon, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7264 VMWare Update; DB2 Vuln; Fortinet SSL VPN Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VMWare Update; DB2 Vuln; Fortinet SSL VPN https://traffic.libsyn.com/securitypodcast/7264.mp3 https://isc.sans.edu/podcastdetail/7264 Mon, 23 Nov 2020 02:00:02 GMT https://www.vmware.com/security/advisories/VMSA-2020-0026.html
IBM DB2 Vulnerability
https://www.ibm.com/support/pages/node/6370025
https://www.ibm.com/support/pages/node/6370023
Fortinet SSL VPN Exploit Used to Collect Credentials
https://twitter.com/Bank_Security/status/1329426020647243778
]]> 3:53 fortinet, vpn, epxloits, ibm db2, VMWare ESXi, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7262 PowerShell Drops Formbook; Google Phish; JARM TLS Fingerprint; ICS and IDS @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PowerShell Drops Formbook; Google Phish; JARM TLS Fingerprint; ICS and IDS @sans_edu https://traffic.libsyn.com/securitypodcast/7262.mp3 https://isc.sans.edu/podcastdetail/7262 Fri, 20 Nov 2020 02:35:03 GMT https://isc.sans.edu/forums/diary/PowerShell+Dropper+Delivering+Formbook/26806/
Google Leading the Way in Phishing
https://www.armorblox.com/blog/ok-google-build-me-a-phishing-campaign
Identifying Malicious Servers With JARM
https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a
Daniel Behrens: Industrial Traffic Collection: Understanding the Implications of Deploying Visibility Without Impacting Production
https://www.sans.org/reading-room/whitepapers/ICS/industrial-traffic-collection-understanding-implications-deploying-visibility-impacting-production-39810
]]> 15:59 sans_edu, ics, ids, jarm, salesforce, google, phishing, powershell, formbook, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7260 More Controls Less Security; Google Chrome Update; Firefox HTTPS Only; Windows Kerberos Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Controls Less Security; Google Chrome Update; Firefox HTTPS Only; Windows Kerberos https://traffic.libsyn.com/securitypodcast/7260.mp3 https://isc.sans.edu/podcastdetail/7260 Thu, 19 Nov 2020 02:55:02 GMT https://isc.sans.edu/forums/diary/When+Security+Controls+Lead+to+Security+Issues/26804/
Google Chrome Update
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
Firefox 83 HTTPS Only Mode
https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
OOB Windows Kerberos Update
https://docs.microsoft.com/en-us/windows/release-information/windows-message-center
Cisco WebEx Patch Fixes "Ghost Users"
https://securityintelligence.com/posts/ibm-works-with-cisco-exorcise-ghosts-webex-meetings/
Ransomware Flooding Printers
https://twitter.com/Irlenys/status/1327784305465188353
]]> 5:07 ransomware, egregor, webex, kerberos, firefox, https, chrome, google, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7258 MacOS 11 FW Bypass; Apple OCSP Changes; Cisco Security Manager @frycos Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MacOS 11 FW Bypass; Apple OCSP Changes; Cisco Security Manager @frycos https://traffic.libsyn.com/securitypodcast/7258.mp3 https://isc.sans.edu/podcastdetail/7258 Wed, 18 Nov 2020 03:20:03 GMT https://twitter.com/patrickwardle/status/1327726496203476992
Apple Improving Privacy on App Certificate Checks
https://support.apple.com/en-us/HT202491
Cisco Security Manager Vulnerabilities
https://gist.github.com/Frycos/8bf5c125d720b3504b4f28a1126e509e
https://tools.cisco.com/security/center/publicationListing.x
]]> 5:37 macos, big sur, privacy, firewall, apple, ocsp, cisco, security manager, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7256 Old Vulnerabilities; XenApp/Desktop Update; Anti Zoombombing; Firefox Vuln Details Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Old Vulnerabilities; XenApp/Desktop Update; Anti Zoombombing; Firefox Vuln Details https://traffic.libsyn.com/securitypodcast/7256.mp3 https://isc.sans.edu/podcastdetail/7256 Tue, 17 Nov 2020 03:40:02 GMT https://isc.sans.edu/forums/diary/Heartbleed+BlueKeep+and+other+vulnerabilities+that+didnt+disappear+just+because+we+dont+talk+about+them+anymore/26798/
Citrix Virtual Apps and Desktops Security Update
https://support.citrix.com/article/CTX285059
Zoom Security Improvements
https://blog.zoom.us/new-ways-to-combat-zoom-meeting-disruptions/
Firefox File Read Vulnerability Details
https://medium.com/@kanytu/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d
]]> 6:10 firefox, zoom, citrix, xenapp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7254 Oledump Update; Old Malware New Clothes; MacOS OCSP Woes; VoltPillager SGX Attack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Oledump Update; Old Malware New Clothes; MacOS OCSP Woes; VoltPillager SGX Attack https://traffic.libsyn.com/securitypodcast/7254.mp3 https://isc.sans.edu/podcastdetail/7254 Mon, 16 Nov 2020 02:13:12 GMT https://isc.sans.edu/forums/diary/oledumps+Indicator/26794/
Old Worm But New Obfuscation Technique
https://isc.sans.edu/forums/diary/Old+Worm+But+New+Obfuscation+Technique/26792/
MacOS OCSP Disaster
https://blog.cryptohack.org/macos-ocsp-disaster
VoltPillager: Hardware-base fault injection attacks against Instel SGX Enclaves using the SVID voltage scaling interface
https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf
]]> 6:41 voltpillager, sgx, macos, ocsp, oledump, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7252 Exposed Azure Blobs; MacOS Security Updates; DNS Cache Poisoning Again; Poisoned Postman @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exposed Azure Blobs; MacOS Security Updates; DNS Cache Poisoning Again; Poisoned Postman @sans_edu https://traffic.libsyn.com/securitypodcast/7252.mp3 https://isc.sans.edu/podcastdetail/7252 Fri, 13 Nov 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/
Apple Security Updates
https://support.apple.com/en-us/HT201222
DNS Cache Poisoning Attack Reloaded
https://dl.acm.org/doi/pdf/10.1145/3372297.3417280
Rebel Powell: Poisoned Postman; Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment
https://www.sans.org/reading-room/whitepapers/cloud/poisoned-postman-detecting-manipulation-compliance-features-microsoft-exchange-online-environment-39850
]]> 14:03 rebel powell, sans.edu, dns, cache poisoning, apple, updates, big sur, azure blobs, macos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7250 Traffic Analysis Quiz; OSS Security Scorecards; Bitdefender UPX Issues; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Traffic Analysis Quiz; OSS Security Scorecards; Bitdefender UPX Issues; https://traffic.libsyn.com/securitypodcast/7250.mp3 https://isc.sans.edu/podcastdetail/7250 Thu, 12 Nov 2020 02:15:03 GMT https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+DESKTOPFX23IK5/26780/
Open Source Security Scorecards
https://github.com/ossf/scorecard
Bitdefender: UPX Unpacking Featuring Ten Memory Corruptions
https://landave.io/2020/11/bitdefender-upx-unpacking-featuring-ten-memory-corruptions/
Ubuntu 20.04 Privilege Escalation
https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
]]> 6:02 ubuntu, gdm, bitdefender, upx, packer, unpacker, compression, decompression, traffic analysis quiz, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7248 Microsoft Patch Tuesday; Platypus; Adobe/Firefox Updates; Fingerprinting ADS-B Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Platypus; Adobe/Firefox Updates; Fingerprinting ADS-B https://traffic.libsyn.com/securitypodcast/7248.mp3 https://isc.sans.edu/podcastdetail/7248 Wed, 11 Nov 2020 10:59:38 GMT https://isc.sans.edu/forums/diary/Microsoft+November+2020+Patch+Tuesday/26778/
"Platypus" Attack against Intel SGX
https://platypusattack.com/
Adobe Updates
https://helpx.adobe.com/security.html
Firefox Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950
Fingerprinting ADS-B Signals
https://icnp20.cs.ucr.edu/proceedings/aimcom2/Real-World%20ADS-B%20signal%20recognition%20based%20on%20Radio%20Frequency%20Fingerprinting.pdf
]]> 6:26 ads-b, firefox, adobe, platypus, intel, side-channel, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7246 How Attackers Improve; Linux Ransomware; Malicious MSFT Teams; NPM Malware; RPKI Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. How Attackers Improve; Linux Ransomware; Malicious MSFT Teams; NPM Malware; RPKI Update https://traffic.libsyn.com/securitypodcast/7246.mp3 https://isc.sans.edu/podcastdetail/7246 Tue, 10 Nov 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/How+Attackers+Brush+Up+Their+Malicious+Scripts/26770/
RansomEXX Trojan Attacks Linux Systems
https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/
Fake Microsoft Teams Updates Lead to Cobalt Strike Deployment
https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/
More NPM Malare Found
https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys-
The Internet is Getting Safer: Fall 2020 RPKI Update
https://blog.cloudflare.com/rpki-2020-fall-update/
]]> 5:58 rpki, npm, microsoft, cobalt strike, teams, ransomexx, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7244 WebLogic Coin Mining; Extract VBA; Let's Encrypt Updates; set_fs(); BigIP Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WebLogic Coin Mining; Extract VBA; Let's Encrypt Updates; set_fs(); BigIP https://traffic.libsyn.com/securitypodcast/7244.mp3 https://isc.sans.edu/podcastdetail/7244 Mon, 09 Nov 2020 02:00:02 GMT Cryptojacking Targeting WebLogic TCP/7001
https://isc.sans.edu/forums/diary/Cryptojacking+Targeting+WebLogic+TCP7001/26768/
Extracting VBA Code From Maldocs
https://isc.sans.edu/forums/diary/Quick+Tip+Extracting+all+VBA+Code+from+a+Maldoc/26772/
Let's Encrypt May No Longer Be Recognized by Older Android Versions
https://letsencrypt.org/2020/11/06/own-two-feet.html
Linux Kernel to Remove set_fs()
http://lkml.iu.edu/hypermail/linux/kernel/2010.3/00552.html
BigIP Vulnerability
https://support.f5.com/csp/article/K43310520]]> 5:16 bigip, linux, set_fs, lets encrypt, android, vba, cryptojacking, weblogic, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7242 Find "Invoke-Expression"; Apple Updates; VoIP Fraud; Replacing WINS @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Find "Invoke-Expression"; Apple Updates; VoIP Fraud; Replacing WINS @sans_edu https://traffic.libsyn.com/securitypodcast/7242.mp3 https://isc.sans.edu/podcastdetail/7242 Fri, 06 Nov 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Did+You+Spot+InvokeExpression/26762/
Apple Security Updates
https://support.apple.com/en-us/HT201222
Corporte VoIP Phone System Attacks
https://blog.checkpoint.com/2020/11/05/whos-calling-gaza-and-west-bank-hackers-exploit-and-monetize-corporate-voip-phone-system-vulnerability-internationally/
Mark Lucas: Replacing WINS in an Open Environment with Policy Managed DNS Servers
https://www.sans.org/reading-room/whitepapers/dns/replacing-wins-open-environment-policy-managed-dns-servers-39820
]]> 15:51 invoke-epxression, powershell, apple, macos, ios, ipados, patches, voip, asterisk, mark lucas, wins, dns, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7240 Cisco AnyConnect Vuln; Chrome Root CA Policy; Android Security Bulletin Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cisco AnyConnect Vuln; Chrome Root CA Policy; Android Security Bulletin https://traffic.libsyn.com/securitypodcast/7240.mp3 https://isc.sans.edu/podcastdetail/7240 Thu, 05 Nov 2020 02:00:02 GMT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
Google Chrome Root CA Policy
https://www.chromium.org/Home/chromium-security/root-ca-policy
Android November 2020 Security Bulletin
https://source.android.com/security/bulletin/2020-11-01
]]> 5:39 Cisco Anyconnect, google, chrome, CA, TLS, Android, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7238 Cobalt Strike and WebLogic; SaltSack; Adobe; Twilio NPM Brandjacking; GitHub Workflows Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cobalt Strike and WebLogic; SaltSack; Adobe; Twilio NPM Brandjacking; GitHub Workflows https://traffic.libsyn.com/securitypodcast/7238.mp3 https://isc.sans.edu/podcastdetail/7238 Wed, 04 Nov 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752
New SaltStack Vulnerabilities
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
Adobe Releases Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
Malicious Twilio NPM Package
https://www.npmjs.com/advisories/1574
GitHub Workflow Injection Vulnerabilities
https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids
]]> 5:16 github, twilio, npm, adobe, acrobat, reader, saltstack, weblogic, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7236 Emotet :hearts: Qakbot; WebLogic Bad News; Google Chrome Udpate Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet :hearts: Qakbot; WebLogic Bad News; Google Chrome Udpate https://traffic.libsyn.com/securitypodcast/7236.mp3 https://isc.sans.edu/podcastdetail/7236 Tue, 03 Nov 2020 02:00:03 GMT Qakbot -> More Emotet
https://isc.sans.edu/forums/diary/Emotet+Qakbot+more+Emotet/26750/
WebLogic Bad News
https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
https://twitter.com/80vul/status/1322078337137700865
Google Chrome Update
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
NAT Slipstreaming Re-Discovered
https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html
]]> 6:39 NAT, slipstreaming, google, chrome, weblogic, emotet, qakbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7234 CAA Records; Unpatched Windows Bug Exploited; Operation Kitsone Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CAA Records; Unpatched Windows Bug Exploited; Operation Kitsone https://traffic.libsyn.com/securitypodcast/7234.mp3 https://isc.sans.edu/podcastdetail/7234 Mon, 02 Nov 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Quick+Status+of+the+CAA+DNS+Record+Adoption/26738/
Windows Kernel cng.sys pool-based buffer overflow CVE-2020-17087
https://bugs.chromium.org/p/project-zero/issues/detail?id=2104
Operation Earth Kitsune
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations
]]> 5:30 kistune, mattermost, slack, github, trendmicro, windows, kernel, privilege escalation, caa, dns, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7232 WebLogic CVE-2020-14882 Exploit; ZoneAlarm Update; Ransomware and Healthcare; OpenEMR Vulns; @sans_edu: Serverless Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WebLogic CVE-2020-14882 Exploit; ZoneAlarm Update; Ransomware and Healthcare; OpenEMR Vulns; @sans_edu: Serverless https://traffic.libsyn.com/securitypodcast/7232.mp3 https://isc.sans.edu/podcastdetail/7232 Fri, 30 Oct 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/PATCH+NOW+CVE202014882+Weblogic+Actively+Exploited+Against+Honeypots/26734/
Zonealarm Update
https://www.zonealarm.com/software/extreme-security/release-history
Ransomware Targeting Healthcare
https://us-cert.cisa.gov/ncas/alerts/aa20-302a
OpenEMR Vulnerabilities
https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability
Mishka McCowan: Mitigating Risk with the CSA 12 Critical Risks for Serverless Applications
https://www.sans.org/reading-room/whitepapers/cloud/mitigating-risk-csa-12-critical-risks-serverless-applications-39845
]]> 14:55 openemr, ransomware, ryuk, zonealarm, cve-2020-14882, weblogic, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7230 Reminder: SMBGhost; MSFT Defender ATP False Positives; QNAP; Linux Trickbot; Abuse.ch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reminder: SMBGhost; MSFT Defender ATP False Positives; QNAP; Linux Trickbot; Abuse.ch https://traffic.libsyn.com/securitypodcast/7230.mp3 https://isc.sans.edu/podcastdetail/7230 Thu, 29 Oct 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/SMBGhost+the+critical+vulnerability+many+seem+to+have+forgotten+to+patch/26732/
Microsoft Defender ATP Cobalt Strike False Positive
https://twitter.com/ffforward/status/1321375690084810753?s=20
QNAP Security Advisory
https://www.qnap.com/en/security-advisory/QSA-20-09
New Linux Trickbot Version Sighted
https://www.netscout.com/blog/asert/dropping-anchor
Abuse.ch Needs Help
https://abuse.ch/blog/moving-forward/
]]> 5:51 abuse.ch, linux, trickbot, qnap, microsoft, atp, cobalt strike, smbghost, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7228 SonarQube Exploited; MSFT Edge/Chrome Updates; Flash Removal Tool; MSFT Teams Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SonarQube Exploited; MSFT Edge/Chrome Updates; Flash Removal Tool; MSFT Teams https://traffic.libsyn.com/securitypodcast/7228.mp3 https://isc.sans.edu/podcastdetail/7228 Wed, 28 Oct 2020 02:00:03 GMT https://beta.documentcloud.org/documents/20399900-fbi_flash_sonarqube_access_bc
Microsoft Edge Security Updates (Chromium-Based)
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
Microsoft Releases Flash Removal Tool
https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player
Bypassing MSFT Teams Policies
https://o365blog.com/post/teams-policies/
]]> 5:19 microsoft teams, flash removal tool, flash player, microsoft, chrome, edge, chromium, sonarqube, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7226 Excel 4 Visibility; HP Revoked Cert; Link Preview Privacy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Excel 4 Visibility; HP Revoked Cert; Link Preview Privacy https://traffic.libsyn.com/securitypodcast/7226.mp3 https://isc.sans.edu/podcastdetail/7226 Tue, 27 Oct 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Excel+4+Macros+Abnormal+Sheet+Visibility/26726/
HP Printer Applications Certificate Revoked
https://eclecticlight.co/2020/10/23/why-have-my-hp-printers-stopped-working-how-to-check-their-software-signature/
Link Previews and Privacy
https://www.mysk.blog/2020/10/25/link-previews/
]]> 6:09 link previews, privacy, hp, certificates, macos, excel, visibility, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7224 Censys vs Shodan; Sooty; ML Attacks; #Samsung #S20 RCE; #VMWare Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Censys vs Shodan; Sooty; ML Attacks; #Samsung #S20 RCE; #VMWare Patches https://traffic.libsyn.com/securitypodcast/7224.mp3 https://isc.sans.edu/podcastdetail/7224 Mon, 26 Oct 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/An+Alternative+to+Shodan+Censys+with+UserAgent+CensysInspect11/26718/
Sooty: SOC Analyst's All-in-One Tool
https://isc.sans.edu/forums/diary/Sooty+SOC+Analysts+AllinOne+Tool/26714/
Adversarial ML Threat Matrix
https://github.com/mitre/advmlthreatmatrix
Samsung S20 RCE
https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/
VMWare Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0023.html
]]> 5:39 vmware, samson, s20, machine learning, sooty, censys, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7222 BazarLoader Samples; Secure Boot Reviews Stalled; Cisco Advisories Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BazarLoader Samples; Secure Boot Reviews Stalled; Cisco Advisories https://traffic.libsyn.com/securitypodcast/7222.mp3 https://isc.sans.edu/podcastdetail/7222 Fri, 23 Oct 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/BazarLoader+phishing+lures+plan+a+Halloween+party+get+a+bonus+and+be+fired+in+the+same+afternoon/26710/
Stalled Reviews for Secure Boot Shim
https://github.com/rhboot/shim-review/issues/120
https://github.com/rhboot/shim-review/issues/102#issuecomment-698963751
Cisco Advisories
https://tools.cisco.com/security/center/publicationListing.x
]]> 5:42 cisco, secure boot, uefi, shim, bazarloader, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7220 Agent Tesla Shipping Emails; CN Exploits Usual Vulns; URL Bar Spoofing; Oracle CPU Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Agent Tesla Shipping Emails; CN Exploits Usual Vulns; URL Bar Spoofing; Oracle CPU https://traffic.libsyn.com/securitypodcast/7220.mp3 https://isc.sans.edu/podcastdetail/7220 Thu, 22 Oct 2020 02:15:02 GMT https://isc.sans.edu/forums/diary/Shipping+dangerous+goods/26702/
Chinese State-Sponsored Actors Exploit Same Vulnerablities as Others
https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
URL Bar Spoofing Vulnerabilities
https://thehackernews.com/2020/10/browser-address-spoofing-vulnerability.html
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2020.html
]]> 5:40 oracle, cpu, patch, url, url bar, chinese, nsa, tesla, agent tesla, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7218 Mirai in Python; Chrome Urgent Patch; QNAP ZeroLogon Patch; GravityRat; US Census Spoof Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mirai in Python; Chrome Urgent Patch; QNAP ZeroLogon Patch; GravityRat; US Census Spoof https://traffic.libsyn.com/securitypodcast/7218.mp3 https://isc.sans.edu/podcastdetail/7218 Wed, 21 Oct 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Miraialike+Python+Scanner/26698/
Google Chrome Update (actively exploited vulnerability fixed)
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
QNAP Fixes ZeroLogon Vulnerability
https://www.qnap.com/en/security-advisory/qsa-20-07
GravityRat Going Multi Platform
https://usa.kaspersky.com/about/press-releases/2020_infamous-gravity-rat-spyware-evolves-to-target-multiple-platforms
US Census Spoof
https://beta.documentcloud.org/documents/20397864-fbi-flash-unattributed-entities-register-domains-10142020
]]> 5:49 us census, census, gravityrat, qnap, google, chrome, mirai, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7216 Out of Band #MSFT Patches; #SS7 Attacks; Adobe #Magento Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Out of Band #MSFT Patches; #SS7 Attacks; Adobe #Magento Patches https://traffic.libsyn.com/securitypodcast/7216.mp3 https://isc.sans.edu/podcastdetail/7216 Tue, 20 Oct 2020 02:00:03 GMT https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
Adobe Magento Patches
https://helpx.adobe.com/security/products/magento/apsb20-59.html
Attacks against SS7
https://www.haaretz.com/israel-news/tech-news/.premium-exclusive-intricate-hack-against-israeli-crypto-execs-mossad-investigating-1.9211991
https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/
]]> 5:08 ss7, msft, patches, adobe, magento, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7214 CVE-2020-5135 #SonicWall RCE Vuln; Malspammer Mistakes; Traffic Analysis Quiz; Qualcom; Discord Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CVE-2020-5135 #SonicWall RCE Vuln; Malspammer Mistakes; Traffic Analysis Quiz; Qualcom; Discord https://traffic.libsyn.com/securitypodcast/7214.mp3 https://isc.sans.edu/podcastdetail/7214 Mon, 19 Oct 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/CVE20205135+Buffer+Overflow+in+SonicWall+VPNs+Patch+Now/26692/
Spammer Attached Mass Mailer Configuration Instead of Malware
https://isc.sans.edu/forums/diary/File+Selection+Gaffe/26694/
Traffic Analysis Quiz: Ugly-Wolf.net
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+UglyWolfnet/26688/
Qualcomm QCMAP Vulnerabilities
https://www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities
Discord Desktop App RCE
https://mksben.l0.cm/2020/10/discord-desktop-rce.html
]]> 6:53 Discord, qualcomm, qcmap, android, traffic analysis, spammer, mistake, sonicwall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7212 Obfuscated #Python RAT; #BadNeighbor Update; BlueZ Vuln; Zoom E2EE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscated #Python RAT; #BadNeighbor Update; BlueZ Vuln; Zoom E2EE https://traffic.libsyn.com/securitypodcast/7212.mp3 https://isc.sans.edu/podcastdetail/7212 Fri, 16 Oct 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Nicely+Obfuscated+Python+RAT/26680/
BadNeighbor ICMPv6 Router Advertisement Update
https://isc.sans.edu/forums/diary/CVE202016898+Windows+ICMPv6+Router+Advertisement+RRDNS+Option+Remote+Code+Execution+Vulnerability/26684/
BlueZ Vulnerability
https://www.youtube.com/watch?v=qPYrLRausSw
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://security.googleblog.com/ (available "soon")
Zoom Rolling Out End-to-End Encryption
https://blog.zoom.us/zoom-rolling-out-end-to-end-encryption-offering/
]]> 5:48 zoom, encryption, end-to-end, bluez, ibm, linux, bluetooth, badneighbor, icmpv6, ipv6, python, obfuscation, rat, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7210 TA511 Shathak Update; MSFT Patch Followup; Apple T2 Vuln Update; SAP Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TA511 Shathak Update; MSFT Patch Followup; Apple T2 Vuln Update; SAP Updates https://traffic.libsyn.com/securitypodcast/7210.mp3 https://isc.sans.edu/podcastdetail/7210 Thu, 15 Oct 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/More+TA551+Shathak+Word+docs+push+IcedID+Bokbot/26674/
MSFT Patch Tuesday Followup
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
Apple T2 Chip Vulnerability Confirmed
https://9to5mac.com/2020/10/13/t2-exploit-team/
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
]]> 6:00 SAP, Apple, T2, checkr8in, msft, shathak, ta551, icmpv6, icedid, bokbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7208 Microsoft Patch Tuesday; Adobe Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Updates https://traffic.libsyn.com/securitypodcast/7208.mp3 https://isc.sans.edu/podcastdetail/7208 Wed, 14 Oct 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Microsoft+October+2020+Patch+Tuesday/26672/
Adobe Updates
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
]]> 6:37 adobe, microsoft, icmpv6, router advertisements, ipv6, flash player, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7206 Nested MSG Files; Trickbot Takedown Attempt; Chrome Improving Cache Privacy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Nested MSG Files; Trickbot Takedown Attempt; Chrome Improving Cache Privacy https://traffic.libsyn.com/securitypodcast/7206.mp3 https://isc.sans.edu/podcastdetail/7206 Tue, 13 Oct 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Nested+MSGs+Turtles+All+The+Way+Down/26668/
Microsoft Attempting To Take Down Trickbot C2 Infrastructure
https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/
Google Chrome Cache Partitioning
https://developers.google.com/web/updates/2020/10/http-cache-partitioning
]]> 5:45 msgs, nested, trickbot, takedown, microsoft, google, chrome, cache, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7204 Phishing Kits; Open Packaging; Analyzing MSGs; Cisco Flaws; Apple Flaws Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phishing Kits; Open Packaging; Analyzing MSGs; Cisco Flaws; Apple Flaws https://traffic.libsyn.com/securitypodcast/7204.mp3 https://isc.sans.edu/podcastdetail/7204 Mon, 12 Oct 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Phishing+kits+as+far+as+the+eye+can+see/26660/
Open Packaging Conventions
https://isc.sans.edu/forums/diary/Open+Packaging+Conventions/26662/
Analyzing MSG Files
https://isc.sans.edu/forums/diary/Analyzing+MSG+Files+With+pluginmsgsummary/26664/
Cisco Video Surveillance 8000 Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-rcedos-mAHR8vNx
55 New Apple Flaws
https://samcurry.net/hacking-apple/
]]> 5:49 phishing, youtube, oopc, packaging, opc, msg, outlook, cisco, video, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7202 Hashicorp Vault Vuln; Ryuk Writeup; Ricky Tan (@sans_edu) Zeek and Maltego Casefile Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hashicorp Vault Vuln; Ryuk Writeup; Ricky Tan (@sans_edu) Zeek and Maltego Casefile https://traffic.libsyn.com/securitypodcast/7202.mp3 https://isc.sans.edu/podcastdetail/7202 Fri, 09 Oct 2020 02:00:02 GMT https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html
Ryuk Ransomware Writeup
https://thedfirreport.com/2020/10/08/ryuks-return/
Ricky Tan: Zeek Log Reconnaissance with Netowrk Graphs Using Maltego Casefile
https://www.sans.org/reading-room/whitepapers/securityanalytics/zeek-log-reconnaissance-network-graphs-maltego-casefile-39815
]]> 19:33 sans edu, ricky tan, maltego, casefile, zeek, ryuk, hashicorp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7200 Nobody Attacking You Today; Google Chrome/Android Patches; QNAP Patches; Comcast Remote Vuln. Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Nobody Attacking You Today; Google Chrome/Android Patches; QNAP Patches; Comcast Remote Vuln. https://traffic.libsyn.com/securitypodcast/7200.mp3 https://isc.sans.edu/podcastdetail/7200 Thu, 08 Oct 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Today+Nobody+is+Going+to+Attack+You/26654/
Google Chrome Patches
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
Android Security Update
https://source.android.com/security/bulletin/2020-10-01
QNAP Patches Helpdesk Application
https://www.qnap.com/en/security-advisory/QSA-20-08
Comcast Remote Control Evesdropping
https://www.guardicore.com/2020/10/wareztheremote-turning-remotes-into-listening-devices/
]]> 6:51 comcast, remote, evesdropping, microphone, qnap, android, google, chrome, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7198 Apple T2 Chip Vulnerability; NVIDIA; Cloudflare; Gavatar Privacy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple T2 Chip Vulnerability; NVIDIA; Cloudflare; Gavatar Privacy https://traffic.libsyn.com/securitypodcast/7198.mp3 https://isc.sans.edu/podcastdetail/7198 Wed, 07 Oct 2020 02:00:03 GMT https://ironpeak.be/blog/crouching-t2-hidden-danger/
NVIDIA Patches
https://nvidia.custhelp.com/app/answers/detail/a_id/5075
Cloudflare DDoS Alerts
https://blog.cloudflare.com/announcing-ddos-alerts/
Gravatar Privacy Issue
https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/
]]> 8:31 gravatar, cloudflare, nvidia, apple, t2, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7196 Repetition Obfuscation; UEFI Malware; AV Priv Escalation Flaw; Rapid7 SMTP Scan Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Repetition Obfuscation; UEFI Malware; AV Priv Escalation Flaw; Rapid7 SMTP Scan https://traffic.libsyn.com/securitypodcast/7196.mp3 https://isc.sans.edu/podcastdetail/7196 Tue, 06 Oct 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Obfuscation+and+Repetition/26648/
Compromised UEFI Payload Found
https://securelist.com/mosaicregressor/98849/
Privilege Escalation Flaw in All AntiVirus Products
https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower
Rapid7 SMTP "NICER" Report
https://blog.rapid7.com/2020/10/02/nicer-protocol-deep-dive-internet-exposure-of-smtp/
]]> 5:51 smtp, nicer, rapid7, anitvirus, uefi, obfuscation, repetition, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7194 Phishing Kit; Huawei Botnet; SQL Server CU 8; Telstra BGP; Raccine @cyb3rops Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phishing Kit; Huawei Botnet; SQL Server CU 8; Telstra BGP; Raccine @cyb3rops https://traffic.libsyn.com/securitypodcast/7194.mp3 https://isc.sans.edu/podcastdetail/7194 Mon, 05 Oct 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Analysis+of+a+Phishing+Kit/26634/
Hoaxcalls Botnet Scanning for Huawei Home Gateway
https://isc.sans.edu/forums/diary/Scanning+for+SOHO+Routers/26638/
SQL Server Cumulative Update 8
https://support.microsoft.com/en-us/help/4577194/cumulative-update-8-for-sql-server-2019
Telstra Accidentially Reroutes Proton Mail Traffic
https://protonmail.com/blog/bgp-hijacking-september-2020/
"Raccine" Ransomware Vaccine
https://github.com/Neo23x0/Raccine
]]> 6:24 raccine, ransomware, vaccine, shadow volumes, vssadmin, telstra, sql server, moaxcalls, botnet, huawei, phishing, amex, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7192 Azure AD Logs; Outdated Intel; Apple Pulls Patches; EMOTET Check Service Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Azure AD Logs; Outdated Intel; Apple Pulls Patches; EMOTET Check Service https://traffic.libsyn.com/securitypodcast/7192.mp3 https://isc.sans.edu/podcastdetail/7192 Fri, 02 Oct 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Making+sense+of+Azure+AD+AAD+activity+logs/26626/
IOCs Turning into IOOIs
https://isc.sans.edu/forums/diary/IOCs+turning+into+IOOIs/26624/
Apple Security Patch Pulled
https://mrmacintosh.com/mojave-2020-005-security-update-causing-major-problems-updated
Have I Been EMOTET Service
https://www.haveibeenemotet.com/
]]> 5:19 emotet, apple, safari, patch, pulled, ios, iooi, azuer ad, aad, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7190 FPURL.xml Scanning; HP Device Manager Backdoor; KensingtonWorks RCE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. FPURL.xml Scanning; HP Device Manager Backdoor; KensingtonWorks RCE https://traffic.libsyn.com/securitypodcast/7190.mp3 https://isc.sans.edu/podcastdetail/7190 Thu, 01 Oct 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Scans+for+FPURLxml+Reconnaissance+or+Not/26622/
HP Device Manager Backdoor
https://support.hp.com/us-en/document/c06921908
https://www.theregister.com/2020/09/30/hp_device_manager_backdoor_database_account/
KensingtonWorks RCE
https://robertheaton.com/another-rce-in-kensingtonworks/
]]> 6:11 kensington, kensingtonworks, mouse, hp, device manager, thin client, fpurl.xml, windows hello, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7188 Contractor/Partner Remote Access; Microsoft ZeroLogon Update; Cisco Patches; Foxit PDF Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Contractor/Partner Remote Access; Microsoft ZeroLogon Update; Cisco Patches; Foxit PDF Patches https://traffic.libsyn.com/securitypodcast/7188.mp3 https://isc.sans.edu/podcastdetail/7188 Wed, 30 Sep 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Managing+Remote+Access+for+Partners+Contractors/26614/#comments
Updated Windows ZeroLogon Advisory
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
Cisco Patching Exploited DoS Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
FoxIT PDF Reader Update
https://www.foxitsoftware.com/support/security-bulletins.html
]]> 4:58 foxit, pdf, cisco, windows, zerologon, contractors, partners, remote access, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7186 Tyler Breach; Obfuscated PowerShell Backdoor; QNAP Patch; TrendMicro Apex One Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Tyler Breach; Obfuscated PowerShell Backdoor; QNAP Patch; TrendMicro Apex One Vulnerability https://traffic.libsyn.com/securitypodcast/7186.mp3 https://isc.sans.edu/podcastdetail/7186 Tue, 29 Sep 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Some+Tyler+Technologies+Customers+Targeted+with+The+Installation+of+a+Bomgar+Client/26610/
Obfuscated PowerShell Backdoor
https://isc.sans.edu/forums/diary/PowerShell+Backdoor+Launched+from+a+ShellCode/26602/
QNAP Fixes AgeLocker Vulnerability in Photo Station
https://www.qnap.com/de-de/security-advisory/qsa-20-06
TrendMicro Apex One Vulnerablity
https://success.trendmicro.com/product-support/apex-one
]]> 5:35 tyler, bomgard, beyond trust, trendmicro, qnap, agelocker, powershell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7184 Exchange Online; Corrupt BASE64; Fortinet VPNs; Single Use CC Numbers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exchange Online; Corrupt BASE64; Fortinet VPNs; Single Use CC Numbers https://traffic.libsyn.com/securitypodcast/7184.mp3 https://isc.sans.edu/podcastdetail/7184 Mon, 28 Sep 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Securing+Exchange+Online+Guest+Diary/26600/
Decoding Corrupt BASE64
https://isc.sans.edu/forums/diary/Decoding+Corrupt+BASE64+Strings/26606/
Fortinet VPN Default Setting Problem
https://securingsam.com/breaching-the-fort/
Single Use Credit Cards Numbers
https://www.helpnetsecurity.com/2020/09/25/privacy-cards/
]]> 5:39 credit cards, fortinet, vpn, certificates, base64, exchange online, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7182 PowerShell Debugging; Zerologon Exploited; Instagram Vulnerability; Apple Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PowerShell Debugging; Zerologon Exploited; Instagram Vulnerability; Apple Patches https://traffic.libsyn.com/securitypodcast/7182.mp3 https://isc.sans.edu/podcastdetail/7182 Fri, 25 Sep 2020 02:40:02 GMT https://isc.sans.edu/forums/diary/Party+in+Ibiza+with+PowerShell/26594/
Microsoft Tracking Zerologon Exploits
https://twitter.com/MsftSecIntel/status/1308941504707063808
Apple Patches
https://support.apple.com/en-us/HT201222
Instagram for Android Vulnerability
https://blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/
]]> 6:03 instagram, android, microsoft, zerologon, powershell, debugger, obfuscation, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7180 Dynamic Maldocs; SAMBA and ZeroLogon; Google Chrome Update; QNAP Devices Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dynamic Maldocs; SAMBA and ZeroLogon; Google Chrome Update; QNAP Devices https://traffic.libsyn.com/securitypodcast/7180.mp3 https://isc.sans.edu/podcastdetail/7180 Thu, 24 Sep 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Malicious+Word+Document+with+Dynamic+Content/26590/
Old Versions of SAMBA Affected by ZeroLogon Vulnerability
https://www.samba.org/samba/security/CVE-2020-1472.html
Google Chrome Update
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html
QNAP Devices hit by AgeLocker Ransomware
https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/
]]> 5:35 qnap, agelocker, google, chrome, samba, zerologon, word, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7178 Citrix ADC Updates; Firefox Update; RDP vs. Ransomware; iOS 14 Jailbreak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Citrix ADC Updates; Firefox Update; RDP vs. Ransomware; iOS 14 Jailbreak https://traffic.libsyn.com/securitypodcast/7178.mp3 https://isc.sans.edu/podcastdetail/7178 Wed, 23 Sep 2020 02:00:03 GMT https://support.citrix.com/article/CTX281474
Firefox Version 81 Released
https://www.mozilla.org/en-US/firefox/81.0/releasenotes/
Simple Scan Drops Ransomware Risk
https://www.accesswire.com/607018/Corvus-Updates-Scan-Technology-with-RDP-Detection-Slashes-Ransomware-Claims-by-65
iOS 14 Jailbreak
https://checkra.in/news/2020/09/iOS-14-announcement
]]> 5:33 ios 14, jailbreak, checkra1n, ransomware, rdp, firefox, citrix, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7176 Overlay Phishing; MacOS Code Injection; Snort/ClamAV and Cobalt Strike Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Overlay Phishing; MacOS Code Injection; Snort/ClamAV and Cobalt Strike https://traffic.libsyn.com/securitypodcast/7176.mp3 https://isc.sans.edu/podcastdetail/7176 Tue, 22 Sep 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/
MacOS Code Injection via Third Party Frameworks
https://www.trustedsec.com/blog/macos-injection-via-third-party-frameworks
Snort/ClamAV Cobalt Strike Detection
https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html#more
]]> 6:12 snort, clamav, coablt strike, macos, code injection, electron, .net, overlay, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7174 Python in Word Docs; Salesforce Phish; Google Appspot Phish; Sysmon Clipboard monitor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Python in Word Docs; Salesforce Phish; Google Appspot Phish; Sysmon Clipboard monitor https://traffic.libsyn.com/securitypodcast/7174.mp3 https://isc.sans.edu/podcastdetail/7174 Mon, 21 Sep 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/A+Mix+of+Python+VBA+in+a+Malicious+Word+Document/26578/
Salesforce Phish
https://isc.sans.edu/forums/diary/Analysis+of+a+Salesforce+Phishing+Emails/26582/
Google App Engine Used in Phishing Attacks
https://medium.com/@marcelx/attackers-are-abusing-googles-app-engine-to-circumvent-enterprise-security-solutions-again-eda8345d531d
Sysmon Adds Clipboard Monitoring
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Windows Defender No Longer Able to Download Files
https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-defender-ability-after-security-concerns/
]]> 5:47 windows defender, lolbin, sysmon, clipboard, google, app engine, appspot, salesforce, phishing, python, vba, word, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7172 OSSEC Active Response; MSFT Mac Office Patch; VMWare Patch; Secure Boot; End of Flash Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OSSEC Active Response; MSFT Mac Office Patch; VMWare Patch; Secure Boot; End of Flash https://traffic.libsyn.com/securitypodcast/7172.mp3 https://isc.sans.edu/podcastdetail/7172 Fri, 18 Sep 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Suspicious+Endpoint+Containment+with+OSSEC/26576/
Microsoft Patch for Office for Mac
https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac
VMWare Fusion Vulnerablity
https://www.vmware.com/security/advisories/VMSA-2020-0020.html
NSA Secure Boot Configuration Guide
https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF
Microsoft Edge Warns Users of Adobe Flash End of Support
https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/
]]> 5:38 microsft, edge, flash, nsa, vmwware, secure boot, uefi, office, mac, ossec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7170 Mirai vs Amanda; Apple Updates iOS/iPadOS/WatchOS and Safari Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mirai vs Amanda; Apple Updates iOS/iPadOS/WatchOS and Safari https://traffic.libsyn.com/securitypodcast/7170.mp3 https://isc.sans.edu/podcastdetail/7170 Thu, 17 Sep 2020 02:30:03 GMT https://isc.sans.edu/forums/diary/Do+Vulnerabilities+Ever+Get+Old+Recent+Mirai+Variant+Scanning+for+20+Year+Old+Amanda+Version/26572/
Apple Security Updates
https://support.apple.com/en-us/HT201222
]]> 5:32 safari, apple, ios, ipados, watchos, amanda, backup, mirai, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7168 Malware Quiz; Magento 1 Attacks; Adobe Media Enc. Patch; Zerologin/Finger Reminders Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Quiz; Magento 1 Attacks; Adobe Media Enc. Patch; Zerologin/Finger Reminders https://traffic.libsyn.com/securitypodcast/7168.mp3 https://isc.sans.edu/podcastdetail/7168 Wed, 16 Sep 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Oh+No+Another+Infection/26566/
Magento 1 Stores Targeted By Recent Attack
https://sansec.io/research/largest-magento-hack-to-date
Adobe Media Encoder Patch
https://helpx.adobe.com/security/products/media-encoder/apsb20-57.html
Zerologin Reminder
https://www.secura.com/pathtoimg.php?id=2055
Windows "Finger" Utility Abused
http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt
]]> 6:20 finger, zerologin, adobe, magento, traffic analysis, quiz, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7166 .well-known; BLE Lock Replay Vulnerability; Mobile Iron MDM Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. .well-known; BLE Lock Replay Vulnerability; Mobile Iron MDM Exploit https://traffic.libsyn.com/securitypodcast/7166.mp3 https://isc.sans.edu/podcastdetail/7166 Tue, 15 Sep 2020 03:25:02 GMT https://isc.sans.edu/forums/diary/Not+Everything+About+wellknown+is+Well+Known/26564/
BLE Lock Vulnerable to Replay Attack
https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/
Mobile Iron Exploit Released
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
]]> 5:09 mobile iron, mdm, orange, jndi, ble, lock, replay, well-known, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7164 Pillaging the Clipboard; PANOS Patch; Softswitch VoIP Malware; Zerologon Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Pillaging the Clipboard; PANOS Patch; Softswitch VoIP Malware; Zerologon https://traffic.libsyn.com/securitypodcast/7164.mp3 https://isc.sans.edu/podcastdetail/7164 Mon, 14 Sep 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Whats+in+Your+Clipboard+Pillaging+and+Protecting+the+Clipboard/26556/
Critical Vulnerability in PANOS
https://security.paloaltonetworks.com/CVE-2020-2040
Linux VoIP Softswitch Malware
https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/
CVE-2020-1472 Zerologon Privilege Escalation Vulnerability
https://www.secura.com/blog/zero-logon
]]> 6:22 clipboard, panos, palo alto, voip, softwitch, linux, malware, zerologon, cve-2020-1472, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7162 Dridex Update; Zoom 2FA; AMD CPU Lock; BLURtooth Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dridex Update; Zoom 2FA; AMD CPU Lock; BLURtooth https://traffic.libsyn.com/securitypodcast/7162.mp3 https://isc.sans.edu/podcastdetail/7162 Fri, 11 Sep 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/
Zoom Bombings and Zoom 2FA
https://arxiv.org/abs/2009.03822
https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication/
AMD Server CPUs May Be Locked to Particular Motherboard
https://www.servethehome.com/amd-psb-vendor-locks-epyc-cpus-for-enhanced-security-at-a-cost/
BLURtooth Vulnerability
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/
]]> 7:40 BLURtooth, bluetooth, amd, cpu, zoom, dridex, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7160 MacOS 11 Network Traffic; Azure Auto Patching Windows; WeaveScope Used for Docker Attack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MacOS 11 Network Traffic; Azure Auto Patching Windows; WeaveScope Used for Docker Attack https://traffic.libsyn.com/securitypodcast/7160.mp3 https://isc.sans.edu/podcastdetail/7160 Thu, 10 Sep 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/A+First+Look+at+macOS+11+Big+Sur+Network+Traffic+New+Now+with+more+GREASE/26548/
Azure Offers Automatic Windows VM Patching
https://azure.microsoft.com/en-us/updates/automatic-vm-guest-patching-now-in-preview/
WeaveScope Used to Attack Docker Infrastructure
https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
]]> 5:33 weavescope, docker, azure, windows, patching, macos, bigsur, tls, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7158 Patch Tuesday: Microsoft, Adobe, Intel Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Patch Tuesday: Microsoft, Adobe, Intel https://traffic.libsyn.com/securitypodcast/7158.mp3 https://isc.sans.edu/podcastdetail/7158 Wed, 09 Sep 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Microsoft+September+2020+Patch+Tuesday/26544/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
Intel Patches
https://www.intel.com/content/www/us/en/security-center/default.html
]]> 6:36 Intel, Adobe, Microsoft, Patches, BIOS, exchange, sharepoint, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7156 XXE/VB 6.0 Malware; OLE and ZIP; Golang XSS; "Baka" Skimmer Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. XXE/VB 6.0 Malware; OLE and ZIP; Golang XSS; "Baka" Skimmer https://traffic.libsyn.com/securitypodcast/7156.mp3 https://isc.sans.edu/podcastdetail/7156 Tue, 08 Sep 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/A+blast+from+the+past+XXEncoded+VB60+Trojan/26538/
Office: About OLE and ZIP Files
https://isc.sans.edu/forums/diary/Office+About+OLE+and+ZIP+Files/26540/
Go XSS Vulnerability
https://seclists.org/fulldisclosure/2020/Sep/5
"Baka" JavaScript Skimmer
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf
]]> 5:31 baka, javascript, xss, golang, ole, office, zip, xxencode, visual basic, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7154 Anti-Sandbox via NTP; Android DoH; DDoS Extortion; Cisco Jabber Followup Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Anti-Sandbox via NTP; Android DoH; DDoS Extortion; Cisco Jabber Followup https://traffic.libsyn.com/securitypodcast/7154.mp3 https://isc.sans.edu/podcastdetail/7154 Fri, 04 Sep 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Sandbox+Evasion+Using+NTP/26534/
Android DNS over HTTPS
https://blog.chromium.org/2020/09/a-safer-and-more-private-browsing.html
Cisco Jabber Vulnerability Fullowup
https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/
]]> 6:12 ddos, cisco, android, sandbox, ntp, doh, extortion, rddos, rdos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7152 Evil Windows Python; iOS 13.7; Cisco Jabber Patch; MoFi Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Evil Windows Python; iOS 13.7; Cisco Jabber Patch; MoFi Vulnerabilities https://traffic.libsyn.com/securitypodcast/7152.mp3 https://isc.sans.edu/podcastdetail/7152 Thu, 03 Sep 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Python+and+Risky+Windows+API+Calls/26530/
QNAP Updates
https://www.qnap.com/en/release-notes/qts/4.3.6.1411/20200825
https://www.qnap.com/en/release-notes/qts/4.4.3.1400/20200817
iOS 13.7 Update
https://support.apple.com/en-us/HT201222
Cisco Jabber Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg
MoFi Router Vulnerabilities
https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/
]]> 6:18 mofi, router, cisco, jabber, ios, qnap, python, api, windows, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7150 Exposed DC Used for DDoS Attacks; Edge Reviving SHA1; Trend Micro Patch; Is isn't a Breach if the data is public Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exposed DC Used for DDoS Attacks; Edge Reviving SHA1; Trend Micro Patch; Is isn't a Breach if the data is public https://traffic.libsyn.com/securitypodcast/7150.mp3 https://isc.sans.edu/podcastdetail/7150 Wed, 02 Sep 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Exposed+Windows+Domain+Controllers+Used+in+CLDAP+DDoS+Attacks/26526/
Microsoft Reviving SHA-1
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-85/ba-p/1618585
Trend Micro Updating Anti Malware Products
https://success.trendmicro.com/solution/000263632
Public Voter Data Sold as "Breach"
https://www.cyberscoop.com/russia-hack-michigan-voter-data-kommersant/
]]> 6:39 michigan, voter, data, leak, breach, trend micro, malware, patch, microsoft, sha1, edge, ldap, ad, active directory, domain controler, dc, ddos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7148 Finding Original Maldocs; Slack Vuln; Apple Approved Malware; Cisco DoS Bug Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Finding Original Maldocs; Slack Vuln; Apple Approved Malware; Cisco DoS Bug Exploited https://traffic.libsyn.com/securitypodcast/7148.mp3 https://isc.sans.edu/podcastdetail/7148 Tue, 01 Sep 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Finding+The+Original+Maldoc/26520/
Slack Remote Code Execution
https://hackerone.com/reports/783877
Apple Approved Malware
https://objective-see.com/blog/blog_0x4E.html
Cisco IOS XR Bug Exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
]]> 5:15 cisco, iso, xr, dos, apple, notorized, malware, slack, maldoc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7146 CenturyLink Outage; NZX DDoS; Pulse Connect Secure Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CenturyLink Outage; NZX DDoS; Pulse Connect Secure Patch https://traffic.libsyn.com/securitypodcast/7146.mp3 https://isc.sans.edu/podcastdetail/7146 Mon, 31 Aug 2020 02:00:03 GMT https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/
New Zealand Stock Market Denial of Service Attack
https://www.theregister.com/2020/08/27/nzx_ddos_third_day/
Pulse Connect Secure RCE Patch
https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/
]]> 7:21 pulse connect secure, pulse secure, vpn, new zealand, stock exchange, centurylink, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7144 security.txt; DNS Queries; MSFT Extends Win10 1803 Deadline; LemonDuck Tricks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. security.txt; DNS Queries; MSFT Extends Win10 1803 Deadline; LemonDuck Tricks https://traffic.libsyn.com/securitypodcast/7144.mp3 https://isc.sans.edu/podcastdetail/7144 Fri, 28 Aug 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Securitytxt+one+small+file+for+an+admin+one+giant+help+to+a+security+researcher/26510/
DNS Queries to Root Name Servers
https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/
https://www.zdnet.com/article/chromium-dns-hijacking-detection-accused-of-being-around-half-of-all-root-queries/
Microsoft Extends Windows 10 1803 Deadline
https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
LemonDuck Adding New Tricks
https://news.sophos.com/en-us/2020/08/25/lemon_duck-cryptominer-targets-cloud-apps-linux/
]]> 7:09 lemonduck, crypto miner, microsoft, windows, windows 10, 1803, dns, root, google, chrome, security.txt, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7142 Twists and Turns of Excel; Autodesk Plugins; Firefox Update; Insider Bribe Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Twists and Turns of Excel; Autodesk Plugins; Firefox Update; Insider Bribe https://traffic.libsyn.com/securitypodcast/7142.mp3 https://isc.sans.edu/podcastdetail/7142 Thu, 27 Aug 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Malicious+Excel+Sheet+with+a+NULL+VT+Score/26506/
APT Attack Uses Autodesk Plugin
https://www.bitdefender.com/files/News/CaseStudies/study/365/Bitdefender-PR-Whitepaper-APTHackers-creat4740-en-EN-GenericUse.pdf
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/
Arrest in Insider Attack
https://www.justice.gov/opa/press-release/file/1308766/download
]]> 5:43 fbi, insider, russian, firefox, apt, autodesk, plugin, excel, virustotal, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7140 LOLBins; Malicous iOS Ads; Apache Update; Google Chrome Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LOLBins; Malicous iOS Ads; Apache Update; Google Chrome Update https://traffic.libsyn.com/securitypodcast/7140.mp3 https://isc.sans.edu/podcastdetail/7140 Wed, 26 Aug 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Keep+An+Eye+on+LOLBins/26502/
Malicious iOS Adnetwork SDK
https://snyk.io/research/sour-mint-malicious-sdk/
Apache Update
https://httpd.apache.org/security/vulnerabilities_24.html
Google Chrome User-Agent Client Hints
https://web.dev/user-agent-client-hints/
]]> 5:28 google, chrome, user-agent, client hints, apache, update, ios, sdk, ad network, lolbins, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7138 VT Threat Hunting; Secure RDP! Zoom Outage; MSFT Application Guard; Safari Bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VT Threat Hunting; Secure RDP! Zoom Outage; MSFT Application Guard; Safari Bug https://traffic.libsyn.com/securitypodcast/7138.mp3 https://isc.sans.edu/podcastdetail/7138 Tue, 25 Aug 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Tracking+A+Malware+Campaign+Through+VT/26498/
Zoom Outage
https://www.cnn.com/2020/08/24/us/zoom-outage-worldwide-trnd/index.html
RDP Remains a Top Target
https://www.group-ib.com/media/iran-cybercriminals/?utm_source=bleeping_computer&utm_medium=article&utm_campaign=referral
Microsoft Introduces Application Guard
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide
Safari File Sharing Bug
https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html
]]> 5:49 microsoft, application guard, office, rdp, iran, zoom, outage, virus total, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7136 Helping Cyber Stalking Victims; RDP/Telnet Probes; Cinterion Java Vuln; Google Drive Extension Spoofing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Helping Cyber Stalking Victims; RDP/Telnet Probes; Cinterion Java Vuln; Google Drive Extension Spoofing https://traffic.libsyn.com/securitypodcast/7136.mp3 https://isc.sans.edu/podcastdetail/7136 Mon, 24 Aug 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/A+Word+of+Caution+Helping+Out+People+Being+Stalked+Online/26422/
RDP and Telnet Scans
https://isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/
Thales Cinterion Input Validation Vulnerability
https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/resources/security-updates-cinterion-iot-modules
Google Drive File Extension Spoofing
https://thehackernews.com/2020/08/google-drive-file-versions.html
]]> 6:59 google, extension, spoofing, drive, thales, cinterion, java, input validation, hidden files, rdp, telnet, stalking, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7134 Enumerating O365 Rules; Gmail Spoofing; Disable DisableAntiSpyware; Acoustic Key Picking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Enumerating O365 Rules; Gmail Spoofing; Disable DisableAntiSpyware; Acoustic Key Picking https://traffic.libsyn.com/securitypodcast/7134.mp3 https://isc.sans.edu/podcastdetail/7134 Fri, 21 Aug 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/
Spoofing GMail/GSuite Customers
https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/
Microsoft Updates DisableAntiSpyware Registry Key
https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware
Acoustic Based Physical Key Inference
https://www.comp.nus.edu.sg/~junhan/papers/SpiKey_HotMobile20_CamReady.pdf
]]> 6:35 acoustic, key, sound, picking, lock picking, lock, microsoft, disableantispyware, registry, defender, gmail, gsuite, dmarc, spf, office, mail, forwarding, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer Johannes B. Ullrich, Ph.D. full 7132 Obfuscated Qakbot URLs; Encrypted Email Bugs; Win8.1/2012 Patch; Fileless Worm Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscated Qakbot URLs; Encrypted Email Bugs; Win8.1/2012 Patch; Fileless Worm https://traffic.libsyn.com/securitypodcast/7132.mp3 https://isc.sans.edu/podcastdetail/7132 Thu, 20 Aug 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Example+of+Word+Document+Delivering+Qakbot/26482/
PGP/SMime Implementation Weaknesses
https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf
Windows 8.1 / 2012 Special Patch
https://support.microsoft.com/en-us/help/4578013/security-update-for-windows-8-1-rt-8-1-and-server-2012-r2
Fileless Cryptomining Worm
https://www.helpnetsecurity.com/2020/08/19/fileless-worm-p2p-botnet/
]]> 6:20 cryptomining, worm, fileless, ssh, windows, patch, pgp, email, mailto, smime, qakbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7130 Dropbox Exfil; Jenkins Advisory; Chrome 86 Insecure Forms; Crypto Worm Hitting Docker/Kubernetes/Jenkins Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dropbox Exfil; Jenkins Advisory; Chrome 86 Insecure Forms; Crypto Worm Hitting Docker/Kubernetes/Jenkins https://traffic.libsyn.com/securitypodcast/7130.mp3 https://isc.sans.edu/podcastdetail/7130 Wed, 19 Aug 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Using+APIs+to+Track+Attackers/26472/
Jenkins Security Advisory
https://www.jenkins.io/security/advisory/2020-08-17/
Chrome Will Warn of Insecure Forms
https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html
Reminder: September 1st Certificate Expiration Change
https://www.ssl.com/blogs/398-day-browser-limit-for-ssl-tls-certificates-begins-september-1-2020/
Cryptojacking Worm Steals AWS Credentials
https://www.helpnetsecurity.com/2020/08/18/worm-steals-aws-credentials/
]]> 5:34 cryptojacking, worm, jenkins, kubernetes, dockder, aws, certificates, tls, ssl, chrome, dropbox, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7128 Apache Struts; Emotet Bug; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apache Struts; Emotet Bug; https://traffic.libsyn.com/securitypodcast/7128.mp3 https://isc.sans.edu/podcastdetail/7128 Tue, 18 Aug 2020 02:00:03 GMT https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability
https://cwiki.apache.org/confluence/display/WW/S2-059
Emotet Bug Used to Inoculate Systems
https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/
]]> 5:59 emotet, apache, struts, ogml, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7126 SANS Incident IOCs; Obfuscation by Size; Mac XCode Malware; Citrix Flase Positive Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Incident IOCs; Obfuscation by Size; Mac XCode Malware; Citrix Flase Positive https://traffic.libsyn.com/securitypodcast/7126.mp3 https://isc.sans.edu/podcastdetail/7126 Mon, 17 Aug 2020 02:00:03 GMT https://www.sans.org/blog/sans-data-incident-2020-indicators-of-compromise/
Large File Used to Obfuscate Malware
https://isc.sans.edu/forums/diary/Definition+of+overkill+using+130+MB+executable+to+hide+24+kB+malware/26464/
Mac Malware Spreading via XCode
https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf
Citrix Broker Service Detected as Trojan by Windows Defender
https://support.citrix.com/article/CTX279897
]]> 4:37 sans, data incident, ioc, malware, large file, gif, mac, macos, xcode, citrix, windows defender, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7124 ReVoLTE Attack; Alexa Patch; Drovorub Linux Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ReVoLTE Attack; Alexa Patch; Drovorub Linux Malware https://traffic.libsyn.com/securitypodcast/7124.mp3 https://isc.sans.edu/podcastdetail/7124 Fri, 14 Aug 2020 02:00:03 GMT https://revolte-attack.net/
Vulnerabilities found on Amazon's Alexa
https://research.checkpoint.com/2020/amazons-alexa-hacked/
DROVORUB Russian GRU Linux Malware
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
]]> 8:27 russia, gru, drovorub, linux, malware, rootkit, alexa, lte, decryption, volte, revolte, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7122 Mordor & Brim; Tor Exit Nodes Steal Bitcoin; SAP/Intel Patches; SANS Incident Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mordor & Brim; Tor Exit Nodes Steal Bitcoin; SAP/Intel Patches; SANS Incident https://traffic.libsyn.com/securitypodcast/7122.mp3 https://isc.sans.edu/podcastdetail/7122 Thu, 13 Aug 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/To+the+Brim+at+the+Gates+of+Mordor+Pt+1/26456/

Large Group of Malicious Tor Exit Nodes
https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
Intel Updates
https://www.intel.com/content/www/us/en/security-center/default.html
SANS Data Incident
https://www.sans.org/dataincident2020
]]> 7:18 sap, intel, sans, breack, data incident, tor, exit nodes, bitcoin, brim, mordor, pcaps, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7120 vBulletin 0 Day; MSFT Patches; Adobe Patches; Citrix Endpoint Mgmt Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. vBulletin 0 Day; MSFT Patches; Adobe Patches; Citrix Endpoint Mgmt Update https://traffic.libsyn.com/securitypodcast/7120.mp3 https://isc.sans.edu/podcastdetail/7120 Wed, 12 Aug 2020 02:00:03 GMT https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+August+2020+Patch+Tuesday/26452/
Adobe Patches
https://helpx.adobe.com/security.html
Citrix End Point Management Updates
https://www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/
]]> 5:29 citrix, adobe, microsoft, patches, critical, vbulletin, exploit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7118 Word Maldoc Solution; Pentest Scoping; Chrome Extensions; PDF Mayhem; Teamviewer update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Word Maldoc Solution; Pentest Scoping; Chrome Extensions; PDF Mayhem; Teamviewer update https://traffic.libsyn.com/securitypodcast/7118.mp3 https://isc.sans.edu/podcastdetail/7118 Tue, 11 Aug 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Small+Challenge+A+Simple+Word+Maldoc+Part+2/26444/
Scoping Web Application Pentests
https://isc.sans.edu/forums/diary/Scoping+web+application+and+web+service+penetration+tests/26448/
Problems With Chrome Extensions
https://adguard.com/en/blog/fake-ad-blockers-part-3.html
PDF Test Suite
https://github.com/RUB-NDS/PDF101
https://raw.githubusercontent.com/RUB-NDS/PDF101/master/eval.png
Teamviewer Update
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/m-p/99129
]]> 7:06 teamviewer, pdf, chrome, google, extension, scoping, pentest, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7116 WIFICAM nc Exploits; Snapdragon Vulns; Chinese Firewall ESNI Blocking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WIFICAM nc Exploits; Snapdragon Vulns; Chinese Firewall ESNI Blocking https://traffic.libsyn.com/securitypodcast/7116.mp3 https://isc.sans.edu/podcastdetail/7116 Mon, 10 Aug 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/
Qualcom Snapdragon Vulnerabilities
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
China Blocking TLS 1.3 and ESNI
https://gfw.report/blog/gfw_esni_blocking/en/
]]> 7:26 china, esni, tls, blocking, qualcom, snapdragon, wificam, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7114 FTCODE Ransomware Resurfaces; MSFT Defender vs hosts file; MSFT Print Spool Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. FTCODE Ransomware Resurfaces; MSFT Defender vs hosts file; MSFT Print Spool Vulnerabilities https://traffic.libsyn.com/securitypodcast/7114.mp3 https://isc.sans.edu/podcastdetail/7114 Fri, 07 Aug 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434/
Microsoft Anti-Malware Flaging Host File Manipulation
https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/
Reviving older printer vulnerablity
https://www.blackhat.com/us-20/briefings/schedule/#a-decade-after-stuxnets-printer-vulnerability-printing-is-still-the-stairway-to-heaven-19685
]]> 5:52 blackhat, print spooler, printer, microsoft, host file, host, defender, ftcode, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7112 Malware Analysis Quiz; MacOS PoC Exploit; iOS OAuth2 Vuln; NSA Location Privacy Guide Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Analysis Quiz; MacOS PoC Exploit; iOS OAuth2 Vuln; NSA Location Privacy Guide https://traffic.libsyn.com/securitypodcast/7112.mp3 https://isc.sans.edu/podcastdetail/7112 Thu, 06 Aug 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Whats+the+Malware+From+This+Infection/26430/
Exploiting CVE-2020-9854 on MacOS
https://objective-see.com/blog/blog_0x4D.html
iOS OAuth2 Vulnerablity
https://www.computest.nl/en/knowledge-platform/blog/vulnerability-new-touchid-feature-iCloud-accounts-at-risk-breached/
Limiting Location Data Exposure
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
]]> 6:28 nsa, location, privacy, oauth2, ios, macos, cve-2020-9854, malware, quiz, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7110 CVE-2020-3452 (Cisco ASA/FTD) Updates; DNS Concentration; Android Patches; iOS Jailbreak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CVE-2020-3452 (Cisco ASA/FTD) Updates; DNS Concentration; Android Patches; iOS Jailbreak https://traffic.libsyn.com/securitypodcast/7110.mp3 https://isc.sans.edu/podcastdetail/7110 Wed, 05 Aug 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Reminder+Patch+Cisco+ASA+FTD+Devices+CVE20203452+Exploitation+Continues/26426/
Internet Choke Points: Concentration of Authoritative Name Servers
https://isc.sans.edu/forums/diary/Internet+Choke+Points+Concentration+of+Authoritative+Name+Servers/26428/
August Android Patches Released
https://source.android.com/security/bulletin/2020-08-01
Possible New iOS Jailbreak Affecting Secure Enclave
https://twitter.com/SparkZheng/status/1286599007834271744
]]> 6:24 ios, jailbreak, pandu, android, patches, wifi, dns, choke points, cisco, cve-2020-3452, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7108 Multi C2 Macro; Boothole Patch Problem; Disable MacOS TCC; TAIDOOR Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Multi C2 Macro; Boothole Patch Problem; Disable MacOS TCC; TAIDOOR Malware https://traffic.libsyn.com/securitypodcast/7108.mp3 https://isc.sans.edu/podcastdetail/7108 Tue, 04 Aug 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Powershell+Bot+with+Multiple+C2+Protocols/26420/
Boothole Patch Causes Unbootable Systems
https://access.redhat.com/solutions/5272311
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass#Recovery
Disabling MacOS TCC
https://objective-see.com/blog/blog_0x4C.html
CISA Publishes Details about Chinese Malware
https://us-cert.cisa.gov/ncas/current-activity/2020/08/03/chinese-malicious-cyber-activity
]]> 5:48 cisa, taidoor, macos, tcc, boothole, vba, pentest, red team, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7106 Bad Bots; KeePassRCP Update; QNAP Malware Remover; Android Phone Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Bad Bots; KeePassRCP Update; QNAP Malware Remover; Android Phone Updates https://traffic.libsyn.com/securitypodcast/7106.mp3 https://isc.sans.edu/podcastdetail/7106 Mon, 03 Aug 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/What+pages+do+bad+bots+look+for/26414/
KeePassRPC Vulnerablity
https://forum.kee.pm/t/a-critical-security-update-for-keepassrpc-is-available/3040
QNAP Updates Malware Remover
https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/
Android Phone Updates
https://www.theregister.com/2020/07/31/nearly_a_third_of_secondhand/
]]> 5:29 android, qnap, keepass, bots, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7104 SQLi and Python; Google Allowing Office 365 Phishing; Netgear/Zoom Vulns; OPNsense Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SQLi and Python; Google Allowing Office 365 Phishing; Netgear/Zoom Vulns; OPNsense Update https://traffic.libsyn.com/securitypodcast/7104.mp3 https://isc.sans.edu/podcastdetail/7104 Fri, 31 Jul 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Python+Developers+Prepare/26408/
Office 365 Phishing Hiding in Google Ads
https://cofense.com/threat-actors-bypass-gateways-google-ad-redirects/
Zoom Brute Forcing Vulnerability
https://www.tomanthony.co.uk/blog/zoom-security-exploit-crack-private-meeting-passwords/
Netgear Vulnerabilities
https://www.kb.cert.org/vuls/id/576779
https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders
OPNSense Update
https://opnsense.org/opnsense-20-7/
Microsoft Retiring SHA1
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/sha-1-windows-content-to-be-retired-august-3-2020/ba-p/1544373
]]> 5:49 microsoft, sha1, opnsense, netgear, zoom, office365, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7102 Consumer VPNs; Tails 4.9; Browser Updates; GRUB2 Vuln; Facial Recognition and Masks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Consumer VPNs; Tails 4.9; Browser Updates; GRUB2 Vuln; Facial Recognition and Masks https://traffic.libsyn.com/securitypodcast/7102.mp3 https://isc.sans.edu/podcastdetail/7102 Thu, 30 Jul 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Consumer+VPNs+You+May+Be+Fine+Without/26404/
Tails Update
https://tails.boum.org/news/version_4.9/index.en.html
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/
Chrome Update
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html
GRUB2 Vulnerability
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
Facial Recognition With Masks
https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf
]]> 6:08 facial recognition, masks, grub2, chrome, firefox, tails, vpns, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7100 New Datafeeds; Emotet Tricks; Magento Update; Docker Attacks; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New Datafeeds; Emotet Tricks; Magento Update; Docker Attacks; https://traffic.libsyn.com/securitypodcast/7100.mp3 https://isc.sans.edu/podcastdetail/7100 Wed, 29 Jul 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/All+I+want+this+Tuesday+More+Data/26400/
Emotet Stealing Email Attachments
https://twitter.com/CofenseLabs/status/1288167724594671618
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-47.html
Explosed Docker Servers Infected with More Malware
https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/
]]> 6:12 docker, dogecoin, doki, magento, emotet, datafeeds, cloudips, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7098 In Memory of Donald Smith; Decoding Metasploit Payloads; Emotet Vigilante; QNAP Advisory Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. In Memory of Donald Smith; Decoding Metasploit Payloads; Emotet Vigilante; QNAP Advisory https://traffic.libsyn.com/securitypodcast/7098.mp3 https://isc.sans.edu/podcastdetail/7098 Tue, 28 Jul 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/In+Memory+of+Donald+Smith/26396/
Analyzing Metasploit ASP .Net Payloads
https://isc.sans.edu/forums/diary/Analyzing+Metasploit+ASP+NET+Payloads/26392/
Emotet Payloads Replaces with GIFs
https://twitter.com/GossiTheDog/status/1286271503005290497
QNAP Devices Attacked
https://us-cert.cisa.gov/ncas/alerts/aa20-209a
]]> 4:38 qnap, emotet, gif, metasploit, asp, net, donald smith, don, rip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7096 Desktop Apps Using Web Tech; VBA Passwords; Cisco Treck IP Update; Ubiquity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Desktop Apps Using Web Tech; VBA Passwords; Cisco Treck IP Update; Ubiquity https://traffic.libsyn.com/securitypodcast/7096.mp3 https://isc.sans.edu/podcastdetail/7096 Mon, 27 Jul 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Compromized+Desktop+Applications+by+Web+Technologies/26384/
Cracking Maldoc VBA Project Passwords
https://isc.sans.edu/forums/diary/Cracking+Maldoc+VBA+Project+Passwords/26390/
Cisco Patching Treck IP Stack Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Ubiquity Devices Breack Due to Malformed Feed
https://community.ui.com/questions/Threat-Management-rules-silently-disabled-for-users-as-of-July-17-2020/35221bd2-843d-41a3-a957-33f57d9a8468
]]> 5:33 ubiquity, ugs, cisco, vba, discord, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7094 Blocking with MISP; ISC Intel Feed; ASUS Vuln; DLink Lost Key; Cisco Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Blocking with MISP; ISC Intel Feed; ASUS Vuln; DLink Lost Key; Cisco Vuln https://traffic.libsyn.com/securitypodcast/7094.mp3 https://isc.sans.edu/podcastdetail/7094 Fri, 24 Jul 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Simple+Blocklisting+with+MISP+pfSense/26380/
ISC Intel Feed (Beta. DO NOT USE AS BLOCKLIST)
https://isc.sans.edu/api/intelfeed?json
(also see isc.sans.edu/api )
ASUS RT-AC1900P Router Vulnerability
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440
DLink Leaks Firmware Encryption Key
https://nstarke.github.io/0036-decrypting-dlink-proprietary-firmware-images.html
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
]]> 6:00 cisco, asa, firepower, directory traversal, dlink, firmware, key, asus, intel feed, misp, pfsense, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7092 F5 IoCs; Insecure PDF Signatures; Sharepoint PoC; Twilio Compromise Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. F5 IoCs; Insecure PDF Signatures; Sharepoint PoC; Twilio Compromise https://traffic.libsyn.com/securitypodcast/7092.mp3 https://isc.sans.edu/podcastdetail/7092 Thu, 23 Jul 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/A+few+IoCs+related+to+CVE20205092/26378/
PDF Signature Weaknesses
https://pdf-insecurity.org/
Sharepoint Vulnerabliity PoC CVE-2020-1147
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
Twilio Compromise
https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/
]]> 6:28 twilio, javascript, supply chain, sharepoint, poc, pdf, signatures, f5, ios, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7090 Covid19 Network Exposures; Adobe Patch; Citrix Workspace Vuln; Procmon 4 Linux Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Covid19 Network Exposures; Adobe Patch; Citrix Workspace Vuln; Procmon 4 Linux https://traffic.libsyn.com/securitypodcast/7090.mp3 https://isc.sans.edu/podcastdetail/7090 Wed, 22 Jul 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Couple+of+interesting+Covid19+related+stats/26374/
Adobe Patches Photoshop
https://helpx.adobe.com/security/products/bridge/apsb20-44.html
https://helpx.adobe.com/security/products/photoshop/apsb20-45.html
Citrix Workspace App Vulnerability
https://www.pentestpartners.com/security-blog/raining-system-shells-with-citrix-workspace-app/
Microsoft Publishes Sysinternals Procmon for Linux
https://github.com/microsoft/ProcMon-for-Linux
]]> 4:35 microsoft, sysinternals, procmon, linux, citrix, adopbe, photoshop, covid19, rdp, telnet, remote access, ssh, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7088 Sextortion Wrapup; "BadPower" USB-C Firmware Weakness; Zoom Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sextortion Wrapup; "BadPower" USB-C Firmware Weakness; Zoom Phishing https://traffic.libsyn.com/securitypodcast/7088.mp3 https://isc.sans.edu/podcastdetail/7088 Tue, 21 Jul 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Sextortion+Update+The+Final+Final+Chapter/26334/
"BadPower" USB-C Charger Firmware Weakness (link in chinese)
https://xlab.tencent.com/cn/2020/07/16/badpower/
Zoom Phishing
https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/
Microsoft Office TLS 1.x Phaseout
https://docs.microsoft.com/en-us/microsoft-365/compliance/prepare-tls-1.2-in-office-365?view=o365-worldwide
]]> 6:11 microsoft, office, tls, office 365, zoom, phishing, badpower, usb, usb-c, bitcoin, sextortion, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7086 #SigRed Update; Cloutflare Outage; ZeroShell; Zone.Identifier; Forgotten tcpdump Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #SigRed Update; Cloutflare Outage; ZeroShell; Zone.Identifier; Forgotten tcpdump https://traffic.libsyn.com/securitypodcast/7086.mp3 https://isc.sans.edu/podcastdetail/7086 Mon, 20 Jul 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Hunting+for+SigRed+Exploitation/26362/
Cloudflare Outage
https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/
Exploitation of ZeroShell Routers
https://isc.sans.edu/forums/diary/Scanning+Activity+for+ZeroShell+Unauthenticated+Access/26368/
Zone.Identifier: A Coupe of Observations
https://isc.sans.edu/forums/diary/ZoneIdentifier+A+Coupe+Of+Observations/26366/
Forgotten tcpdump Options
https://showmethepackets.com/index.php/2020/07/18/a-few-forgotten-tcpdump-options/
]]> 5:48 tcpdump, zone.indentifier, ads, zeroshell, cloudflare, sigred, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7084 Twitter Compromise; SIGRed PoC; Apple Updates; SAP PoC; @sans_edu : Aaron Elyard Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Twitter Compromise; SIGRed PoC; Apple Updates; SAP PoC; @sans_edu : Aaron Elyard https://traffic.libsyn.com/securitypodcast/7084.mp3 https://isc.sans.edu/podcastdetail/7084 Fri, 17 Jul 2020 02:00:03 GMT https://twitter.com/TwitterSupport/status/1283591846464233474?s=20
SIGRed PoC
hxxps://github.com/maxpl0it/CVE-2020-1350-DoS
Apple Updates
https://support.apple.com/en-us/HT201222
SAP PoC Exploit Code Published
https://github.com/chipik/SAP_RECON
https://us-cert.cisa.gov/ncas/alerts/aa20-195a
SANS.edu Student: Aaron Elyard: KITT
https://www.sans.org/reading-room/whitepapers/OpenSource/improving-analyst-efficiency-office365-business-email-compromise-investigation-scenarios-implementation-open-source-tools-39655
KITT: https://github.com/intrepidtechie/KITT-O365-Tool
]]> 13:47 sans.edu, kitt, outlook 365, bec, sap, poc, exploit, apple, sigred, twitter, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7082 MSFT DNS Server Vulnerability #sigred; Outlook Patch Crashes; Oracle CPU; Cisco Backdoors Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT DNS Server Vulnerability #sigred; Outlook Patch Crashes; Oracle CPU; Cisco Backdoors https://traffic.libsyn.com/securitypodcast/7082.mp3 https://isc.sans.edu/podcastdetail/7082 Thu, 16 Jul 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/PATCH+NOW+SIGRed+CVE20201350+Microsoft+DNS+Server+Vulnerability/26356/
https://www.sans.org/webcasts/about-windows-dns-vulnerability-cve-2020-1350-116120
Outlook Crashes After Patch Tuesday Updates
https://www.reddit.com/r/sysadmin/comments/hrq0mn/outlook_immediately_crashing_on_open_after/fy5nnx2/
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2020.html
Cisco Backdoors
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities
]]> 5:15 cisco, backdoors, default credentials, oracle, cpu, outlook, crashes, msft, dns server, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7080 MSFT Patch Tuesday; Adobe Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Tuesday; Adobe Patches https://traffic.libsyn.com/securitypodcast/7080.mp3 https://isc.sans.edu/podcastdetail/7080 Wed, 15 Jul 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+July+2020+Patch+Tuesday+Patch+Now/26350/
Adobe Patches
https://helpx.adobe.com/security.html
]]> 5:34 Adobe, Microsoft, dns, patch tuesday, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7078 VBA Details; Apple mount_apfs TCC Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VBA Details; Apple mount_apfs TCC Bypass https://traffic.libsyn.com/securitypodcast/7078.mp3 https://isc.sans.edu/podcastdetail/7078 Tue, 14 Jul 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Maldoc+VBA+Purging+Example/26342/
Password protected VBA Code
https://isc.sans.edu/forums/diary/VBA+Project+Passwords/26346/
MacOS mount_apfs TCC Bypass
https://theevilbit.github.io/posts/cve_2020_9771/
]]> 6:27 macos, mount_apfs, apfs, password, vba, purged, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7076 Excel Starts Formbook; Zoom Update; Digicert Mass Revoke; OAUTH Consent Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Excel Starts Formbook; Zoom Update; Digicert Mass Revoke; OAUTH Consent Phishing https://traffic.libsyn.com/securitypodcast/7076.mp3 https://isc.sans.edu/podcastdetail/7076 Mon, 13 Jul 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/
Zoom Update Fixing Zoom on Windows 7 Vulnerability
https://support.zoom.us/hc/en-us/articles/360046081271-New-updates-for-July-10-2020
DigiCert Replaces 50,000 EV Certificates
https://knowledge.digicert.com/alerts/DigiCert-ICA-Replacement
Microsoft Warns of OAUTH consent Phishing
https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/
]]> 6:50 microsoft, oauth, phishing, digicert, ev certificates, ev, zoom, windows 7, formbook, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7074 Citrix Scanning; Juniper Patches; Google Releases Tsunami Scanner; @sans_edu student Billy Wilson: Securing Super Computers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Citrix Scanning; Juniper Patches; Google Releases Tsunami Scanner; @sans_edu student Billy Wilson: Securing Super Computers https://traffic.libsyn.com/securitypodcast/7074.mp3 https://isc.sans.edu/podcastdetail/7074 Fri, 10 Jul 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Active+Exploit+Attempts+Targeting+Recent+Citrix+ADC+Vulnerabilities+CTX276688/26330/
https://www.youtube.com/watch?time_continue=6&v=1_D4_9BKHSc&feature=emb_logo
Juniper Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Google Releases Tsunami Security Scanner
https://github.com/google/tsunami-security-scanner
SANS.edu Student Billy Wilson: Security Supercomputers with BPF Probes
https://www.sans.org/reading-room/whitepapers/detection/securing-soft-underbelly-supercomputer-bpf-probes-39635#__utma=56421037.1361558334.1422039453.1445264258.1445266863.510&__utmb=56421037.17.9.1445268558432&__utmc=56421037&__utmx=-&__utmz=56421037.1444729543.493.57.utmcsr=admin.sans.org|utmccn=%28referral%29|utmcmd=referral|utmcct=/account/madmin/account_manage
]]> 14:16 sans.edu, billy wilson, supercomputers, bpf, juniper, google, tsunami, citrix, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7072 Obfuscated Malware; PAN-OS Vulnerability; Citrix Vuln Details; Mozilla Suspends Send Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscated Malware; PAN-OS Vulnerability; Citrix Vuln Details; Mozilla Suspends Send https://traffic.libsyn.com/securitypodcast/7072.mp3 https://isc.sans.edu/podcastdetail/7072 Thu, 09 Jul 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/If+You+Want+Something+Done+Right+You+Have+To+Do+It+Yourself+Malware+Too/26320/
PaloAlto Networks PAN-OS CVE-2020-2034
https://security.paloaltonetworks.com/CVE-2020-2034
Citrix Vulnerability Details (CVE-2020-8194)
https://dmaasland.github.io/posts/citrix.html
Mozilla Suspending Send Service
https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
]]> 6:31 mozilla, send, citrix, paloalto, malware, obfuscation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7070 F5 BigIP Wrapup / New Exploit Bypassing Workaround (HT @nccgroupinfosec); Citrix ADC Patches; Microsoft Freta; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. F5 BigIP Wrapup / New Exploit Bypassing Workaround (HT @nccgroupinfosec); Citrix ADC Patches; Microsoft Freta; https://traffic.libsyn.com/securitypodcast/7070.mp3 https://isc.sans.edu/podcastdetail/7070 Wed, 08 Jul 2020 02:00:03 GMT https://twitter.com/NCCGroupInfosec/status/1280593966879125504
https://www.sans.org/webcasts/116065
Citrix ADC / Citrix Gateway Patches
https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/
Microsoft Releases Free Memory Analysis Service
https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
]]> 5:28 microsoft, freta, citrix, f5 bigip, workaround, nccgroup, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7068 More BigIP Exploits; MSFT ATP Web Content Filtering; Ransomware; More Research IPs; #DShield20Years Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More BigIP Exploits; MSFT ATP Web Content Filtering; Ransomware; More Research IPs; #DShield20Years https://traffic.libsyn.com/securitypodcast/7068.mp3 https://isc.sans.edu/podcastdetail/7068 Tue, 07 Jul 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Summary+of+CVE20205902+F5+BIGIP+RCE+Vulnerability+Exploits/26316/
Special F5 BigIP Webcast
https://www.sans.org/webcasts/116065
Microsoft ATP Web Content Filtering
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/an-update-on-web-content-filtering/ba-p/1505445
Ouch Newsletter: Ransomware
https://www.sans.org/security-awareness-training/resources/ransomware
Extended Research Feed: Added Net Systems Research
https://isc.sans.edu/api/threatcategory/research
]]> 5:20 research feed, ouch, ransomware, awareness, atp, microsoft, f5, bigip, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7066 F5 BigIP Critical RCE; Guacamole RDP Gateway Vuln; Barclays vs Archive.org Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. F5 BigIP Critical RCE; Guacamole RDP Gateway Vuln; Barclays vs Archive.org https://traffic.libsyn.com/securitypodcast/7066.mp3 https://isc.sans.edu/podcastdetail/7066 Mon, 06 Jul 2020 02:00:03 GMT https://support.f5.com/csp/article/K52145254
https://isc.sans.edu/forums/diary/CVE20205902+F5+BIGIP+Exploitation+Attempt/26310/
https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4
https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller
Guacamole RDP Gateway Vulnerability
https://blog.checkpoint.com/2020/07/02/hole-y-guacamole-fixing-critical-vulnerabilities-in-apaches-popular-remote-desktop-gateway/
Barclays Caught Serving Code from Wayback Machine
https://www.theregister.com/2020/07/03/barclays_bank_javascript_wayback_machine/
]]> 6:15 Barkclays, wayback machine, archive.org, guacamole, rdp, f5, bigip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7064 DNS Exfil in PoS Malware; EvilQuest Update; More Tools - Less Security Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS Exfil in PoS Malware; EvilQuest Update; More Tools - Less Security https://traffic.libsyn.com/securitypodcast/7064.mp3 https://isc.sans.edu/podcastdetail/7064 Thu, 02 Jul 2020 02:00:03 GMT https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/
Evil Quest "Ransomware" Update
https://objective-see.com/blog/blog_0x59.html
IBM Cyber Resilient Organziation Report
https://www.ibm.com/account/reg/us-en/signup?formid=urx-45839
]]> 4:25 ibm, evilquest, macos, alina, pos, dns, data exfiltration, exfiltration, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7062 Special Windows Patch (Code Exec Vuln); MacOS Ransomware; VPN Priv Escalation; DNSSEC Phish Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Special Windows Patch (Code Exec Vuln); MacOS Ransomware; VPN Priv Escalation; DNSSEC Phish https://traffic.libsyn.com/securitypodcast/7062.mp3 https://isc.sans.edu/podcastdetail/7062 Wed, 01 Jul 2020 02:00:02 GMT https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457
MacOS Ransomare Arrives as Fake Little Snitch Software
https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/
VPN Privilege Escalation
https://0xsha.io/posts/zombievpn-breaking-that-internet-security
DNSSEC Phishing Scam
https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/
]]> 5:54 DNSSEC, phishing, vpn, zombievpn, bitdefender, macos, ransomware, little snitch, windows 10, 2019, patch, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7060 Sysmon and ADS; PAN-OS SAML Issues; Old Telnet Issue in Cisco IOS XE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sysmon and ADS; PAN-OS SAML Issues; Old Telnet Issue in Cisco IOS XE https://traffic.libsyn.com/securitypodcast/7060.mp3 https://isc.sans.edu/podcastdetail/7060 Tue, 30 Jun 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Sysmon+and+Alternate+Data+Streams/26292/
Paloalto PAN-OS SAML Vulnerability
https://security.paloaltonetworks.com/CVE-2020-2021
Cisco Telnet Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx
https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
]]> 4:35 cisco, telnet, appgate, palo alto, pan, sysmon, saml, global protect, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7058 MacOS 11 Security Changes; Changes to Cert Expiration September 1st Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MacOS 11 Security Changes; Changes to Cert Expiration September 1st https://traffic.libsyn.com/securitypodcast/7058.mp3 https://isc.sans.edu/podcastdetail/7058 Mon, 29 Jun 2020 01:12:18 GMT https://www.sentinelone.com/blog/macos-big-sur-9-big-surprises-for-enterprise-security/
Certificate Lifetime Limited to 1 Year Starting September
https://chromium.googlesource.com/chromium/src/+/ae4d6809912f8171b23f6aa43c6a4e8e627de784
https://support.apple.com/en-us/HT211025
https://lists.cabforum.org/pipermail/servercert-wg/2020-June/002000.html
]]> 7:07 certificates, lifetime, expiration, macos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7056 Tech Tuesday Recording; Favicon Hides Code; GeoVision Vulns; Docker Vulns; Karim Lalji about #Cyberbunker; @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Tech Tuesday Recording; Favicon Hides Code; GeoVision Vulns; Docker Vulns; Karim Lalji about #Cyberbunker; @sans_edu https://traffic.libsyn.com/securitypodcast/7056.mp3 https://isc.sans.edu/podcastdetail/7056 Fri, 26 Jun 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Tech+Tuesday+Recap+Recordings+Part+2+Installing+the+Honeypot+release/26280/
https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A
Credit Card Skimmers Hide Code in Favicon EXIF Data
https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/
GeoVision Scanners Vulnerabilities
https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html
Docker Images Containing Cryptojacking Malware
https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/
SANS.edu Student Karim Lalji: https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640
]]> 16:43 docker, geovision, scanners, skimmers, favicon, exif, tech tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7054 Shell Link No-Touch Download; Updates: Chrome, QNAP, Magento; Exchange Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Shell Link No-Touch Download; Updates: Chrome, QNAP, Magento; Exchange Attacks https://traffic.libsyn.com/securitypodcast/7054.mp3 https://isc.sans.edu/podcastdetail/7054 Thu, 25 Jun 2020 01:42:44 GMT https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26276/
Chrome Updates Released
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html
QNAP Updates for Helpdesk
https://www.qnap.com/de-de/security-advisory/qsa-20-03
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-41.html
Attacks Against Microsoft Exchange Servers
https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/
]]> 5:49 microsoft, exchange, magento, qnap, chrome, shell, zero-touch, links, downloads, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7052 CyberBunker; Microsoft offering Linux/Android and Safe Documents Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CyberBunker; Microsoft offering Linux/Android and Safe Documents https://traffic.libsyn.com/securitypodcast/7052.mp3 https://isc.sans.edu/podcastdetail/7052 Wed, 24 Jun 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/
Microsoft Offering Enterprise Security Products for Linux/Android
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/announcing-microsoft-defender-atp-for-android/ba-p/1480787
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/microsoft-defender-atp-for-linux-is-now-generally-available/ba-p/1482344
Microsoft Safe Documents
https://techcommunity.microsoft.com/t5/microsoft-365-blog/safe-documents-is-generally-available/ba-p/1480401
]]> 5:57 cyberbunker, microsoft, enterprise, linux, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7050 WinMerge; VMWare/Office Patches for MacOS; RCE Bitdefender; Google Analytcs Data Exfil Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WinMerge; VMWare/Office Patches for MacOS; RCE Bitdefender; Google Analytcs Data Exfil https://traffic.libsyn.com/securitypodcast/7050.mp3 https://isc.sans.edu/podcastdetail/7050 Tue, 23 Jun 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Comparing+Office+Documents+with+WinMerge/26268/
VMWare Tools and Microsoft Office Updates for macOS
https://www.vmware.com/security/advisories/VMSA-2020-0014.html
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1225
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1226
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1229
Remote Code Execution Vulnerability in Bitdefender
https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/
Google Analytics Used to Exfiltrate Data
https://www.perimeterx.com/tech-blog/2020/bypassing-csp-exflitrate-data/
]]> 7:13 vmware, google, analytics, bitdefender, csp, vmware, office, macos, microsoft, winmerge, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7048 Sigma Rules; Pi 0 Honeypot; Ransomware Post Infection; Discord Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sigma Rules; Pi 0 Honeypot; Ransomware Post Infection; Discord Malware https://traffic.libsyn.com/securitypodcast/7048.mp3 https://isc.sans.edu/podcastdetail/7048 Mon, 22 Jun 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Sigma+rules+The+generic+signature+format+for+SIEM+systems/26258/
Pi Zero Honeypot
https://isc.sans.edu/forums/diary/Pi+Zero+HoneyPot/26260/
Ransomware Operators Lurk on Your Network
https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/
Discord Modified to Steal Accounts
https://www.bleepingcomputer.com/news/security/discord-modified-to-steal-accounts-by-new-nitrohack-malware/
]]> 5:24 discord, nitrohack, ransomware, pi zero, honeypot, sigma, siem, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7046 Outlook Link Re-Write Bug; Cisco Updates; Netgear Bug; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Outlook Link Re-Write Bug; Cisco Updates; Netgear Bug; https://traffic.libsyn.com/securitypodcast/7046.mp3 https://isc.sans.edu/podcastdetail/7046 Fri, 19 Jun 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Broken+phishing+accidentally+exploiting+Outlook+zeroday/26254/
Webcast: https://www.sans.org/webcasts/sansatmic-catch-release-phishing-techniques-good-guys-115430
Cisco Updates
Treck IP Stack: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
All Advisories: https://tools.cisco.com/security/center/publicationListing.x
Netgear httpd Firmware Upload Stack-based Buffer Overflow RCE Vulnerability
https://blog.grimm-co.com/2020/06/soho-device-exploitation.html
Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935
]]> 5:56 tech tuesday, netgear, workshop, firmware, cisco, outlook, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7044 Odd Protest Spam; Zoom E2EE; Linux ACPI Bug; ISC Tech Tuesday Workshop Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd Protest Spam; Zoom E2EE; Linux ACPI Bug; ISC Tech Tuesday Workshop https://traffic.libsyn.com/securitypodcast/7044.mp3 https://isc.sans.edu/podcastdetail/7044 Thu, 18 Jun 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Odd+Protest+Spam+Scam+Targeting+Atlanta+Police+Foundation/26248/
Zoom Publishes End-to-End Encryption Whitepaper
https://github.com/zoom/zoom-e2e-whitepaper
Linux ACPI Bug Defeats UEFI Secure Boot
https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh
Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935
]]> 7:04 tech tuesday, zoom, linux, acpi, uefi, secure boot, atlanta, police, foundation, scam, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7042 Fake Dating Profile Extortion; TMobile Postmortem; Docker Image Vulns; IOT Ripple Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake Dating Profile Extortion; TMobile Postmortem; Docker Image Vulns; IOT Ripple https://traffic.libsyn.com/securitypodcast/7042.mp3 https://isc.sans.edu/podcastdetail/7042 Wed, 17 Jun 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/
TMobile Outage Due to Configuration Error
https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/
Vulnerability Analysis of 2500 Docker Hub Images
https://arxiv.org/pdf/2006.02932.pdf
Track IP Stack Contains Multiple Vulnerabilities
https://www.kb.cert.org/vuls/id/257161
]]> 6:39 track ip stack, docker, tmobile, sextortion, russian, ukrainian, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7040 HTML Phishing; TMobile Outage; LTE/5G GTP Issues; #SANSFIRE HAndler Talks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HTML Phishing; TMobile Outage; LTE/5G GTP Issues; #SANSFIRE HAndler Talks https://traffic.libsyn.com/securitypodcast/7040.mp3 https://isc.sans.edu/podcastdetail/7040 Tue, 16 Jun 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/HTML+based+Phishing+Run/26242/
Major T-Mobile Outage (may affect other carriers as well)
https://twitter.com/NevilleRay/status/1272650750665953280
https://status.duo.com/incidents/txv7kq6tr0h8
Vulnerabilities in LTE and 5G Networks
https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf
SANSFIRE Handler Talks
Xavier Mertens: https://www.sans.org/webcasts/sansatmic-walk-logs-hell-115420
Bojan Zdrnja: https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerHTML Phishing
]]> 6:51 sansfire, siem, soc, webapp, pentest, mobile applications, lte, 5g, gtp, gprs, tmobile, outage, html, phish, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7038 Fileless Excel Malware; Win Update Issues; Privnote Phish; #SANSFIRE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fileless Excel Malware; Win Update Issues; Privnote Phish; #SANSFIRE https://traffic.libsyn.com/securitypodcast/7038.mp3 https://isc.sans.edu/podcastdetail/7038 Mon, 15 Jun 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Malicious+Excel+Delivering+Fileless+Payload/26232/
Windows Update Issues
https://support.microsoft.com/en-us/help/4566779/usb-printer-port-missing-after-disconnecting-printer-while-windows-10
https://answers.microsoft.com/en-us/windows/forum/all/cumulative-updates-june-9th-2020/45a8a7f3-cb89-459e-acf1-32d9de15c099
Privnote.com Phishing
https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/
SANS @Mic Talk: ISC Handler Bojan Zdrnja
https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerabilities-115425
]]> 6:16 sans@mic, bojan, web applications, mobile applications, privnote, phishing, privnotes, windows, update, excel, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7036 JavaScript Anti-Debugging; Facebook Messanger Bug; Outlook Macros; Network Flows in AWS @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. JavaScript Anti-Debugging; Facebook Messanger Bug; Outlook Macros; Network Flows in AWS @sans_edu https://traffic.libsyn.com/securitypodcast/7036.mp3 https://isc.sans.edu/podcastdetail/7036 Fri, 12 Jun 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/AntiDebugging+JavaScript+Techniques/26228/
Facebook Messenger Desktop App Vulnerability
https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/
Outlook Massmailing Macros
https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/
STI Student Research: Dennis Taggard; Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative?
Paper: https://www.sans.org/reading-room/whitepapers/cloud/ebb-flow-network-flow-logging-staple-public-cloud-visibility-waning-imperative-39580
Video: https://youtu.be/faoFx7Q3_aM
]]> 7:01 javascript, debugging, anti-debugging, Facebook, messenger, outlook, macro, network flows, aws, sti, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7034 ZLoader Update; More Expiring CAs; BLM Themed Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ZLoader Update; More Expiring CAs; BLM Themed Malware https://traffic.libsyn.com/securitypodcast/7034.mp3 https://isc.sans.edu/podcastdetail/7034 Thu, 11 Jun 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Job+applicationthemed+malspam+pushes+ZLoader/26222/
More Expiring Root CAs
https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/
Black Lives Matter Themed Malware
https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/
]]> 6:18 blm, black lives matter, trickbot, expiring ca, certificates, zloader, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7032 Microsoft Patch Day; SMBleed; Adobe Patches; Intel Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Day; SMBleed; Adobe Patches; Intel Patches https://traffic.libsyn.com/securitypodcast/7032.mp3 https://isc.sans.edu/podcastdetail/7032 Wed, 10 Jun 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Microsoft+June+2020+Patch+Tuesday/26220/
SMBleed
https://github.com/ZecOps/CVE-2020-1206-POC
Adobe Patches
https://helpx.adobe.com/security.html
Intel Patch Day
https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/?linkId=100000012832617
]]> 6:09 intel, adobe, microsoft, patches, smbleed, smbghost, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7030 Translating BASE64; Fake Ransomware Decrypt; GNUTLS Vuln; CallStranger Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Translating BASE64; Fake Ransomware Decrypt; GNUTLS Vuln; CallStranger https://traffic.libsyn.com/securitypodcast/7030.mp3 https://isc.sans.edu/podcastdetail/7030 Tue, 09 Jun 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Translating+BASE64+Obfuscated+Scripts/26214/
Fake Ransomware Decryptor
https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/
GNUTLS TLS 1.3 Machine in the Middle
https://gitlab.com/gnutls/gnutls/-/issues/1011
CallStranger UPNP Vulnerability
https://callstranger.com/
Shellcode Analysis 101
https://www.sans.org/webcasts/sansatmic-shellcode-analysis-101-114160
]]> 6:51 shellcode, callstranger, upnp, gnutls, tls 1.3, fake ransomware decryptor, decryptor, ransomware, base64, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7028 PHP FastCGI Attacks; Protest Cybersecurity; QNAP Vuln; Blocking Loopback Portscans Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PHP FastCGI Attacks; Protest Cybersecurity; QNAP Vuln; Blocking Loopback Portscans https://traffic.libsyn.com/securitypodcast/7028.mp3 https://isc.sans.edu/podcastdetail/7028 Mon, 08 Jun 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Not+so+FastCGI/26208/
Protest Cybersecurity
https://isc.sans.edu/forums/diary/Cyber+Security+for+Protests/26210/
uBlock Origin Blocks Portscans
https://www.bleepingcomputer.com/news/security/ublock-origin-ad-blocker-now-blocks-port-scans-on-most-sites/
QNAP Vulnerability
https://www.qnap.com/en/security-advisory/qsa-20-01
]]> 6:23 qnap, ublock, ebay, portscan, javascript, xss, rce, protest, php, fastcgi, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7026 Anti-Debugging; Feed Update; Bank Transaction Spam; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Anti-Debugging; Feed Update; Bank Transaction Spam; https://traffic.libsyn.com/securitypodcast/7026.mp3 https://isc.sans.edu/podcastdetail/7026 Fri, 05 Jun 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/AntiDebugging+Technique+based+on+Memory+Protection/26200/
Suspending Suspicious Domain Feed/Update to Researcher IP Feed
https://isc.sans.edu/forums/diary/Suspending+Suspicious+Domain+Feed+Update+to+Researcher+IP+Feed/26204/
Bank Transaction Comments Used for Abusive Messages
https://www.theregister.com/2020/06/04/commonwealth_bank_bans_indecent_transaction_descriptions/
Android Security Bulletin
https://source.android.com/security/bulletin/2020-06-01
Android Wallpaper Crash
https://www.androidauthority.com/android-wallpaper-crash-1124577/
STI Research Paper: Janusz Pazgier; Efficacy of UNIX HIDS
https://www.sans.org/reading-room/whitepapers/detection/efficacy-unix-hids-39565
]]> 13:14 unix, hids, janusz pazgier, wallpaper, crash, android, bank, abusive messages, suspicious domains, ipip, anti-debugging, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7024 Polish ZLoader Malspam; Cisco IP-in-IP Flaw; Zoom Flaws; Firefox Disables DoH Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Polish ZLoader Malspam; Cisco IP-in-IP Flaw; Zoom Flaws; Firefox Disables DoH https://traffic.libsyn.com/securitypodcast/7024.mp3 https://isc.sans.edu/podcastdetail/7024 Thu, 04 Jun 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Polish+malspam+pushes+ZLoader+malware/26196/
Cisco Patches IP-in-IP Flaw
https://securityaffairs.co/wordpress/104192/security/ip-in-ip-flaw-cisco.html
Zoom Fixes Two Critical Flaws
https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html
Firefox Disables Automatic DNS over HTTPS Selection to Prevent DDoS
https://www.mozilla.org/en-US/firefox/77.0.1/releasenotes/
]]> 5:59 firefox, doh, zoom, cisco, ip-in-ip, polish, malspam, zloader, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7022 Stackstrings; More AddTrust Woes; VMWare Cloud Director Exploit @__agwa Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Stackstrings; More AddTrust Woes; VMWare Cloud Director Exploit @__agwa https://traffic.libsyn.com/securitypodcast/7022.mp3 https://isc.sans.edu/podcastdetail/7022 Wed, 03 Jun 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Stackstrings+type+2/26192/
More Details About AddTrust External CA Root Expiration
https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
VMWare Cloud Director Vulnerability and Exploit
https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/
]]> 5:34 stackstring, vmware, addrust, ca, root, expiration, cloud director, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7020 Apple Patches Unc0ver; Office 365 Details; Security Researchers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Patches Unc0ver; Office 365 Details; Security Researchers https://traffic.libsyn.com/securitypodcast/7020.mp3 https://isc.sans.edu/podcastdetail/7020 Tue, 02 Jun 2020 02:00:03 GMT https://support.apple.com/en-us/HT201222
Office 365 Adds Details About Malicious E-Mail Attachments
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=64570
Impact of Research on Our Data
https://isc.sans.edu/forums/diary/The+Impact+of+Researchers+on+Our+Data/26182/
]]> 7:06 researchers, office 365, attachments, apt, atp, unc0ver, apple, macos, ios, ipados, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7018 Sectigo CA; Sign in With Apple Flaw; DABANGG; FIDO @fidoalliance Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sectigo CA; Sign in With Apple Flaw; DABANGG; FIDO @fidoalliance https://traffic.libsyn.com/securitypodcast/7018.mp3 https://isc.sans.edu/podcastdetail/7018 Mon, 01 Jun 2020 02:00:02 GMT https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
Critical Sign In With Apple Flaw
https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/
DABANGG: Refined Flush Based Cache Attacks
https://www.cse.iitk.ac.in/users/biswap/DABANGG.pdf
New Website Explaining FIDO
https://loginwithfido.com/
]]> 6:15 apple, sectigo, certificates, CA, fido, flush, cache, cpu, dabangg, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7016 USBFuzz; Saltstack vs. Cisco; SHA1 Even Deader; @sans_edu : Threat Actor Assessments Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. USBFuzz; Saltstack vs. Cisco; SHA1 Even Deader; @sans_edu : Threat Actor Assessments https://traffic.libsyn.com/securitypodcast/7016.mp3 https://isc.sans.edu/podcastdetail/7016 Fri, 29 May 2020 02:00:02 GMT https://www.nebelwelt.net/files/20SEC3.pdf
Cisco Products Vulnerable to Saltstack Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
Another Nail in the Coffin for SHA-1
https://eprint.iacr.org/2020/014.pdf
STI Student: Andy Piazza; Qualifying Threat Actor Assessments
https://www.sans.org/reading-room/whitepapers/threatintelligence/paper/39585
]]> 18:43 sti, sans_edu, interview, student, threat actor, assessments, cisco, sha1, hashes, usbfuzz, usb, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7014 Google Cloud Phish; Trend Micro Cheats; Netgear Nighthawk Evilgrade Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Google Cloud Phish; Trend Micro Cheats; Netgear Nighthawk Evilgrade https://traffic.libsyn.com/securitypodcast/7014.mp3 https://isc.sans.edu/podcastdetail/7014 Thu, 28 May 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Frankensteins+phishing+using+Google+Cloud+Storage/26174/
Trend Micro AntiVirus Blocked by Microsoft
https://billdemirkapi.me/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/
Netgear Nighthawk Firmware Update Vulnerability
https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/
]]> 6:49 netgear, nighthawk, firmware, evilgrade, trend, micro, antivirus, cheating, phishing, google, cloud, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7012 SHA3? MacOS Update; Windows 0Day Vuln; Phish Detection @CurtBraz Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SHA3? MacOS Update; Windows 0Day Vuln; Phish Detection @CurtBraz https://traffic.libsyn.com/securitypodcast/7012.mp3 https://isc.sans.edu/podcastdetail/7012 Wed, 27 May 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Seriously+SHA3+where+art+thou/26170/
Apple Updates
https://support.apple.com/en-us/HT201222
Google ZDI Releases Details Regarding Unpatched Windows Vulnerabilities
https://www.zerodayinitiative.com/advisories/ZDI-20-666/
https://www.zerodayinitiative.com/advisories/ZDI-20-665/
https://www.zerodayinitiative.com/advisories/ZDI-20-663/
https://www.zerodayinitiative.com/advisories/ZDI-20-662/
https://www.zerodayinitiative.com/advisories/ZDI-20-664/
Research into Phish Detection
https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c3986af5
]]> 5:59 phishing, detection, google, zdi, windows, macos, ios, sha3, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7010 PowerPoint Add-Ins and VM Malware; iOS Patch Analysis; eBay Scanner; iPhone Jailbreak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PowerPoint Add-Ins and VM Malware; iOS Patch Analysis; eBay Scanner; iPhone Jailbreak https://traffic.libsyn.com/securitypodcast/7010.mp3 https://isc.sans.edu/podcastdetail/7010 Tue, 26 May 2020 10:22:34 GMT https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/
Virtual Machine Delivers Malware
https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/
iOS Patch Analysis
https://blog.zecops.com/vulnerabilities/hidden-demons-maildemon-patch-analysis-ios-13-4-5-beta-vs-ios-13-5/
eBay Port Scanning
https://www.ghacks.net/2020/05/25/ebay-is-port-scanning-your-system-when-you-load-the-webpage/
iPhone Jailbreak
https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html
SANSFIRE
https://isc.sans.edu/sansfire
]]> 6:34 sansfire, iphone, jailbreak, ebay, port scan, portscan, ios, vm, powerpoint, add-in, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7008 Malware Triage; Verizon DBIR; Apple Updates; Sophos XG Firewall Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Triage; Verizon DBIR; Apple Updates; Sophos XG Firewall https://traffic.libsyn.com/securitypodcast/7008.mp3 https://isc.sans.edu/podcastdetail/7008 Fri, 22 May 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Malware+Triage+with+FLOSS+API+Calls+Based+Behavior/26156/
Verizon Breach Report
https://enterprise.verizon.com/resources/reports/dbir/
Apple Updates
https://support.apple.com/en-us/HT201222
Sophos Firewall Vulnerability Exploit
https://news.sophos.com/en-us/2020/05/21/asnarok2/
]]> 6:02 sophos, apple, verizon, malware, triage, floss, fame, xg, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7006 IceID Update; NXNSAttack; Adobe Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IceID Update; NXNSAttack; Adobe Updates https://traffic.libsyn.com/securitypodcast/7006.mp3 https://isc.sans.edu/podcastdetail/7006 Thu, 21 May 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+Word+document+with+malicious+macro+pushes+IcedID+Bokbot/26146/
NXNSAttack DNS Amplification
https://www.nxnsattack.com/
https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
Adobe Updates
https://helpx.adobe.com/security.html
]]> 5:47 adobe, nxnsattack, dns, amplification, ddos, iceid, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7004 Port 62234; Cisco Patches; Google Chrome 83; QNAP @Happyholic1203 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Port 62234; Cisco Patches; Google Chrome 83; QNAP @Happyholic1203 https://traffic.libsyn.com/securitypodcast/7004.mp3 https://isc.sans.edu/podcastdetail/7004 Wed, 20 May 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/What+is+up+on+Port+62234/26144/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB
Google Chrome 83 Released
https://chromereleases.googleblog.com/
QNAP Vulnerability Details Released
https://medium.com/bugbountywriteup/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05
ISC YouTube Channel
https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A
]]> 6:32 port 62234, cisco, google, chrome, safebrowsing, youtube, qnap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7002 Multi Detection Confusion; O365 Mixes up Users; Apple BT Issues; #BIAS Bluetooth Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Multi Detection Confusion; O365 Mixes up Users; Apple BT Issues; #BIAS Bluetooth Vuln; https://traffic.libsyn.com/securitypodcast/7002.mp3 https://isc.sans.edu/podcastdetail/7002 Tue, 19 May 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Antivirus+Multiple+Detections/26134/
Office 365 Returning Search Results from Other Organizations
https://www.theregister.co.uk/2020/05/18/microsoft_office_365_internal_search_mixup/
MagicPairing Vulnerabilities
https://arxiv.org/pdf/2005.07255.pdf
BIAS: Bluetooth Impersonation AttackS
https://francozappa.github.io/about-bias/
]]> 6:16 bluetooth, magicpairing, apple, office 365, antivirus, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 7000 OWA Scans; Edison Email Mixup; COMpfun Udpate; PAN OS Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OWA Scans; Edison Email Mixup; COMpfun Udpate; PAN OS Patches https://traffic.libsyn.com/securitypodcast/7000.mp3 https://isc.sans.edu/podcastdetail/7000 Mon, 18 May 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Scanning+for+Outlook+Web+Access+OWA+Microsoft+Exchange+Control+Panel+ECP/26132/
Edison iOS E-Mail Client Leaks Data
https://www.theverge.com/2020/5/16/21260967/edison-mail-update-ios-security-bug
COMpfun Malware Uses Status Codes to Communicate
https://securelist.com/compfun-http-status-based-trojan/96874/
PAN OS Patches
https://securityaffairs.co/wordpress/103265/security/palo-alto-networks-pan-os-flaws.html
]]> 6:19 panos, patches, compfun, edison, ios, email, owa, outlook, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6998 rethinking severity; top exploited vulns; iOS Vulnerability Glut; BigIP Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. rethinking severity; top exploited vulns; iOS Vulnerability Glut; BigIP https://traffic.libsyn.com/securitypodcast/6998.mp3 https://isc.sans.edu/podcastdetail/6998 Fri, 15 May 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Patch+Tuesday+Revisited+CVE20201048+isnt+as+Medium+as+MS+Would+Have+You+Believe/26124/
Top Exploited Vulnerabilities
https://www.us-cert.gov/ncas/alerts/aa20-133a
Zerodium Drops Payouts For iOS/Safari Exploits
https://twitter.com/Zerodium/status/1260541578747064326?s=20
BigIP Edge Client Vulenrability
https://support.f5.com/csp/article/K20346072
]]> 6:02 bigip, zerodium, us-cert, severity, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6996 Dridex Update; Ramsay "Airgap" Malware; Windows 10 DoH Preview; #SANSFIRE Handler Series Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dridex Update; Ramsay "Airgap" Malware; Windows 10 DoH Preview; #SANSFIRE Handler Series https://traffic.libsyn.com/securitypodcast/6996.mp3 https://isc.sans.edu/podcastdetail/6996 Thu, 14 May 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/
Ramsay Cyber Espionage Toolkit
https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
Windows DNS over HTTPS Preview
https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282#
ISC Handler Series (SANSFIRE)
https://www.sans.org/event/sansfire-2020/bonus-sessions/
]]> 5:58 handlers, sansifre, windows, dns, https, doh, ramsay, airgap, dridex, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6994 MSFT / Adobe Patches; Exposed Firebase; Magecart Sightings; Glitter vs #thunderspy; @LibraAnalysis Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT / Adobe Patches; Exposed Firebase; Magecart Sightings; Glitter vs #thunderspy; @LibraAnalysis https://traffic.libsyn.com/securitypodcast/6994.mp3 https://isc.sans.edu/podcastdetail/6994 Wed, 13 May 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/
Adobe Security Updates
https://helpx.adobe.com/security.html
Android Applications Expose Firebase Databases
https://www.comparitech.com/blog/information-security/firebase-misconfiguration-report/#What_data_is_exposed
More Magecart Sighted
https://maxkersten.nl/2020/05/06/backtracking-magecart-infections/
Glitter vs. Thunderspy
https://www.youtube.com/watch?v=vlK5rrlc44g
]]> 7:03 glitter, thunderbolt, hunderspy, magecard, android, adobe, firebase, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6992 XLMMacroDeobfuscator; LinkedIn Phish; ThunderSpy; Patch vBulletin @DissectMalware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. XLMMacroDeobfuscator; LinkedIn Phish; ThunderSpy; Patch vBulletin @DissectMalware https://traffic.libsyn.com/securitypodcast/6992.mp3 https://isc.sans.edu/podcastdetail/6992 Tue, 12 May 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Excel+4+Macro+Analysis+XLMMacroDeobfuscator/26110/
LinkedIn Phish
https://youtu.be/g0WHz6rikoc
ThunderSpy Thunderbolt Attack
https://thunderspy.io/
vBulletin Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2020-12720
Mini-Netwars
https://www.sans.org/mini-netwars
]]> 5:54 netwars, vbulletin, thunderspy, linkedin, excel, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6990 YARA 4 Released; vRealize Salt; Samsung Android MMS RCE; MacOS 2FA Trojan Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. YARA 4 Released; vRealize Salt; Samsung Android MMS RCE; MacOS 2FA Trojan https://traffic.libsyn.com/securitypodcast/6990.mp3 https://isc.sans.edu/podcastdetail/6990 Mon, 11 May 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/YARA+v400+BASE64+Strings/26106/
VMWare Patches vRealize to Address Saltstack Vulnerabilities
https://www.vmware.com/security/advisories/VMSA-2020-0009.html
Samsung Paches Android RCE Vulnerabilities
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002
https://security.samsungmobile.com/securityUpdate.smsb
MacOS 2FA Application Trojan
https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/
]]> 5:24 macos, 2fa, smasung, rce, images, vmware, yara, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6988 NMAP NSE Scripts; iOS Psychic Paper; #WorldPasswordDay; #Cisco Kerberos Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NMAP NSE Scripts; iOS Psychic Paper; #WorldPasswordDay; #Cisco Kerberos Bypass https://traffic.libsyn.com/securitypodcast/6988.mp3 https://isc.sans.edu/podcastdetail/6988 Fri, 08 May 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Scanning+with+nmaps+NSE+scripts/26096/
iOS Psychic Paper Vulerability
https://siguza.github.io/psychicpaper/
World Password Day
https://www.microsoft.com/security/blog/2020/05/07/protect-accounts-smarter-ways-sign-in-world-passwordless-day
https://tails.boum.org/news/version_4.6/index.en.html
Cisco Kerberos Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS
]]> 5:47 nmap, ios, worldpasswordday, psychic paper, kerberos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6986 Malware Age; Fake Wallets; Favicon Hides JS; WebEx Phish @malwarebytes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Age; Fake Wallets; Favicon Hides JS; WebEx Phish @malwarebytes https://traffic.libsyn.com/securitypodcast/6986.mp3 https://isc.sans.edu/podcastdetail/6986 Thu, 07 May 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Malicious+Files+Life+Time/26092/
Fake Crypto Wallet Chrome Extensions
https://www.theregister.co.uk/2020/05/06/chrome_malicious_extensions/
Favicon Hides Credit Card Skimmer
https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/
WebEx Phishing
https://abnormalsecurity.com/blog/abnormal-attack-stories-cisco-webex-phishing/
]]> 5:56 webex, favicon, crypto wallet, google chrome, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6984 Built in Cloud Security; Citrix Sharefile; Android/Fiefox/Dell/Wordpress Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Built in Cloud Security; Citrix Sharefile; Android/Fiefox/Dell/Wordpress Update https://traffic.libsyn.com/securitypodcast/6984.mp3 https://isc.sans.edu/podcastdetail/6984 Wed, 06 May 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/
Citrix ShareFile Storage Zones Controller Update
https://support.citrix.com/article/CTX269106
Android Update
https://source.android.com/security/bulletin/2020-05-01

Firefox Update
https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
Dell OS Recovery Image Insecure Inherited Permissions
https://www.dell.com/support/article/de-de/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en
WordPress Update
https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
]]> 5:14 wordpress, dell, firefox, android, citrix, sharefile, cloud, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6982 Exploring Sysmon 11 Delete Protection; Digicert CT Compromise Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exploring Sysmon 11 Delete Protection; Digicert CT Compromise https://traffic.libsyn.com/securitypodcast/6982.mp3 https://isc.sans.edu/podcastdetail/6982 Tue, 05 May 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Sysmon+and+File+Deletion/26084/
Digicert CT Compromise
https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM
WebLogic Flaw (new one..) Exploited in the Wild
https://blogs.oracle.com/security/apply-april-2020-cpu
]]> 5:24 weblogic, oracle, digicert, ct, certificate transparency, sysmon, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6980 ZIP and AES; Saltstack Exploited; MDM Compromise Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ZIP and AES; Saltstack Exploited; MDM Compromise https://traffic.libsyn.com/securitypodcast/6980.mp3 https://isc.sans.edu/podcastdetail/6980 Mon, 04 May 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/ZIP+AES/26080/
Saltstack Vulnerability Exploited in the Wild
https://status.ghost.org/
Mobile Device Manager Compromise
https://research.checkpoint.com/2020/first-seen-in-the-wild-mobile-as-attack-vector-using-mdm/
]]> 5:25 mdm, mobile devices, salt, saltstack, exploit, zip, aes, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6978 IOCs from IMAP; Zyxel 0Day Bot; Salt Vuln; Mac Sandbox Escape Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IOCs from IMAP; Zyxel 0Day Bot; Salt Vuln; Mac Sandbox Escape https://traffic.libsyn.com/securitypodcast/6978.mp3 https://isc.sans.edu/podcastdetail/6978 Fri, 01 May 2020 02:05:03 GMT https://isc.sans.edu/forums/diary/Collecting+IOCs+from+IMAP+Folder/26070/
Attack Traffic on TCP Port 9673
https://isc.sans.edu/forums/diary/Attack+traffic+on+TCP+port+9673/26074/
Saltstack Authorization Bypass
https://labs.f-secure.com/advisories/saltstack-authorization-bypass
Mac Sandbox Escape
https://lapcatsoftware.com/articles/sandbox-escape.html
]]> 7:15 mac, sandbox, macos, saltstack, salt, 9673, 4005, 4006, ioc, imap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6976 Covid19 Tracing Protocols; Chrome Update; Sysmon Update; Shade; Honeysploit @CurtBraz Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Covid19 Tracing Protocols; Chrome Update; Sysmon Update; Shade; Honeysploit @CurtBraz https://traffic.libsyn.com/securitypodcast/6976.mp3 https://isc.sans.edu/podcastdetail/6976 Thu, 30 Apr 2020 02:00:02 GMT https://isc.sans.edu/forums/diary/Privacy+Preserving+Protocols+to+Trace+Covid19+Exposure/26066/
Google Chrome Update
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Updated Version of Sysmon
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v11-0-livekd-v5-63-process-explorer-v16-32-coreinfo-v3-5/ba-p/1345153
Shade Ransomware Keys Released
https://github.com/shade-team/keys/blob/master/README.md
Exploiting the Exploiters
https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8
]]> 6:16 covid19, google, chrome, patch, sysmon, shade, exploit, github, honeysploit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6974 Agent Tesla; VMWare ESXi Patch; Microsoft Ransomware Guidance; Adobe Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Agent Tesla; VMWare ESXi Patch; Microsoft Ransomware Guidance; Adobe Patches https://traffic.libsyn.com/securitypodcast/6974.mp3 https://isc.sans.edu/podcastdetail/6974 Wed, 29 Apr 2020 02:00:03 GMT https://isc.sans.edu/forums/diary/Agent+Tesla+delivered+by+the+same+phishing+campaign+for+over+a+year/26062/
VMWare ESXi Patch
https://www.vmware.com/security/advisories/VMSA-2020-0008.html
Microsoft Guidance For Ransomware Response
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
Adobe Security Patches
https://helpx.adobe.com/security.html
]]> 4:50 tesla, phishing, vmware, esxi, xss, microsoft, adobe, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6972 PS inside PSCredential; MSFT Teams GIF Vuln; USB Drives Spread Miner Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PS inside PSCredential; MSFT Teams GIF Vuln; USB Drives Spread Miner https://traffic.libsyn.com/securitypodcast/6972.mp3 https://isc.sans.edu/podcastdetail/6972 Tue, 28 Apr 2020 02:10:02 GMT https://isc.sans.edu/forums/diary/Powershell+Payload+Stored+in+a+PSCredential+Object/26058/
Microsoft Teams Account Takeover Bug
https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/
USB Drives used to Spread Crypto Coin Mining Botnet
https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/
]]> 6:12 usb, autoit, monery, microsoft teams, powershell, pscredential, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6970 Malware Bazaar; Canadian Shield; Covid 19 Tracing; Sophos XG Firewall Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Bazaar; Canadian Shield; Covid 19 Tracing; Sophos XG Firewall https://traffic.libsyn.com/securitypodcast/6970.mp3 https://isc.sans.edu/podcastdetail/6970 Mon, 27 Apr 2020 02:35:30 GMT https://isc.sans.edu/forums/diary/MALWARE+Bazaar/26052/
CIRA Luanches Canadian Shield
https://www.cira.ca/newsroom/canadian-shield/cira-launches-canadian-shield-provide-free-privacy-and-security-canadians
Covid19 Tracing Protocols
https://github.com/DP-3T/documents
https://www.pepp-pt.org/content
https://www.apple.com/covid19/contacttracing/
Sophos XG Firewall SQL Injection Vulnerablity Exploited
https://community.sophos.com/kb/en-us/135412
]]> 7:39 sophos, xg, firewall, sql injection, covid19, cira, malware, bazaar, canadian shield, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6968 GCC Adds Security Analyzer; IBM Spectrum Protect Flaw; GPU Radio; Red Team Platforms Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GCC Adds Security Analyzer; IBM Spectrum Protect Flaw; GPU Radio; Red Team Platforms https://traffic.libsyn.com/securitypodcast/6968.mp3 https://isc.sans.edu/podcastdetail/6968 Fri, 24 Apr 2020 03:00:03 GMT https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/
IBM Spectrum Protect Server Stack Based Buffer Overflow
https://www.ibm.com/support/pages/node/6195706
Possible Issues With Cummulative Windows Updates
https://www.reddit.com/search/?q=KB4549951
Using a GPU as a Radio
https://duo.com/labs/research/finding-radio-sidechannels
Comparing Red Team Platforms
https://redcanary.com/blog/comparing-red-team-platforms/
]]> 7:21 red team, gpu, windows, updates, IBM, spectrum Protect, gcc, openssl, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6966 iOS Mail 0Day; Zoom 5; OpenSSL Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. iOS Mail 0Day; Zoom 5; OpenSSL Patch https://traffic.libsyn.com/securitypodcast/6966.mp3 https://isc.sans.edu/podcastdetail/6966 Thu, 23 Apr 2020 03:00:03 GMT https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/
Zoom 5 To Be Released Shortly Addressing Encryption Issues
https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/
OpenSSL Fixes DOS Flaw
https://www.openssl.org/news/secadv/20200421.txt
]]> 6:04 ios, mail, 0day, zoom, openssl, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6964 SpectX; MSFT Office Patch; Stripe Data Collection; IBM Data Risk Manager Risk Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SpectX; MSFT Office Patch; Stripe Data Collection; IBM Data Risk Manager Risk https://traffic.libsyn.com/securitypodcast/6964.mp3 https://isc.sans.edu/podcastdetail/6964 Wed, 22 Apr 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/SpectX+Log+Parser+for+DFIR/26040/
Microsoft Patches Autodesk Library in Office
https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004
Stripe Data Collection
https://mtlynch.io/stripe-recording-its-customers/
IBM Data Risk Manager Vulnerabilities
https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md
]]> 5:56 ibm, data risk manager, stripe, microsoft, office, spectx, patch, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6962 AutoIT Analysis; FPGA Vulnerability; Nagios Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AutoIT Analysis; FPGA Vulnerability; Nagios Vuln; https://traffic.libsyn.com/securitypodcast/6962.mp3 https://isc.sans.edu/podcastdetail/6962 Tue, 21 Apr 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/KPOT+AutoIt+Script+Analysis/26012/
FPGA Vulnerablity
https://www.usenix.org/conference/usenixsecurity20/presentation/ender
Nagios XI Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/179406

]]> 5:47 nagios, fpga, kpot, autoit, reverse analysis, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6960 Malicious RTF Generator; Sophos Pulls UTM Update; Pulse Secure VPN; Chrome Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious RTF Generator; Sophos Pulls UTM Update; Pulse Secure VPN; Chrome Update https://traffic.libsyn.com/securitypodcast/6960.mp3 https://isc.sans.edu/podcastdetail/6960 Mon, 20 Apr 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Weaponized+RTF+Document+Generator+Mailer+in+PowerShell/26030/
Microsoft Fixes Bad Anti-Malware Signatures
https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes
Sophos Pulls Bad Firmware Update
https://community.sophos.com/kb/en-us/135383
Credentials Stolen from Pulse Secure VPN Abused
https://www.us-cert.gov/ncas/alerts/aa20-107a
Chrome Update
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
]]> 5:34 chrome, vpn, pulse secure, microsoft, security, anti-malware, rtf, template, generator, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6958 Applocker vs LOTL; Netlink GPON 0Day; Windows Security Crash; Bad Gems; vCenter Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Applocker vs LOTL; Netlink GPON 0Day; Windows Security Crash; Bad Gems; vCenter Exploit https://traffic.libsyn.com/securitypodcast/6958.mp3 https://isc.sans.edu/podcastdetail/6958 Fri, 17 Apr 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Using+AppLocker+to+Prevent+Living+off+the+Land+Attacks/26032/
Netlink GPON 0-Day
https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/
Windows Security Crashing After Definition Update
https://www.askwoody.com/2020/reports-of-windows-security-nee-microsoft-security-essentials-crashing-after-installing-this-mornings-definition-updates/
700 Malicious Ruby Gems Found
https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html
vCenter Exploit for CVE-2020-3952
https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
]]> 5:50 vmware, vcener, ruby, gems, windows security, netlink, gpon, applocker, lotd, living off the land, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6956 Hunting without IOCs; Cloudflare/Online Banking Outages; Crypto Stealing Chrome Ext. Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hunting without IOCs; Cloudflare/Online Banking Outages; Crypto Stealing Chrome Ext. https://traffic.libsyn.com/securitypodcast/6956.mp3 https://isc.sans.edu/podcastdetail/6956 Thu, 16 Apr 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/No+IOCs+No+Problem+Getting+a+Start+Hunting+for+Malicious+Office+Files/26026/
Cloudflare/Online Banking Outages
https://twitter.com/eastdakota/status/1250520852354854912
Crypto Currency Stealing Browser Extensions
https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9
]]> 5:27 crypto, currency, chrome, browser extensions, cloudflare, hunting, macros, office, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6954 MSFT and Adobe Patches; Extended EOL for Win10 1809/1709; Dell SafeBIOS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT and Adobe Patches; Extended EOL for Win10 1809/1709; Dell SafeBIOS https://traffic.libsyn.com/securitypodcast/6954.mp3 https://isc.sans.edu/podcastdetail/6954 Wed, 15 Apr 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+April+2020+Patch+Tuesday/26022/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
Microsoft Extending EOL For Windows 10 1709/1809
https://support.microsoft.com/en-us/help/4557164/lifecycle-changes-to-end-of-support-and-servicing-dates
Dell Safe BIOS
https://blog.dellemc.com/en-us/dell-technologies-bolsters-pc-security-todays-remote-workers/
]]> 5:00 dell, safebios, microsoft, extnding eol, windows 10, patch tueday, adobe, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6952 Evolving Phishing Campaign; Flaming 3D Printers; Junos OS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Evolving Phishing Campaign; Flaming 3D Printers; Junos OS https://traffic.libsyn.com/securitypodcast/6952.mp3 https://isc.sans.edu/podcastdetail/6952 Tue, 14 Apr 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Look+at+the+same+phishing+campaign+3+months+apart/26018/
Setting 3D Printers On Fire
https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats
Junos OS: vMX Default Credentials
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10998
DNS is Changing: So What? (@Mic Webinar)
https://www.sans.org/webcasts/113635
]]> 6:20 junos, vmx, 3d printers, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6950 Decrypted KPOT Malware; VCenter Patch; Ransomware Swith to Monero Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Decrypted KPOT Malware; VCenter Patch; Ransomware Swith to Monero https://traffic.libsyn.com/securitypodcast/6950.mp3 https://isc.sans.edu/podcastdetail/6950 Mon, 13 Apr 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Reader+Analysis+Dynamic+analysis+technique+to+get+decrypted+KPOT+Malware/26010/
VMWare vCenter Server Vulnerability
https://www.vmware.com/security/advisories/VMSA-2020-0006.html
Sodinokibi Ransomware Switching to Monero
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/
Malware Impersonates Security Researchers
https://www.bleepingcomputer.com/news/security/new-wiper-malware-impersonates-security-researchers-as-prank/
]]> 5:18 malware, wiper, impersonation, sodinokibi, monero, vmware, kpot, descryption, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6948 OS Spoofing; Dell iDRAC Patch; VISA ends Magento 1 support; TURN Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OS Spoofing; Dell iDRAC Patch; VISA ends Magento 1 support; TURN Vulnerability https://traffic.libsyn.com/securitypodcast/6948.mp3 https://isc.sans.edu/podcastdetail/6948 Fri, 10 Apr 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Performing+deception+to+OS+Fingerprint+Part+1+nmap/25960/
Dell iDRAC Patch
https://www.dell.com/support/article/de-de/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en
VISA Ends Magento 1 Support
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/acquirer-advisory-magento-migration.pdf
Slack WebRTC TURN Compromise
https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/
COVID 19 Domain Classifier
https://isc.sans.edu/covidclassifier.html
]]> 5:45 covid19, covid, domains, slack, webrtc, turn, visa, magento, adobe, dell, idrac, spoofing, os, fingerprints, nmap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6946 Encrypted Traffic Analysis; Corp.com; Exchange Authentication Update; Dark Nexus Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Encrypted Traffic Analysis; Corp.com; Exchange Authentication Update; Dark Nexus https://traffic.libsyn.com/securitypodcast/6946.mp3 https://isc.sans.edu/podcastdetail/6946 Thu, 09 Apr 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/German+malspam+pushes+ZLoader+malware/25996/
Microsoft Purchases Corp.com
https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/
Microsoft Delaying Removal of Basic Authentiation from Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508
Dark Nexus Botnet
https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf
]]> 5:54 dark nexus, botnet, iot, proxy, microsoft, exchange, authentication, oauth, corp.com, malspam, encryption, zloader, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6944 RDP Scanning Increase; Exposed Atlassian Tools; Android Pixel 4 Awake Detection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RDP Scanning Increase; Exposed Atlassian Tools; Android Pixel 4 Awake Detection https://traffic.libsyn.com/securitypodcast/6944.mp3 https://isc.sans.edu/podcastdetail/6944 Wed, 08 Apr 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Increase+in+RDP+Scanning/25994/
Atlassian Advices Users To Secure Jira Service Desk
https://community.atlassian.com/t5/Jira-Service-Desk-articles/Tips-for-setting-customer-permissions-in-Jira-Service-Desk/ba-p/1340617
Android Updates
https://support.google.com/pixelphone/thread/38337876
]]> 5:10 android, atlassian, jira, rdp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6942 BGP Hijack; Vuln Cost Plugin; Exchange Bug Patching; Fake Zoom Installer Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BGP Hijack; Vuln Cost Plugin; Exchange Bug Patching; Fake Zoom Installer https://traffic.libsyn.com/securitypodcast/6942.mp3 https://isc.sans.edu/podcastdetail/6942 Tue, 07 Apr 2020 03:00:03 GMT https://twitter.com/bgpmon/status/1246842916502302723
https://bgpstream.com/event/230837
Vuln Cost Security Scanner for VS Code
https://snyk.io/security-scanner-vuln-cost/
Microsoft Exchange Server Vulnerability still not Patched
https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/
Fake Zoom Installer
https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
]]> 6:35 zoom, fake installer, microsoft, exchange, owa, patch, vuln cost, snyk, vs code, rostelecom, bpg, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6940 Corrupt DOC; Zoom "Encryption"; Firefox Patch; Discord Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Corrupt DOC; Zoom "Encryption"; Firefox Patch; Discord Malware https://traffic.libsyn.com/securitypodcast/6940.mp3 https://isc.sans.edu/podcastdetail/6940 Mon, 06 Apr 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/New+Bypass+Technique+or+Corrupt+Word+Document/25984/
CitizenLab Analyzes Zoom Encryption
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
https://www.sans.org/webcasts/zomg-its-zoom-114670
Mozilla Patches Critical Firefox Flaws
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
Malicious JavaScript injected into Discord
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/
]]> 5:44 discord, malware, anarchygrabber, firefox, mozilla, citizenlab, zoom, encryption, word, bypass, corrupt, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6938 Twitter Cache Bug; MSSQL Server; Zoom Again; Covid19 Scams; Safari Camera Access Bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Twitter Cache Bug; MSSQL Server; Zoom Again; Covid19 Scams; Safari Camera Access Bug https://traffic.libsyn.com/securitypodcast/6938.mp3 https://isc.sans.edu/podcastdetail/6938 Fri, 03 Apr 2020 03:00:03 GMT https://privacy.twitter.com/en/blog/2020/data-cache-firefox
MS-SQL Server Attack
https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/
More Zoom Vulnerabilities
https://objective-see.com/blog/blog_0x56.html
Covid-19 Economic Impact Payments Scams
https://www.justice.gov/usao-edky/press-release/file/1265371/download
Safari Camera Access Bug
https://www.ryanpickren.com/webcam-hacking-overview
]]> 6:34 Safari, Covid19, zoom, mssql, ms-sql, twitter, firefox, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6936 Quakbot; TPOT and DShield; MacOS ssh; Cloudflare DNS; Zoom Leaks NTLM Hashes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Quakbot; TPOT and DShield; MacOS ssh; Cloudflare DNS; Zoom Leaks NTLM Hashes https://traffic.libsyn.com/securitypodcast/6936.mp3 https://isc.sans.edu/podcastdetail/6936 Thu, 02 Apr 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Qakbot+malspam+sent+from+an+infected+Windows+host/25972/
TPOT Cowrie to ISC Logs
https://isc.sans.edu/forums/diary/TPOTs+Cowrie+to+ISC+Logs/25976/
SSH Issues After MacOS Update
https://feed.tyler.io/so-uh-i-think-catalina-10154-broke-ssh/
Cloudflare DNS For Families
https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
Zoom Leaks Windows Password Hashes via UNC Links
https://twitter.com/hackerfantastic/status/1245133371262619654
]]> 6:27 zoom, ntlm, unc, cloudflare, dns, ssh, macos, tpot, quakbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6934 Kwampirs Update; Exposed RDP; D-Link Vulnerability; SMB CVE-2020-0796 Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Kwampirs Update; Exposed RDP; D-Link Vulnerability; SMB CVE-2020-0796 Exploit https://traffic.libsyn.com/securitypodcast/6934.mp3 https://isc.sans.edu/podcastdetail/6934 Wed, 01 Apr 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Kwampirs+Targeted+Attacks+Involving+Healthcare+Sector/25968/
Exposed RDP
https://blog.shodan.io/trends-in-internet-exposure/
D-Link DSL-2640B Vulnerability
https://raelize.com/posts/d-link-dsl-2640b-security-advisories/
SMB 3.1.1 (CVE-2020-0796) Local Privilege Escalation Exploit
https://github.com/danigargu/CVE-2020-0796
]]> 6:57 smb, exploit, dlink, d-link, dsl, rdp, kwampirs, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6932 Crashing Windows Explorer; Zoom Privacy; Zoom Bombing; Zoom Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Crashing Windows Explorer; Zoom Privacy; Zoom Bombing; Zoom Phishing https://traffic.libsyn.com/securitypodcast/6932.mp3 https://isc.sans.edu/podcastdetail/6932 Tue, 31 Mar 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/
Zoom Privacy Policy
https://blogs.harvard.edu/doc/2020/03/27/zoom/
Zoom Bombing
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
Zoom Related Domains Used for Phishing
https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/
]]> 6:50 zoom, bombing, phishing, domains, privacy, facebook, crash, windows explorer, links, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6930 Domain Classifier; Malicious Teddy Bears; iOS Malware on HK News Sites Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Domain Classifier; Malicious Teddy Bears; iOS Malware on HK News Sites https://traffic.libsyn.com/securitypodcast/6930.mp3 https://isc.sans.edu/podcastdetail/6930 Mon, 30 Mar 2020 03:00:03 GMT https://isc.sans.edu/covidclassifier.html
https://www.youtube.com/watch?v=yNIlyJ3gI-4
Attackers Mail Malicious USB Drives and Teddy Bears
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/
HongKong News Sites Used to Install Malware on iOS Devices
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
]]> 5:38 hongkong, malware, ios, fin7, usb drives, teddy bears, covid19, domains, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6928 Obfuscation via Size; iOS VPN Bypass; Free Covid19 Domain List; Detecting Bad Keyboards Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscation via Size; iOS VPN Bypass; Free Covid19 Domain List; Detecting Bad Keyboards https://traffic.libsyn.com/securitypodcast/6928.mp3 https://isc.sans.edu/podcastdetail/6928 Fri, 27 Mar 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/
iOS VPN Bypass
https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/
Free Covid19 Domain List
https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats
Linux Rubber Ducky Protection
https://opensource.googleblog.com/2020/03/usb-keystroke-injection-protection.html
]]> 5:40 rubber ducky, usb, keyboard, covid19, domains, domaintools, ios, vpn, protonvpn, obfuscation, size, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6926 Dridex Update; Covid-19 Ransom; HPE 40,000 hrs; Fake Google Updates; Trickbot Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dridex Update; Covid-19 Ransom; HPE 40,000 hrs; Fake Google Updates; Trickbot https://traffic.libsyn.com/securitypodcast/6926.mp3 https://isc.sans.edu/podcastdetail/6926 Thu, 26 Mar 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/
Covid-19 Ransom
https://twitter.com/johullrich/status/1242983197555789824
HP Enterprise SSD Firmware Bug
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00097382en_us
Fake Google Chrome Update
https://news.drweb.com/show/?i=13746&lng=en
TrickBot Pushing a 2FA Bypass App in Germany
https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
]]> 5:23 covid19, ransom, dridex, chrome, fake update, trickbot, trickmo, 2fa, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6924 Type 1 Font Parsing Update; memcached dos; Adobe Patches; Apple Patches; OpenWRT Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Type 1 Font Parsing Update; memcached dos; Adobe Patches; Apple Patches; OpenWRT https://traffic.libsyn.com/securitypodcast/6924.mp3 https://isc.sans.edu/podcastdetail/6924 Wed, 25 Mar 2020 03:00:04 GMT https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
Memcached Denial of Service Vulnerability
https://github.com/memcached/memcached/issues/629
Adobe Creative Cloud Desktop Application Patches
https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html
Microsoft Pausing Cumulative Updates Starting May
https://docs.microsoft.com/en-us/windows/release-information/windows-message-center#405
Apple Security Patches
https://support.apple.com/en-us/HT201222
OpenWRT Vulnerability Fixed
https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
]]> 5:39 openwrt, sha256, opkg, microsoft, adobe, cloud, memcached, apple, macos, ios, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6922 Windows Font Parsing 0-Day; Covid-19 Malware Summary; Firefox Turning TLS 1.0 Back on Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows Font Parsing 0-Day; Covid-19 Malware Summary; Firefox Turning TLS 1.0 Back on https://traffic.libsyn.com/securitypodcast/6922.mp3 https://isc.sans.edu/podcastdetail/6922 Tue, 24 Mar 2020 03:00:04 GMT https://isc.sans.edu/forums/diary/Windows+Zeroday+Actively+Exploited+Type+1+Font+Parsing+Remote+Code+Execution+Vulnerability/25936/
Covid-19 Malware Summary
https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs
Firefox Turns TLS 1.0/1.1 Back on
https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
]]> 6:01 firefox, tls, covid-19, malware, windows, 0-day, font parsing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6920 More Covid19 Malware; Kr00k Exploit; Pwn2Own Results Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Covid19 Malware; Kr00k Exploit; Pwn2Own Results https://traffic.libsyn.com/securitypodcast/6920.mp3 https://isc.sans.edu/podcastdetail/6920 Mon, 23 Mar 2020 03:00:04 GMT https://isc.sans.edu/forums/diary/More+COVID19+Themed+Malware/25930/
Working Exploit for the Kr00k Wifi Exploit
https://hexway.io/research/r00kie-kr00kie/
ZDI Pwn2Own Results
https://www.zerodayinitiative.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results
]]> 6:41 macos, safari, windows, zdi, cansecwest, pwn2own, kr00k, exploit, covid19, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6918 More COVID-19 Malware; Cisco Patches; LDAPFragger Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More COVID-19 Malware; Cisco Patches; LDAPFragger https://traffic.libsyn.com/securitypodcast/6918.mp3 https://isc.sans.edu/podcastdetail/6918 Fri, 20 Mar 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/
Cisco SD-WAN Patches
https://tools.cisco.com/security/center/publicationListing.x
oPatch Selling Patches for Windows 7
https://twitter.com/0patch/status/1240602635205586945
LDAPFragger: Bypassing network restrictions using LDAP attributes
https://research.nccgroup.com/2020/03/19/ldapfragger-bypassing-network-restrictions-using-ldap-attributes/
]]> 5:09 covid19, malware, word, opatch, windows 7, cisco, sd-wan, ldapfragger, ldap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6916 TrendMicro Update; More VMWare Updates; Ransomware Trends; EnigmaSpark Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TrendMicro Update; More VMWare Updates; Ransomware Trends; EnigmaSpark https://traffic.libsyn.com/securitypodcast/6916.mp3 https://isc.sans.edu/podcastdetail/6916 Thu, 19 Mar 2020 03:00:03 GMT https://success.trendmicro.com/solution/000245571
More VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2020-0005.html
EnigmaSpark Malware
https://securityintelligence.com/posts/EnigmaSpark-Politically-Themed-Cyber-Activity-Highlights-Regional-Opposition-to-Middle-East-Peace-Plan/
Recent Ransomware Trends
https://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html
]]> 6:07 ransomware, enigmaspark, vmware, trendmicro, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6914 DDoS Summary; Trickbot Update; Is Cryptojacking Dead? Adobe Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DDoS Summary; Trickbot Update; Is Cryptojacking Dead? Adobe Patches https://traffic.libsyn.com/securitypodcast/6914.mp3 https://isc.sans.edu/podcastdetail/6914 Wed, 18 Mar 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/A+Quick+Summary+of+Current+Reflective+DNS+DDoS+Attacks/25916/
Trickbot gtag red5 distributed as DLL File
https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/
Is Cryptojacking Dead after Coinhive Shutdown
https://arxiv.org/pdf/2001.02975.pdf
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb20-13.html
]]> 7:45 adobe, flash, acrobat, cryptojacking, coinhive, trickbot, dns, ddos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6912 Desktop.ini Tricks; VMWare Update; tcpdump bug PoC; Slack account takeover Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Desktop.ini Tricks; VMWare Update; tcpdump bug PoC; Slack account takeover https://traffic.libsyn.com/securitypodcast/6912.mp3 https://isc.sans.edu/podcastdetail/6912 Tue, 17 Mar 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/
VMWAre Workstatation/Fusion Update
https://www.vmware.com/security/advisories/VMSA-2020-0004.html
Blackwater Malware Abuses Cloudflare Workers
https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/
tcpdump Heap Based Buffer Over-Read
https://nvd.nist.gov/vuln/detail/CVE-2018-19325
Slack Account Takevoer Bug
https://hackerone.com/reports/737140
]]> 5:52 slack, tcpdump, blackwater, vmware, desktop.ini, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6910 Incremental Malicious PDFs; VPN Limits; Capturing Runts; Cooiethief; SANS Woring from Home Deployment Kit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Incremental Malicious PDFs; VPN Limits; Capturing Runts; Cooiethief; SANS Woring from Home Deployment Kit https://traffic.libsyn.com/securitypodcast/6910.mp3 https://isc.sans.edu/podcastdetail/6910 Mon, 16 Mar 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/
VPN Access and Active Monitoring
https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/
Capturing Invalid Ethernet Frames
https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/
Cookiethief Android Cookie Stealing Malware
https://securelist.com/cookiethief/96332/
SANS Security Awareness Deployment Kit for Securing Your Workforce at Home
https://www.sans.org/webcasts/113875
]]> 6:53 working from home, deploymnet kit, cookiethief, runts, invalid frames, vpn access, phishing, pdfs, incremental updates, pirates, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6908 Windows SMBv3 Patch; Coronavirus Hancitor; Avast ditches JS; Checkra1n vs T2 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows SMBv3 Patch; Coronavirus Hancitor; Avast ditches JS; Checkra1n vs T2 https://traffic.libsyn.com/securitypodcast/6908.mp3 https://isc.sans.edu/podcastdetail/6908 Fri, 13 Mar 2020 03:00:03 GMT https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
Hancitor Distributed Through Coronavirus-Themed Malspam
https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/
Avast Removes Vulnerable JavaScript Emulator From Products
https://github.com/taviso/avscript
Checkra1n Exploit Works Against T2 Equipped Macs
https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/
]]> 6:48 checkra1n, t2, macbook, apple, avast, javascript, taviso, hancitor, coronavirus, covid19, smbv3, cve-2020-0796, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6906 Mystery SMB3 Flaw Update; COVID19 Malware; Agent Tesla Canon EOS Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mystery SMB3 Flaw Update; COVID19 Malware; Agent Tesla Canon EOS Malware https://traffic.libsyn.com/securitypodcast/6906.mp3 https://isc.sans.edu/podcastdetail/6906 Thu, 12 Mar 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/
COVID19 Malware
https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
Agent Tesla Spread by Fake Canon EOS Notification Email
https://isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/
]]> 5:45 agent tesla, corona, malware, smb3, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6904 Microsoft Patch Tuesday and SMB3 Mystery Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday and SMB3 Mystery Vulnerability https://traffic.libsyn.com/securitypodcast/6904.mp3 https://isc.sans.edu/podcastdetail/6904 Wed, 11 Mar 2020 00:15:54 GMT https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
https://isc.sans.edu/diary.html?storyid=25886
]]> 5:17 microsoft, smb3, vulnerability, patch, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6902 Self Modifying Excel 4 Macro; AMD Take a Way (or not); Google Play Protect Fail Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Self Modifying Excel 4 Macro; AMD Take a Way (or not); Google Play Protect Fail https://traffic.libsyn.com/securitypodcast/6902.mp3 https://isc.sans.edu/podcastdetail/6902 Tue, 10 Mar 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/
Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors
https://mlq.me/download/takeaway.pdf
https://www.amd.com/en/corporate/product-security
Google Play Store Protect Fails Security Test
https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/
]]> 6:45 google play, protect, take a way, amd, cache, side channel, spreadsheet, excel, macros, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6900 Excel Very Hidden; Wireshark; Linux PPP; NordVPN; Android Unpatched Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Excel Very Hidden; Wireshark; Linux PPP; NordVPN; Android Unpatched https://traffic.libsyn.com/securitypodcast/6900.mp3 https://isc.sans.edu/podcastdetail/6900 Mon, 09 Mar 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Excel+Maldocs+Hidden+Sheets/25876/
Wireshark 3.2.2. Released
https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html
Linux PPP Vulnerability
https://www.kb.cert.org/vuls/id/782301/
NordVPN Vulnerablity
https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/
Unpatched Android Devices
https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/
]]> 5:30 android, patches, nordvpn, ppp, linux, wireshark, excel, hidden, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6898 Survey Phish; Not a Corona Phish; Loss of Trust; Revocation Stop @certifygiac Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Survey Phish; Not a Corona Phish; Loss of Trust; Revocation Stop @certifygiac https://traffic.libsyn.com/securitypodcast/6898.mp3 https://isc.sans.edu/podcastdetail/6898 Fri, 06 Mar 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Will+You+Put+Your+Password+in+a+Survey/25866/
Healthcare.gov Sending E-Mail Looking Like Phishing
https://twitter.com/johullrich/status/1235740586717720577
Intel x86 Root of Trust: Loss of Trust
https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html
Let's Encrypt Revises Revokation Plan
https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/2
Trust Me, I'm Certified Podcast
https://www.giac.org/podcasts
]]> 6:15 giac, certified, revokation, letsencrypt, intel, healthcare, coronavirus, survey, phish, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6896 MSFT Subdomain Takeover; Not 0-Day Homoglyphs; Cornavirus Phish @JCyberSec Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Subdomain Takeover; Not 0-Day Homoglyphs; Cornavirus Phish @JCyberSec https://traffic.libsyn.com/securitypodcast/6896.mp3 https://isc.sans.edu/podcastdetail/6896 Thu, 05 Mar 2020 03:00:02 GMT https://vullnerability.com/blog/microsoft-subdomain-account-takeover
Homoglyph Attacks in the News Again
https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day
Coronavirus Phish
https://twitter.com/JCyberSec_/status/1234806881195044865
]]> 6:46 coronavirus, phish, homoglyphs, msft, subdomain, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6894 Event Explorer; Letsencrypt CAA Flaw; Smart Devices; Ransomware and Cloud Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Event Explorer; Letsencrypt CAA Flaw; Smart Devices; Ransomware and Cloud https://traffic.libsyn.com/securitypodcast/6894.mp3 https://isc.sans.edu/podcastdetail/6894 Wed, 04 Mar 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Introduction+to+EvtxEcmd+Evtx+Explorer/25858/
Let's Encrypt Revoking Certificates
https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864
Using Smart Devices in the Home Securely (NCSC Version)
https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home
Ransomware and Cloud Backups
https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/
SANS Coronavirus Training Guarantee
https://www.sans.org/training-guarantee
]]> 6:18 coronavirus, sans, ransomware, smart devices, ncsc, lets encrypt, caa, evtxecmd, event explorer, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6892 TLS vs Clear Distribution; Evasion Encyclopedia; Threat Dragon; Free SANS Stuff Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TLS vs Clear Distribution; Evasion Encyclopedia; Threat Dragon; Free SANS Stuff https://traffic.libsyn.com/securitypodcast/6892.mp3 https://isc.sans.edu/podcastdetail/6892 Tue, 03 Mar 2020 02:19:26 GMT https://isc.sans.edu/forums/diary/Secure+vs+cleartext+protocols+couple+of+interesting+stats/25854/
Checkpoint Evasion Encyclopedia
https://research.checkpoint.com/2020/cpr-evasion-encyclopedia-the-check-point-evasion-repository/
OWASP Threat Dragon
https://github.com/mike-goodwin/owasp-threat-dragon-desktop
SANS Free Things
https://sans.org/free
]]> 5:46 owasp, threat dragon, checkpoint, evasion, ssl, telnet, ssh, tls, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6890 Clipboard Leaks; Hazelcast; Microsoft Exchange; Tomcat Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Clipboard Leaks; Hazelcast; Microsoft Exchange; Tomcat https://traffic.libsyn.com/securitypodcast/6890.mp3 https://isc.sans.edu/podcastdetail/6890 Mon, 02 Mar 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Show+me+Your+Clipboard+Data/25846/
Hazelcast IMDB Discover Scan
https://isc.sans.edu/forums/diary/Hazelcast+IMDG+Discover+Scan/25850/
Microsoft Exchange Server Vulnerabilty Scans
https://twitter.com/GossiTheDog/status/1232369036438233088
Tomcat Ghostcat Vulnerability
https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E
]]> 5:06 clipboard, vmware, ios, windows, powershell, imdb, hazelcast, exchange server, tomcat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6888 Ultrasonic Assistance; Browser Data Leakage; Cloud Snooper Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ultrasonic Assistance; Browser Data Leakage; Cloud Snooper https://traffic.libsyn.com/securitypodcast/6888.mp3 https://isc.sans.edu/podcastdetail/6888 Fri, 28 Feb 2020 04:50:02 GMT https://source.wustl.edu/2020/02/surfing-attack-hacks-siri-google-with-ultrasonic-waves/
Comparing Information Leakage from Different Browsers
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
Cloud Snooper Attack
https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/
]]> 5:33 cloud snooper, firewall, browser, data leakage, yandex, brave, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6886 Kr00k WiFi Attack; Impersonating LTE USers; Zyxel RCE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Kr00k WiFi Attack; Impersonating LTE USers; Zyxel RCE https://traffic.libsyn.com/securitypodcast/6886.mp3 https://isc.sans.edu/podcastdetail/6886 Thu, 27 Feb 2020 04:55:03 GMT https://www.eset.com/int/kr00k/
Impersonating LTE Users
https://imp4gt-attacks.net/
Zyxel RCE Vulnerablity
https://www.kb.cert.org/vuls/id/498544/
]]> 6:48 zyxel, rce, lte, wifi, kr00k, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6884 Fraudulant Paypal Charges; New Chrome Release; FIDO2 for Hybrid Azure AD Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fraudulant Paypal Charges; New Chrome Release; FIDO2 for Hybrid Azure AD https://traffic.libsyn.com/securitypodcast/6884.mp3 https://isc.sans.edu/podcastdetail/6884 Wed, 26 Feb 2020 03:15:03 GMT https://twitter.com/iblueconnection/status/1232259071602044928
https://www.heise.de/security/meldung/Google-Pay-Luecke-in-virtuellen-Kreditkarten-erlaubt-unberechtigte-Abbuchungen-4667527.html
https://stadt-bremerhaven.de/google-pay-virtuelle-paypal-kreditkarten-weisen-sicherheitsluecken-auf/
Chrome Update
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
Microsoft Public Preview For Azure AD Hybrid Environments
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/public-preview-of-azure-ad-support-for-fido2-security-keys-in/ba-p/1187929
]]> 5:33 azure, fido2, chrome, google, paypal, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6882 ScrollToTextFragment Google Chrome; WhatsApp Invite Links @JordanWildon; OpenSMTPD again; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ScrollToTextFragment Google Chrome; WhatsApp Invite Links @JordanWildon; OpenSMTPD again; https://traffic.libsyn.com/securitypodcast/6882.mp3 https://isc.sans.edu/podcastdetail/6882 Tue, 25 Feb 2020 03:00:02 GMT https://github.com/WICG/ScrollToTextFragment/issues/76#issue-538137989
https://docs.google.com/document/d/1YHcl1-vE_ZnZ0kL2almeikAj2gkwCq8_5xwIae7PVik/edit#heading=h.uoiwg23pt0tx
Another OpenSMTPD Vulnerability
https://github.com/OpenSMTPD/OpenSMTPD/releases
WhatsApp Group Invite Links in Search Engines
https://twitter.com/JordanWildon/status/1230829082662842369
]]> 7:16 whatsapp, invite links, search engines, opensmtpd, scrolltotextfragment, google, chrome, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6880 Excel Macros; VBScript Obfuscation; Letsencrypt; Google Play Malware; Google Warns of Edge Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Excel Macros; VBScript Obfuscation; Letsencrypt; Google Play Malware; Google Warns of Edge https://traffic.libsyn.com/securitypodcast/6880.mp3 https://isc.sans.edu/podcastdetail/6880 Mon, 24 Feb 2020 03:35:02 GMT https://isc.sans.edu/forums/diary/Maldoc+Excel+4+Macros+in+OOXML+Format/25830/
Simple But Efficient VBScript Obfuscation
https://isc.sans.edu/forums/diary/Simple+but+Efficient+VBScript+Obfuscation/25828/
Let's Encrypt Beefs Up Validation
https://letsencrypt.org/2020/02/19/multi-perspective-validation.html
Google Play Store Joker / Clicken Malware
https://research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/
Google Warns of Microsoft Edge
https://www.heise.de/security/meldung/l-f-Google-findet-den-neuen-Edge-Browser-doof-und-unsicher-4665634.html
]]> 6:42 google, microsoft, edge, play store, joker, clicken, letsencrypt, vbscript, excel, macro, obfuscation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6878 Whodat? Adobe/Cisco Patches; Apple Cert Validity; Finding Pythong re DoS @r2cdev Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Whodat? Adobe/Cisco Patches; Apple Cert Validity; Finding Pythong re DoS @r2cdev https://traffic.libsyn.com/securitypodcast/6878.mp3 https://isc.sans.edu/podcastdetail/6878 Fri, 21 Feb 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Whodat+Enumerating+Who+owns+a+Workstation+for+IR/25822/
Special Update for Adobe After Effects and Media Encoder
https://helpx.adobe.com/security/products/after_effects/apsb20-09.html
https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html
Cisco Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-static-cred-sL8rDs8
Apple To No Longer Accept Certifcates as Valid that Exceed a Lifetime of 13 months
https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/
Python ReDoS Bugs
https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/
]]> 6:42 python, redos, dos, apple, certificates, cisco, patches, adobe, after effects, media encoder, ir, whodat, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6876 Sonicwall Vulns; SQL Server Exploit; Ransomware in CH; Unsigned Firmware @plopz0r Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sonicwall Vulns; SQL Server Exploit; Ransomware in CH; Unsigned Firmware @plopz0r https://traffic.libsyn.com/securitypodcast/6876.mp3 https://isc.sans.edu/podcastdetail/6876 Thu, 20 Feb 2020 03:00:03 GMT https://psirt.global.sonicwall.com/vuln-list
https://blog.scrt.ch/2020/02/11/sonicwall-sra-and-sma-vulnerabilties/
SQL Server RCE Exploit
https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/
Ransomware in Switzerland
https://www.melani.admin.ch/melani/en/home/dokumentation/newsletter/sicherheitsrisiko-durch-ransomware.html
Peripheral Vulnerabilities in Windows and Linux
https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/
]]> 5:46 sonicwall, sql server, ransomware, switzerland, peripherals, firmware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6874 Discovering Files in Windows; Ring 2FA (and Nest); VPN Vulns; WordPress @hyp3rlinx Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Discovering Files in Windows; Ring 2FA (and Nest); VPN Vulns; WordPress @hyp3rlinx https://traffic.libsyn.com/securitypodcast/6874.mp3 https://isc.sans.edu/podcastdetail/6874 Wed, 19 Feb 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Discovering+contents+of+folders+in+Windows+without+permissions/25816/
Ring Enforces 2FA
https://blog.ring.com/2020/02/18/extra-layers-of-security-and-control/
Iranian's finally discover VPN Vulnerabilities
https://www.clearskysec.com/fox-kitten/
WordPress ThemeGrill Auth Bypass
https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/
]]> 372 wordpress, themegrill, iran, vpn, citrix, ring, folders, permissions, windows, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6872 More Curl on Win; WHO Phishing; Malicious Chrome Extensions @bumblebreaches @crxpert Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Curl on Win; WHO Phishing; Malicious Chrome Extensions @bumblebreaches @crxpert https://traffic.libsyn.com/securitypodcast/6872.mp3 https://isc.sans.edu/podcastdetail/6872 Tue, 18 Feb 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/curl+and+SSPI/25812/
WHO Warns of Coronavirus Phishing
https://www.who.int/about/communications/cyber-security
DUO Security / Google Identify Malicous Chrome Extensions
https://duo.com/labs/research/crxcavator-malvertising-2020
]]> 5:41 duo, google, cisco, chrome extensions, who, phishing, coronavirus, curl, windows, sspi, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6870 Windows Command Line Browsers; KBOT Old Virus Tricks; OpenSSH Now With FIDO/U2F Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows Command Line Browsers; KBOT Old Virus Tricks; OpenSSH Now With FIDO/U2F https://traffic.libsyn.com/securitypodcast/6870.mp3 https://isc.sans.edu/podcastdetail/6870 Mon, 17 Feb 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Keep+an+Eye+on+CommandLine+Browsers/25804/
Old Tricks in New Bots: KBOT
https://securelist.com/kbot-sometimes-they-come-back/96157/
OpenSSH Now With Fido/U2F
http://www.openssh.com/txt/release-8.2
]]> 5:28 openssh, kbot, command line browsers, curl, wget, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6868 LDAP/AD Changes; SweynTooth BLE; Symantec EP Vuln; DNSSEC Key Signing Delay Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LDAP/AD Changes; SweynTooth BLE; Symantec EP Vuln; DNSSEC Key Signing Delay https://traffic.libsyn.com/securitypodcast/6868.mp3 https://isc.sans.edu/podcastdetail/6868 Fri, 14 Feb 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Authmageddon+deferred+but+not+averted+Microsoft+LDAP+Changes+now+slated+for+Q3Q4+2020/25800/
https://isc.sans.edu/forums/diary/March+Patch+Tuesday+is+Coming+the+LDAP+Changes+will+Change+Your+Life/25796/
SweynTooth BLE Vulnerabilities
https://asset-group.github.io/disclosures/sweyntooth/
Symantec Endpoint Protection Multiple Issues
https://support.symantec.com/us/en/article.SYMSA1505.html
DNSSEC Root Key Signing Ceremony Delayed
https://mm.icann.org/pipermail/root-dnssec-announce/2020/000121.html
]]> 6:44 dnssec, symantec, sweyntooth, bluetoth, ble, ldap, ldaps, microsoft, ad, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6866 Latest ursniff sightings; Safe Documents; Wordpress GDPR Cookie Again; Apple Joins FIDO2 @fidoalliance Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Latest ursniff sightings; Safe Documents; Wordpress GDPR Cookie Again; Apple Joins FIDO2 @fidoalliance https://traffic.libsyn.com/securitypodcast/6866.mp3 https://isc.sans.edu/podcastdetail/6866 Thu, 13 Feb 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Malpsam+pushes+Ursnif+through+Italian+language+Word+docs/25792/
Safe Documents in Office 365 Advanced Threat Protection
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-docs
Wordpress GDPR Cookie Consent Plugin Vulnerability
https://blog.nintechnet.com/wordpress-gdpr-cookie-consent-plugin-fixed-vulnerability/
Apple Joins Fido Alliance
https://fidoalliance.org/members/
https://research.kudelskisecurity.com/2020/02/12/fido2-deep-dive-attestations-trust-model-and-security/
]]> 6:03 fido2, webauthn, wordpress, gdpr, office 365, safe documents, ursnif, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6864 Microsoft/Adobe Patches; Ransomware Abuses Vulnerable Driver Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft/Adobe Patches; Ransomware Abuses Vulnerable Driver https://traffic.libsyn.com/securitypodcast/6864.mp3 https://isc.sans.edu/podcastdetail/6864 Wed, 12 Feb 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+February+2020/25790/
Adobe Patches
https://helpx.adobe.com/security.html
Ransomware Abuses Out of Date Driver
https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/
]]> 1335 ransomware, adobe, gigabyte, drivers, robinhood, microsoft, patch Tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6862 Greedy Paypal Phish; SupportAssist Vuln; Lock My PC Scam; Docker Registries @unit42_intel Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Greedy Paypal Phish; SupportAssist Vuln; Lock My PC Scam; Docker Registries @unit42_intel https://traffic.libsyn.com/securitypodcast/6862.mp3 https://isc.sans.edu/podcastdetail/6862 Tue, 11 Feb 2020 03:05:03 GMT https://isc.sans.edu/forums/diary/Current+PayPal+phishing+campaign+or+give+me+all+your+personal+information/25786/
Dell SupportAssist Client Uncontrolled Search Patch Vulnerability
https://www.dell.com/support/article/ro/ro/robsdt1/sln320101/dsa-2020-005-dell-supportassist-client-uncontrolled-search-path-vulnerability?lang=en
Lock My PC Used By Support Scammers
https://fspro.net/lock-pc/
https://www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/
Insecure Docker Registries
https://unit42.paloaltonetworks.com/leaked-docker-code/
]]> 6:23 docker, lock my pc, support scammers, paypal, dell, support assisst, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6860 Sandbox Detection; Emotet Wifi Spreader; Sudo Exploit; HiSilicon Vuln @censysio Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sandbox Detection; Emotet Wifi Spreader; Sudo Exploit; HiSilicon Vuln @censysio https://traffic.libsyn.com/securitypodcast/6860.mp3 https://isc.sans.edu/podcastdetail/6860 Mon, 10 Feb 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Sandbox+Detection+Tricks+Nice+Obfuscation+in+a+Single+VBScript/25780/
Emotet Spreads via Wifi
https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/
Exploit Available for sudo pwfeedback bug
https://dylankatz.com/Analysis-of-CVE-2019-18634/
xiongmail/hisilicon Vulnerability
https://censys.io/blog/probing-the-xiongmai-hisilicon-soc-vulnerability
]]> 6:32 hisilicon, tcp 9350, pwfeedback, sudo, emotet, wifi, sandbox, vbscript, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6858 Android Bluetooth Vulnerability; Wacom Privacy Issues; Bitbucket Malware; Realtek Driver Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Android Bluetooth Vulnerability; Wacom Privacy Issues; Bitbucket Malware; Realtek Driver Vuln https://traffic.libsyn.com/securitypodcast/6858.mp3 https://isc.sans.edu/podcastdetail/6858 Fri, 07 Feb 2020 03:55:02 GMT https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Wacom Tablets Reports Application Details to Google
https://robertheaton.com/2020/02/05/wacom-drawing-tablets-track-name-of-every-application-you-open/
Bitbucket Delivers Malware
https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Realtek HD Audio Driver Package DLL Preloading
https://safebreach.com/Post/Realtek-HD-Audio-Driver-Package-DLL-Preloading-and-Potential-Abuses-CVE-2019-19705
]]> 5:37 realtek, dll preloading, bitbucket, wacom, bluetooth, android, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6856 Fake Browser Updates; Android Update; Cisco CDP Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake Browser Updates; Android Update; Cisco CDP Vulnerabilities https://traffic.libsyn.com/securitypodcast/6856.mp3 https://isc.sans.edu/podcastdetail/6856 Thu, 06 Feb 2020 03:45:03 GMT https://isc.sans.edu/forums/diary/Fake+browser+update+pages+are+still+a+thing/25774/
Google Android Update
https://source.android.com/security/bulletin/2020-02-01#Google-Play-system-updates
5 Cisco Vulnerabilities
https://www.armis.com/cdpwn/
]]> 5:50 cisco, cdp, google, android, updates, patches, fake browser, netsupport, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6854 Google Chrome 80; Whats App File Read Vuln; HiSilicon DVR Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Google Chrome 80; Whats App File Read Vuln; HiSilicon DVR https://traffic.libsyn.com/securitypodcast/6854.mp3 https://isc.sans.edu/podcastdetail/6854 Wed, 05 Feb 2020 03:00:04 GMT https://www.chromium.org/updates/same-site
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
File Read Vulnerablity in WhatsApp
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
HiSilicon DVR Backdoor
https://habr.com/en/post/486856/
]]> 6:16 hisilicon, whatsapp, google chrome, update, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6852 AZORult Triple Crypt; Sudo pwfeedback; Teamviewer Password Storage Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AZORult Triple Crypt; Sudo pwfeedback; Teamviewer Password Storage https://traffic.libsyn.com/securitypodcast/6852.mp3 https://isc.sans.edu/podcastdetail/6852 Tue, 04 Feb 2020 03:00:04 GMT https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/
New sudo Vulnerability (pwfeedback)
https://www.sudo.ws/alerts/pwfeedback.html
Teamviewer Password Storage
https://whynotsecurity.com/blog/teamviewer/
]]> 6:42 teamviewer, sudo, pwfeedback, azorult, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6850 Stego & Cryptominers; Cornavirus Scams; Google OpenSK Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Stego & Cryptominers; Cornavirus Scams; Google OpenSK https://traffic.libsyn.com/securitypodcast/6850.mp3 https://isc.sans.edu/podcastdetail/6850 Mon, 03 Feb 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Video+Stego+Cryptominers/25764/
Corona Virus Phishing / Scams
https://blog.knowbe4.com/heads-up-scam-of-the-week-coronavirus-phishing-attacks-in-the-wild?nCOV-2019-bc-index
https://twitter.com/briankrebs/status/1223959185764896768
Google Open Sources Security Token Software
https://security.googleblog.com/2020/01/say-hello-to-opensk-fully-open-source.html
]]> 6:05 google, opensk, token, corona virus, phishing, scam, vaccine, stego, cryptominer, wav, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6848 Chrome Same-Site Cookie Change; Avast Apology; Magento Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Chrome Same-Site Cookie Change; Avast Apology; Magento Update https://traffic.libsyn.com/securitypodcast/6848.mp3 https://isc.sans.edu/podcastdetail/6848 Fri, 31 Jan 2020 03:35:47 GMT https://www.chromestatus.com/feature/5088147346030592
https://docs.microsoft.com/en-us/office365/troubleshoot/miscellaneous/chrome-behavior-affects-applications
https://caniuse.com/#feat=same-site-cookie-attribute

Avast Apology
https://blog.avast.com/a-message-from-ceo-ondrej-vlcek
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-02.html
]]> 10:23 magento, avast, chrome, same-site, cookies, privacy, federated identity, saml, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6846 Impeachment Malware; Coronavirus Malware; I Got Phished; OpenSMTPD Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Impeachment Malware; Coronavirus Malware; I Got Phished; OpenSMTPD Patch https://traffic.libsyn.com/securitypodcast/6846.mp3 https://isc.sans.edu/podcastdetail/6846 Thu, 30 Jan 2020 03:00:02 GMT https://www.bleepingcomputer.com/news/security/malware-tries-to-trump-security-software-with-potus-impeachment/
Coronavirus Themed Malware Targets Japan with Emotet
https://twitter.com/Cryptolaemus1/status/1222388971428294656
https://exchange.xforce.ibmcloud.com/collection/18f373debc38779065a26f1958dc260b
abuse.ch Offers new "I got phished" service
https://igotphished.abuse.ch/
OpenSMTPD RCE Vulnerability
https://www.openwall.com/lists/oss-security/2020/01/28/3
]]> 6:34 opensmtpd, abuse.ch, i got phished, coronavirus, emotet, trickbot, impeachment, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6844 Emotet Update; Apple Update; Zoom; Intel Cacheout; Avast Sells Data Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet Update; Apple Update; Zoom; Intel Cacheout; Avast Sells Data https://traffic.libsyn.com/securitypodcast/6844.mp3 https://isc.sans.edu/podcastdetail/6844 Wed, 29 Jan 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Emotet+epoch+1+infection+with+Trickbot+gtag+mor84/25752/
Apple Updates
https://support.apple.com/en-us/HT201222
Zoom Fixes Video Conferencing Brute Forcing Vulnerability
https://www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/
Intel Fixes Yet Another Information Leakage Flaw
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
https://cacheoutattack.com/
Avast Anti Virus Selling User's Browsing Data
https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation
]]> 5:27 avast, apple, intel, cacheout, zoom, Trickbot, emotet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6842 Coronavirus Preparedness; RD Gateway; Mitsubishi Compromise Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Coronavirus Preparedness; RD Gateway; Mitsubishi Compromise https://traffic.libsyn.com/securitypodcast/6842.mp3 https://isc.sans.edu/podcastdetail/6842 Tue, 28 Jan 2020 03:05:03 GMT https://isc.sans.edu/forums/diary/Network+Security+Perspective+on+Coronavirus+Preparedness/25750/
RD Gateway RCE Exploit Demoed
https://twitter.com/layle_ctf/status/1221514332049113095?s=12
Mitsubishi Electric Compromised via Trend Micro Vulnerability
http://www.mitsubishielectric.co.jp/news/2020/0120-b.pdf
https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/
]]> 4:32 mitsubishi, trend micro, office scan, rd gateway, exploit, coronavirus, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6840 Citrix ADC Updates; Windows Fix Breaks Printer; GE Medical Devices Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Citrix ADC Updates; Windows Fix Breaks Printer; GE Medical Devices https://traffic.libsyn.com/securitypodcast/6840.mp3 https://isc.sans.edu/podcastdetail/6840 Mon, 27 Jan 2020 03:00:02 GMT https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/
Temporary Windows 0-Day Fix Breaks Printers
https://www.reddit.com/r/sysadmin/comments/etumy7/microsoft_ie_zeroday_fix_breaks_hp_printing/
Critical Vulnerabilitiesin GE Medical Devices
https://www.us-cert.gov/ics/advisories/icsma-20-023-01
]]> 5:50 citrix adc, citrix, ge medical, windows, explorer, printers, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6838 Simple vs Complex Obfuscation; RD Gateway PoC; Citrix Scanner; LastPass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Simple vs Complex Obfuscation; RD Gateway PoC; Citrix Scanner; LastPass https://traffic.libsyn.com/securitypodcast/6838.mp3 https://isc.sans.edu/podcastdetail/6838 Fri, 24 Jan 2020 03:20:02 GMT https://isc.sans.edu/forums/diary/Complex+Obfuscation+VS+Simple+Trick/25738/
RD Gateway PoC Exploit Release
https://github.com/ollypwn/BlueGate
Citrix ADC Compromise Scanner
https://github.com/citrix/ioc-scanner-CVE-2019-19781/
LastPass Accidentially Removes Extension from Chrome Web Store
https://twitter.com/LastPassStatus/status/1220122561989640192
]]> 7:06 lastpass, dos, citrix, fireeye, scanner, rd gateway, rdp, bluegate, obfuscation, emotet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6836 German Malspam; Safari Tracking; Muhstik vs. Tomato; Cisco Firepower Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. German Malspam; Safari Tracking; Muhstik vs. Tomato; Cisco Firepower https://traffic.libsyn.com/securitypodcast/6836.mp3 https://isc.sans.edu/podcastdetail/6836 Thu, 23 Jan 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/
Tracking Users Using Safari's Intelligent Tracking Prevention
https://arxiv.org/pdf/2001.07421.pdf
Muhstik Botnet Targeting Tomato Routers
https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/
Cisco Firepower Management Center LDAP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth
]]> 5:55 cisco, muhstik, tomato, rotuers, firepower, tracking, safari, ursnif, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6834 Blue ; EFS Ransomware; Fake Data Leak Compensation; Fake Job Site Scam Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Blue ; EFS Ransomware; Fake Data Leak Compensation; Fake Job Site Scam https://traffic.libsyn.com/securitypodcast/6834.mp3 https://isc.sans.edu/podcastdetail/6834 Wed, 22 Jan 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/
https://github.com/sans-blue-team/DeepBlueCLI
EFS Ransomware
https://safebreach.com/Post/EFS-Ransomware
Fake Leak Compensation
https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/
Criminals Use Fake Job Sites to Defraud Victims
https://www.ic3.gov/media/2020/200121.aspx
]]> 6:06 compensation, job sites, efs, ransomware, deepblueclie, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6832 Twist on Sextortion; Emotet Extortion Ruse; Lastpass Outage; Netgear Leaks Priv Key Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Twist on Sextortion; Emotet Extortion Ruse; Lastpass Outage; Netgear Leaks Priv Key https://traffic.libsyn.com/securitypodcast/6832.mp3 https://isc.sans.edu/podcastdetail/6832 Tue, 21 Jan 2020 03:00:02 GMT https://www.dailymail.co.uk/sciencetech/article-7886055/Sextortion-campaign-targets-users-Google-Nest-smart-camera.html
Emotet Uses Extortion to Infect Systems
https://www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/
Lastpass Outage
https://www.theregister.co.uk/2020/01/20/lastpass_outage/
Netgear Signed TLS Cert Private Key Disclosure
https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9
]]> 5:46 netgear, lastpass, emotet, sextortion, nest, camera, private key, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6830 MSFT Browser 0Day; Curveball and Citrix ADC Update #CitrixADC #Curveball Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Browser 0Day; Curveball and Citrix ADC Update #CitrixADC #Curveball https://traffic.libsyn.com/securitypodcast/6830.mp3 https://isc.sans.edu/podcastdetail/6830 Mon, 20 Jan 2020 04:40:02 GMT https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001
CVE-2020-0601 Update
https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/
Curveball Update
https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/
https://isc.sans.edu/diary//25724
]]> 5:30 cve-2020-0601, shitrix, curveball, windows, internet explorer, jscript, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6828 CVE-2020-0601 Update; Citrix ADC Update; Cablehaunt; SecDevOps Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CVE-2020-0601 Update; Citrix ADC Update; Cablehaunt; SecDevOps https://traffic.libsyn.com/securitypodcast/6828.mp3 https://isc.sans.edu/podcastdetail/6828 Fri, 17 Jan 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/
https://curveballtest.com
Certain Netscaler Devices Do Not Support Mitigation (article in dutch)
https://www.ncsc.nl/actueel/nieuws/2020/januari/16/door-citrix-geadviseerde-mitigerende-maatregelen-niet-altijd-effectief
Cable Haunt Vulnerability
https://cablehaunt.com/
STI Student Interview: Jon Michael Lacek
https://www.sans.org/reading-room/whitepapers/securecode/changing-devops-culture-security-scan-time-39125
]]> 14:23 sti, sans.edu, devops, cable, modem, cablemhaunt, netscaler, citrix, curveball, letsdecrypt, cve-2020-0601, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6826 CVE-2020-0601 Exploit Released; Oracle Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CVE-2020-0601 Exploit Released; Oracle Patches https://traffic.libsyn.com/securitypodcast/6826.mp3 https://isc.sans.edu/podcastdetail/6826 Thu, 16 Jan 2020 03:20:26 GMT https://isc.sans.edu/forums/diary/CVE20200601+Followup/25714/
Oracle Patches
https://www.oracle.com/security-alerts/cpujan2020.html
]]> 6:28 oracle, cve-2020-0601, cryptoapi, crypt32.dll, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6824 Microsoft January 2020 Patch Tuesday and #CryptoAPI Flaw Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft January 2020 Patch Tuesday and #CryptoAPI Flaw https://traffic.libsyn.com/securitypodcast/6824.mp3 https://isc.sans.edu/podcastdetail/6824 Wed, 15 Jan 2020 03:00:02 GMT Webcast: https://sans.org/cryptoapi-isc
Diary: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/
NSA Release: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
]]> 10:02 microsoft, cryptoapi, crypt32.dll, ecc, eliptic curve, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6822 Upcoming Critical MSFT Patch; SIM Swaping is Easy; wombat dressing room Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Upcoming Critical MSFT Patch; SIM Swaping is Easy; wombat dressing room https://traffic.libsyn.com/securitypodcast/6822.mp3 https://isc.sans.edu/podcastdetail/6822 Tue, 14 Jan 2020 03:00:02 GMT https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
SIM Swapping is Easy
https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf
Google Open Sources wombat dressing room npm publication proxy
https://opensource.googleblog.com/2020/01/wombat-dressing-room-npm-publication_10.html
]]> 7:22 wombat dressing room, npm, proxy, sim swapping, msft patch, cryptoapi, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6820 Citrix ADC Vulnerability Actively Exploited #CitrixADC #Netscaler #cve201919781 #citrix Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Citrix ADC Vulnerability Actively Exploited #CitrixADC #Netscaler #cve201919781 #citrix https://traffic.libsyn.com/securitypodcast/6820.mp3 https://isc.sans.edu/podcastdetail/6820 Mon, 13 Jan 2020 03:00:03 GMT Updated Citrix Advisory: https://support.citrix.com/article/CTX267027
Exploit Activity Summary: https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/
Vulnerablity Scanner: https://github.com/trustedsec/cve-2019-19781/
Special Webcast: https://i5c.us/citrix
YouTube Walk Through of the vulnerability: https://youtu.be/msslpqyf98c
]]> 7:36 citrix, citrixadc, cve-2019-19781, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6818 Another Word Maldoc; SHA1 Update; Cisco Update; Girls Go Cyberstart @GGCyberStart Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Another Word Maldoc; SHA1 Update; Cisco Update; Girls Go Cyberstart @GGCyberStart https://traffic.libsyn.com/securitypodcast/6818.mp3 https://isc.sans.edu/podcastdetail/6818 Fri, 10 Jan 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Quick+Analyzis+of+another+Maldoc/25694/
SHA1 Update
https://sha-mbles.github.io/
Cisco Updates
https://tools.cisco.com/security/center/publicationListing.x
Mandy Galante: Girls Go Cyberstart (register now. Play Jan 13th-31st)
https://www.girlsgocyberstart.org/
]]> 10:38 girls go cyberstart, ggcyberstart, cisco, sha1, word, maldoc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6816 Firefox Bug; Zero-Day in Play Store; Tails 4.2; TikTok Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Firefox Bug; Zero-Day in Play Store; Tails 4.2; TikTok Vulnerabilities https://traffic.libsyn.com/securitypodcast/6816.mp3 https://isc.sans.edu/podcastdetail/6816 Thu, 09 Jan 2020 03:00:03 GMT https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
3 Google Play Store Apps Exploit Android Zero-Day
https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
Tails 4.2
https://tails.boum.org/news/version_4.2/index.en.html
TikTok Vulnerablities
https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
]]> 5:41 tiktok, tails, linux, secure, anonymous, nso group, firefox, sidewinder, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6814 Citrix ADC Update; Pulse Secure SSLVPN Exploited; Project Zero Disclosure Policy; Android Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Citrix ADC Update; Pulse Secure SSLVPN Exploited; Project Zero Disclosure Policy; Android Update https://traffic.libsyn.com/securitypodcast/6814.mp3 https://isc.sans.edu/podcastdetail/6814 Wed, 08 Jan 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/
Pulse Secure SSLVPN Exploited
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
https://www.darkreading.com/attacks-breaches/widely-known-flaw-in-pulse-secure-vpn-being-used-in-ransomware-attacks/d/d-id/1336729
Google Project Zero Changing Disclosure Policy
https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html
Google Updates Android
https://source.android.com/security/bulletin/2020-01-01
]]> 5:29 google, android, project zero, pulse secure sslvpn, sslvpn, travelex, citrix, netscaler, adc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6812 Spoofed Scans from 103/8; Iran Terror Threat; BusKill Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Spoofed Scans from 103/8; Iran Terror Threat; BusKill https://traffic.libsyn.com/securitypodcast/6812.mp3 https://isc.sans.edu/podcastdetail/6812 Tue, 07 Jan 2020 03:00:03 GMT https://isc.sans.edu/forums/diary/Increase+in+Number+of+Sources+January+3rd+and+4th+spoofed/25678/
Iran Terror Threat
https://www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf
BusKill Laptop Kill Cord
https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
]]> 5:10 buskill, iran, spoofed, scans, 103, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6810 CCPA Intro; Cisco Patches; XiaoMi Camera Bug; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CCPA Intro; Cisco Patches; XiaoMi Camera Bug; https://traffic.libsyn.com/securitypodcast/6810.mp3 https://isc.sans.edu/podcastdetail/6810 Mon, 06 Jan 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/CCPA+Quick+Overview/25668/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
XiaoMi Camera Cache Bug
https://www.reddit.com/r/googlehome/comments/eine1m/when_i_load_the_xiaomi_camera_in_my_google_home/
]]> 4:31 xiaomi, camera, cache, cisco, ccpa, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6808 Ransomware written in JavaScript/Node.js; Landry Breach; Holiday Hack Challenge Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ransomware written in JavaScript/Node.js; Landry Breach; Holiday Hack Challenge https://traffic.libsyn.com/securitypodcast/6808.mp3 https://isc.sans.edu/podcastdetail/6808 Fri, 03 Jan 2020 03:00:02 GMT https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/
Landry Restaurant PoS Breach
https://www.landrysinc.com/CreditNotice/CANotice.asp
Holiday Hack Challenge
https://www.holidayhackchallenge.com
Citrix/NetScaler Vulnerability Special Webcast Recording
https://i5c.us/citrix
]]> 8:24 citrix, netscaler, webcast, recording, holiday hack challenge, kinklecon, landry, pos, credit cards, ransomware, nodejs, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6806 ISC API Update; 36C3 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ISC API Update; 36C3 https://traffic.libsyn.com/securitypodcast/6806.mp3 https://isc.sans.edu/podcastdetail/6806 Tue, 31 Dec 2019 03:00:02 GMT https://isc.sans.edu/api
https://isc.sans.edu/forums/diary/Miscellaneous+Updates+to+our+Threatfeed+API/25654/
CCC Conference
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/
https://events.ccc.de/congress/2019/wiki/index.php/Main_Page
]]> 6:37 ccc, bluetooth, lte, isc api, api, onyphe, shodan, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6804 Breaking 2FA Soft Tokens; Pihole Dashbaord; Corrupt Office Docs; Enumerating O365 Users; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Breaking 2FA Soft Tokens; Pihole Dashbaord; Corrupt Office Docs; Enumerating O365 Users; https://traffic.libsyn.com/securitypodcast/6804.mp3 https://isc.sans.edu/podcastdetail/6804 Mon, 30 Dec 2019 03:00:02 GMT https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf
PiHole Dashboard
https://isc.sans.edu/forums/diary/ELK+Dashboard+for+Pihole+Logs/25652/
Corrupt Office Documents
https://isc.sans.edu/forums/diary/Corrupt+Office+Documents/25650/
Enumerating Office 365 Users
https://isc.sans.edu/forums/diary/Enumerating+office365+users/25648/
]]> 5:56 o365, office 365, microsoft, enumeration, PiHole, oledump, elk, 2fa, rsa, apt, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6802 Citrix Application Delivery Controller (Netscaler ADC) Critical Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Citrix Application Delivery Controller (Netscaler ADC) Critical Vulnerability https://traffic.libsyn.com/securitypodcast/6802.mp3 https://isc.sans.edu/podcastdetail/6802 Fri, 27 Dec 2019 03:00:02 GMT https://www.ptsecurity.com/ww-en/about/news/citrix-vulnerability-allows-criminals-to-hack-networks-of-80000-companies/
https://support.citrix.com/article/CTX267027
]]> 3:44 Citrix, Netscaler, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6800 Extracting Macros from AutoCAD Files; Cisco PKI Expiration; AFRINIC IP Heist Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Extracting Macros from AutoCAD Files; Cisco PKI Expiration; AFRINIC IP Heist https://traffic.libsyn.com/securitypodcast/6800.mp3 https://isc.sans.edu/podcastdetail/6800 Mon, 23 Dec 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Extracting+VBA+Macros+From+DWG+Files/25634/
Cisco PKI Self-Signed Certificate Expiration
https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html
AFRINIC IP Address Space Misappropriated By Insider
https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
]]> 4:34 AFRINIC, IPv4 Heist, Cisco, PKI, VBA, DWG, AutoCAD, oledump, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6798 More DNS over HTTPS Details; Ransomware Going Public; Google Chrome Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More DNS over HTTPS Details; Ransomware Going Public; Google Chrome Update https://traffic.libsyn.com/securitypodcast/6798.mp3 https://isc.sans.edu/podcastdetail/6798 Fri, 20 Dec 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/
Ransomware Outing Victims
https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
]]> 5:12 google, chrome, ransomware, doh, dns, https, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6796 Emotet update; Joomla Patches; Unicode Problems Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet update; Joomla Patches; Unicode Problems https://traffic.libsyn.com/securitypodcast/6796.mp3 https://isc.sans.edu/podcastdetail/6796 Thu, 19 Dec 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/
Emotet Used to Spread Malware From German Federal Agency Accounts (german)
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html
Joomla Patches SQL Injection
https://developer.joomla.org/security-centre.html
Unicode Mapping Problems
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
]]> 3:46 emotet, joomla, unicode, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6794 Discovering DNS over HTTPS; Ring Camera Weaknesses; WhatsApp Bug; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Discovering DNS over HTTPS; Ring Camera Weaknesses; WhatsApp Bug; https://traffic.libsyn.com/securitypodcast/6794.mp3 https://isc.sans.edu/podcastdetail/6794 Wed, 18 Dec 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616/
Ring Camera Weaknesses
https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security
WhatsApp DoS Bug
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
]]> 6:00 whatsapp, dos, ring, dns, https, doh, dns over https, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6792 Slack "Unshare" Vuln; Google Enforces OAUTH; TPLink Auth Bypass; Factoring IoT RSA Keys Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Slack "Unshare" Vuln; Google Enforces OAUTH; TPLink Auth Bypass; Factoring IoT RSA Keys https://traffic.libsyn.com/securitypodcast/6792.mp3 https://isc.sans.edu/podcastdetail/6792 Tue, 17 Dec 2019 03:00:02 GMT https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/
Google Making OAUTH Mandatory for GSuite
https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html
TPLink Authentication Bypass
https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/
Factoring IoT RSA Keys
https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era
]]> 6:17 rsa, tplink, google, oauth, slack, factoring, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6790 Malicious Autocad Files; OpenBSD Priv. Escalation; NPM Path Traversal Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious Autocad Files; OpenBSD Priv. Escalation; NPM Path Traversal https://traffic.libsyn.com/securitypodcast/6790.mp3 https://isc.sans.edu/podcastdetail/6790 Mon, 16 Dec 2019 03:00:04 GMT https://isc.sans.edu/forums/diary/Malicious+DWG+Files/25612/
OpenBSD Privilege Escalation Vulnerability
https://www.qualys.com/2019/12/11/cve-2019-19726/local-privilege-escalation-openbsd-dynamic-loader.txt
NPM Fixes Critical Security Vulnerability
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
]]> 5:40 npm, yarn, path traversal, openbsd, privileges escalation, VBA, Autocad, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6788 Shared Data in Malware; WebKit Tracking Protection; SMS Verification; @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Shared Data in Malware; WebKit Tracking Protection; SMS Verification; @sans_edu https://traffic.libsyn.com/securitypodcast/6788.mp3 https://isc.sans.edu/podcastdetail/6788 Fri, 13 Dec 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Code+Data+Reuse+in+the+Malware+Ecosystem/25598/
Apple Improves Tracking Prevention Tracking in WebKit
https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/
Google Verified SMS Messages
https://www.blog.google/products/messages/safer-conversations-messages-verified-sms-and-spam-protection/
Echobot Keeps Adding More Exploits
https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/
STI Research Paper: Caleb Baker DNS Monitoring
https://www.sans.org/reading-room/whitepapers/dns/challenges-effective-dns-query-monitoring-39215
]]> 14:28 dns, blacklists, monitoring, google, echobot, sms, apple, webkit, tracking, malware, information sharing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6786 German Malspam / Trickbot; KeyWe Locks; Chrome Update; iOS Spam Filter Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. German Malspam / Trickbot; KeyWe Locks; Chrome Update; iOS Spam Filter https://traffic.libsyn.com/securitypodcast/6786.mp3 https://isc.sans.edu/podcastdetail/6786 Thu, 12 Dec 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/
Vulnerable KeyWe Smart Lock
https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
iOS Spam Feature
https://support.apple.com/en-us/HT210756
https://kishanbagaria.com/airdos/
]]> 5:17 ios, anti-spam, airdos, google, chrome, keywe, smart lock, trickbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6784 Microsoft, Adobe, Intel and Apple Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft, Adobe, Intel and Apple Updates https://traffic.libsyn.com/securitypodcast/6784.mp3 https://isc.sans.edu/podcastdetail/6784 Wed, 11 Dec 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Microsoft+December+2019+Patch+Tuesday/25592/
https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
Apple Security Updates
https://support.apple.com/en-us/HT201222
Intel Plundervolt Update
https://blogs.intel.com/technology/2019/12/ipas-security-advisories-for-december-2019/
]]> 6:48 intel, plundervolt, apple, adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6782 Another Word Maldoc; Snatch Ransomware; Ryuk Decryptor Fail; Sysmon DNS Rules @swiftonsecurity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Another Word Maldoc; Snatch Ransomware; Ryuk Decryptor Fail; Sysmon DNS Rules @swiftonsecurity https://traffic.libsyn.com/securitypodcast/6782.mp3 https://isc.sans.edu/podcastdetail/6782 Tue, 10 Dec 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/
Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents
https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/
Extending Windows 7 Security Updates
https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/
Swift on Security Updates Sysmon Rules
https://github.com/SwiftOnSecurity/sysmon-config
RSA Webcast
https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving
]]> 7:55 Word, maldoc, oledump, snatch, ransomware, safe mode, ryuk, decryptor, windows 7, esu, swift on security, sysmon, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6780 HTML Phishing Email; Great (Red) Canon Activated Against HK Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HTML Phishing Email; Great (Red) Canon Activated Against HK https://traffic.libsyn.com/securitypodcast/6780.mp3 https://isc.sans.edu/podcastdetail/6780 Mon, 09 Dec 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/
Great Canon / Red Canon Activated to Silence Pro Hongkong Forum
https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again
]]> 6:09 hongkong, red canon, great canon, javascript, phishing, html email, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6778 OpenBSD Vuln; Linux/BSD VPN Connection Hijack; STI Paper: RASP vs. WAF Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OpenBSD Vuln; Linux/BSD VPN Connection Hijack; STI Paper: RASP vs. WAF https://traffic.libsyn.com/securitypodcast/6778.mp3 https://isc.sans.edu/podcastdetail/6778 Fri, 06 Dec 2019 04:30:02 GMT https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt?_ga=2.58244398.587934852.1575530822-682141427.1570559125
Hijacking Linux (and BSD) VPN Connections
https://seclists.org/oss-sec/2019/q4/122
RASP vs. WAF: Alexander Fry Research Paper
https://www.sans.org/reading-room/whitepapers/application/runtime-application-self-protection-rasp-investigation-effectiveness-rasp-solution-protecting-vulnerable-target-applications-38950
]]> 14:01 rasp, waf, vpn, linux, bsd, openbsd, authentication, login, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6776 Atlasian Companion App IBM Aspera Cloud; Python Libraries; GoAhead Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Atlasian Companion App IBM Aspera Cloud; Python Libraries; GoAhead https://traffic.libsyn.com/securitypodcast/6776.mp3 https://isc.sans.edu/podcastdetail/6776 Thu, 05 Dec 2019 05:05:02 GMT https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/
https://confluence.atlassian.com/doc/administering-the-atlassian-companion-app-958456281.html
https://twitter.com/tmslft/status/1202056063878606848?s=20
Fake Python Library in PyPi
https://github.com/dateutil/dateutil/issues/984
GoAhead Web Server Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888
]]> 6:01 goahead, web server, python, dateutil, jellyfish, je1lyfish, atlasian, aspera, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6774 Avast Blocked from Firefox; Android Patches; Strandhogg; Firefox 71 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Avast Blocked from Firefox; Android Patches; Strandhogg; Firefox 71 https://traffic.libsyn.com/securitypodcast/6774.mp3 https://isc.sans.edu/podcastdetail/6774 Wed, 04 Dec 2019 04:40:02 GMT https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/
Google Android Updates
https://source.android.com/security/bulletin/2019-12-01
Strandhogg Vulnerability
https://promon.co/security-news/strandhogg/
Firefox 71 Released
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/
]]> 6:11 firefox, strandhogg, android, updates, patches, banking trojan, avast, privacy, anti malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6772 Port 26 Scans; Ursnif/Dridex; Windows 7 ESU; QNAP Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Port 26 Scans; Ursnif/Dridex; Windows 7 ESU; QNAP Patches https://traffic.libsyn.com/securitypodcast/6772.mp3 https://isc.sans.edu/podcastdetail/6772 Tue, 03 Dec 2019 04:30:03 GMT https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/
Recent Ursnif Malspam
https://isc.sans.edu/forums/diary/Ursnif+infection+with+Dridex/25566/
Windows 7 Extended Security Updates
https://www.microsoft.com/microsoft-365/partners/news/article/announcing-paid-windows-7-extended-security-updates
QNAP Patches Photo Station
https://www.qnap.com/en/security-advisory/nas-201911-25
]]> 5:53 qnap, windows 7, ESU, microsoft, ursnif, dridex, exim, telnet, port 26, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6770 Agent Tesla; SauronEye; Splunk Y2k20 Bug; Google Threat Analysis Group Summary Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Agent Tesla; SauronEye; Splunk Y2k20 Bug; Google Threat Analysis Group Summary https://traffic.libsyn.com/securitypodcast/6770.mp3 https://isc.sans.edu/podcastdetail/6770 Mon, 02 Dec 2019 08:55:02 GMT https://isc.sans.edu/forums/diary/Finding+an+Agent+Tesla+malware+sample/25554/
Search With SauronEye
https://isc.sans.edu/forums/diary/ISC+Snapshot+Search+with+SauronEye/25558/
Splunk Y2K20 Patch
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020
Google TAG Quarterly Summary
https://blog.google/technology/safety-security/threat-analysis-group/protecting-users-government-backed-hacking-and-disinformation/
]]> 6:43 google, tag, state sponsored, splunk, y2k, sauroneye, agent tesla, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6768 Playing With Phishing; HPE SSD Update; Malicious Android SDK; Kaspersky Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Playing With Phishing; HPE SSD Update; Malicious Android SDK; Kaspersky Update https://traffic.libsyn.com/securitypodcast/6768.mp3 https://isc.sans.edu/podcastdetail/6768 Wed, 27 Nov 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Lessons+learned+from+playing+a+willing+phish/25552/
HPE SSD Drives will Stop Working in 3 years
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us
Malicious Android SDK Captures Social Media Data
https://help.twitter.com/en/sdk-issue
Kasperski API Exposed to Websites
https://palant.de/2019/11/26/internal-kaspersky-api-exposed-to-websites/
Malicious Ad Statistics
https://www.confiant.com/Demand-Quality-Report-Q3-2019
]]> 5:47 kasperski, ads, sdk, twitter, ssd, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6766 DoH In SOHO Networks; Fortinet Weak Crypto; Tracking via DNS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DoH In SOHO Networks; Fortinet Weak Crypto; Tracking via DNS https://traffic.libsyn.com/securitypodcast/6766.mp3 https://isc.sans.edu/podcastdetail/6766 Tue, 26 Nov 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/My+Little+DoH+Setup/25548/
Fortinet Weak Crypto
https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/
Tracking Web Users via DNS
https://github.com/uBlockOrigin/uBlock-issues/issues/780
]]> 4:38 tracking, dns, fortinet, https, doh, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6764 Web Filter Recon; Malice for Local Malware Analysis; VNC Flaws Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Web Filter Recon; Malice for Local Malware Analysis; VNC Flaws https://traffic.libsyn.com/securitypodcast/6764.mp3 https://isc.sans.edu/podcastdetail/6764 Mon, 25 Nov 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Abusing+Web+Filters+Misconfiguration+for+Reconnaissance/25538/
Local Malware Analysis with Malice
https://isc.sans.edu/forums/diary/Local+Malware+Analysis+with+Malice/25544/
Multiple Vulnerabilities in VNC
https://www.kaspersky.com/blog/vnc-vulnerabilities/31462/
]]> 5:21 vnc, malice, web filter, recognisance, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6762 Memory Encryption Issues; Memory Encryption Issues; RIPlace; OFfcie Preview Issue Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Memory Encryption Issues; Memory Encryption Issues; RIPlace; OFfcie Preview Issue https://traffic.libsyn.com/securitypodcast/6762.mp3 https://isc.sans.edu/podcastdetail/6762 Fri, 22 Nov 2019 03:00:02 GMT https://arxiv.org/abs/1908.11680
GetMonero Wallet Compromised
https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html
RIPlace Ransomware Detection Bypass
https://www.nyotron.com/blog/nyotron-discovers-potentially-unstoppable-ransomware-evasion-technique-riplace/
Microsoft Office Remote Content Triggers in Preview Pane
https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386
]]> 6:16 office, preview, phishing, riplace, ransomware, getmonero, wallet, memory encryption, amd, intel, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6760 Latest Hancitor Update; Oracle Payday Vuln; Chrome Update; Unbound Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Latest Hancitor Update; Oracle Payday Vuln; Chrome Update; Unbound Patch https://traffic.libsyn.com/securitypodcast/6760.mp3 https://isc.sans.edu/podcastdetail/6760 Thu, 21 Nov 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Hancitor+infection+with+Pony+Evil+Pony+Ursnif+and+Cobalt+Strike/25532/
Oracle Payday Vulnerabilities Exploited
https://www.onapsis.com/blog/oracle-payday-vulnerabilities
Google Chrome Update
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html
NSA Publishes Guide About the Risks of Inspecting TLS
https://media.defense.gov/2019/Nov/18/2002212783/-1/-1/0/MANAGING%20RISK%20FROM%20TLS%20INSPECTION_20191106.PDF
Unbound Command Execution Vulnerability
https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module
]]> 6:07 unbound, NSA, TLS interception, google chrome, oracle, payday, hancitor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6758 JAWS DVR Bot; Tianfu Cup; Access Hotfix; Win10 DoH; Android Camera Permission Mixup Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. JAWS DVR Bot; Tianfu Cup; Access Hotfix; Win10 DoH; Android Camera Permission Mixup https://traffic.libsyn.com/securitypodcast/6758.mp3 https://isc.sans.edu/podcastdetail/6758 Wed, 20 Nov 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/
TianFu Cup
https://twitter.com/TianfuCup
Microsoft Access Hotfix
https://support.microsoft.com/en-us/help/4484198/november-18-2019-update-for-office-2016-kb4484198
Windows 10 DNS over HTTPS
https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-will-improve-user-privacy-with-DNS-over-HTTPS/ba-p/1014229
Android Camera Permission Mixup
https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
]]> 6:23 jaws, dvr, mirai, tianfu, access, win10, dns over https, doh, android, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6756 SMS Woes; Intel Removing EOL BIOS Downloads; Agressive Outlook 365 Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SMS Woes; Intel Removing EOL BIOS Downloads; Agressive Outlook 365 Phishing https://traffic.libsyn.com/securitypodcast/6756.mp3 https://isc.sans.edu/podcastdetail/6756 Tue, 19 Nov 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/SMS+and+2FA+Another+Reason+to+Move+away+from+It/25526/
Intel Removing BIOS Downloads for EOL Hardware
https://www.vogons.org/viewtopic.php?f=46&t=69184
https://news.ycombinator.com/item?id=21563309
Outlook 365 Remains Top Phishing Target
https://info.phishlabs.com/blog/active-office-365-phishing-campaign-targeting-admin-credentials
]]> 5:38 outlook 365, phishing, intel, firmware, updates, sms messages, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6754 TPM-Fail Update; Office Update Breaks Access; WhatsApp Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TPM-Fail Update; Office Update Breaks Access; WhatsApp Update https://traffic.libsyn.com/securitypodcast/6754.mp3 https://isc.sans.edu/podcastdetail/6754 Mon, 18 Nov 2019 03:00:04 GMT https://downloadcenter.intel.com/download/28632
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
Office November Update Issues
https://borncity.com/win/2019/11/13/office-november-2019-updates-are-causing-access-error-3340/
WhatsApp Stack Based Buffer Overflow
https://nvd.nist.gov/vuln/detail/CVE-2019-11931
Android Qualcom Data Exfiltration Bug
https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/
Nextcloud Ransomware NextCry
https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
]]> 5:55 android, qualcom, nextcloud, nextcry, whatsapp, access, office, tpmfail, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6752 LokiBot Update; Zeek Packet-Fu; TPM Leaks; Zombieload 2.0 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LokiBot Update; Zeek Packet-Fu; TPM Leaks; Zombieload 2.0 https://traffic.libsyn.com/securitypodcast/6752.mp3 https://isc.sans.edu/podcastdetail/6752 Fri, 15 Nov 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/
Some Packet-Fu with Zeek
https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/
TPM Leaks
http://tpm.fail/
Zombieload 2.0 Vulnerability
https://zombieloadattack.com/
]]> 7:15 zombieload, tpm, leak, zeek, lokibot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6750 Microsoft Patch Tuesday; Adobe Updates; Facebook Camera "Bug"; McAfee Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Updates; Facebook Camera "Bug"; McAfee Update https://traffic.libsyn.com/securitypodcast/6750.mp3 https://isc.sans.edu/podcastdetail/6750 Wed, 13 Nov 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/November+2019+Microsoft+Patch+Tuesday/25516/
Adobe Update
https://helpx.adobe.com/security.html
Facebook Camera Bug
https://www.cnet.com/news/facebook-bug-has-camera-activated-while-people-are-using-the-app
McAfee Anti Virus Bypass and Persistance
https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
]]> 6:44 mcafee, facebook, camera, adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6748 TheMoon Still Here; Apply Magento Update; CSS Injection in Slack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TheMoon Still Here; Apply Magento Update; CSS Injection in Slack https://traffic.libsyn.com/securitypodcast/6748.mp3 https://isc.sans.edu/podcastdetail/6748 Tue, 12 Nov 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Are+We+Going+Back+to+TheMoon+and+How+is+Liquor+Involved/25512/
New Update for Magento Shopping Cart
https://magento.com/security/patches/latest-magento-security-update-helps-protect-recently-reported-rce-vulnerability
https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
ZoneAlarm vBulletin Forum Breached
https://thehackernews.com/2019/11/zonealarm-forum-data-breach.html
CSS Injection in Slack to Log Keystrokes
https://fletchto99.dev/2019/november/slack-vulnerability/
]]> 5:45 slack, css, keystroke logger, vbulletin, zonealarm, magento, themoon, liquor 1.0, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6746 Misused MSFT Apps; Pwn2Own Summary; State of Javascript Security; Honeypot Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Misused MSFT Apps; Pwn2Own Summary; State of Javascript Security; Honeypot Update https://traffic.libsyn.com/securitypodcast/6746.mp3 https://isc.sans.edu/podcastdetail/6746 Mon, 11 Nov 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Microsoft+Apps+Diverted+from+Their+Main+Use/25502/
Did Bluekeep Malware Afect Patching
https://isc.sans.edu/forums/diary/Did+the+recent+malicious+BlueKeep+campaign+have+any+positive+impact+when+it+comes+to+patching/25506/
Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2019/11/7/pwn2own-tokyo-2019-day-two-final-results
State of Javascript Framework Security
https://snyk.io/wp-content/uploads/snyk-javascript_report_2019.pdf
DShield/ISC Honeypot Update
https://isc.sans.edu/honeypot.html
]]> 6:46 snyk, javascript, jquery, pwn2own, bluekeep, microsoft, word, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6744 Adobe Mobile SDK; QNAP Advice; Double ZIP Files; Ring Video Doorbell Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Adobe Mobile SDK; QNAP Advice; Double ZIP Files; Ring Video Doorbell https://traffic.libsyn.com/securitypodcast/6744.mp3 https://isc.sans.edu/podcastdetail/6744 Fri, 08 Nov 2019 03:00:05 GMT https://wwws.nightwatchcybersecurity.com/2019/11/06/insecure-defaults-in-adobes-mobile-sdks/
QNAP Updates QSnatch Advisory
https://www.qnap.com/en/security-advisory/nas-201911-01
Double Loaded ZIP Files Delivery Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/
Ring Video Doorbell Leaks Wifi Password
https://labs.bitdefender.com/2019/11/ring-video-doorbell-pro-under-the-scope/
]]> 6:33 ring, video doorbell, wifi, zip, malware, qnap, qsnatch, adobe, mobile sdk, tls, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6742 Google PlayStore Security; Xen and npcap Patches; TrendMicro Insider Issue; SANS Ouch Newsletter Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Google PlayStore Security; Xen and npcap Patches; TrendMicro Insider Issue; SANS Ouch Newsletter https://traffic.libsyn.com/securitypodcast/6742.mp3 https://isc.sans.edu/podcastdetail/6742 Thu, 07 Nov 2019 03:00:03 GMT https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html
Xen Security Advisories
https://xenbits.xen.org/xsa/
npcap pool corruption vulnerability
https://github.com/nmap/nmap/issues/1568
TrendMicro Employee Selling Customer Data to Tech Support Scammers
https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/
SANS Security Awareness Newsletter
https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1
]]> 5:19 google, playstore, xen, npcap, trendmicro, insider, tech support scam, ouch, awareness, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6740 Formbook Malspam; Honeypot Update; Office on Mac Macros; libarchive bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Formbook Malspam; Honeypot Update; Office on Mac Macros; libarchive bug https://traffic.libsyn.com/securitypodcast/6740.mp3 https://isc.sans.edu/podcastdetail/6740 Wed, 06 Nov 2019 03:00:05 GMT https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/
Honeypot Update
https://github.com/DShield-ISC/dshield
Office on Mac XLM Macros
https://kb.cert.org/vuls/id/125336/
Firefox Browser Lock Bug Exploited
https://bugzilla.mozilla.org/show_bug.cgi?id=1593795
libarchive use after free vulnerability
https://medium.com/@social_62682/new-libarchive-use-after-free-vulnerability-36c4b141fe89
]]> 6:22 libarchive, Firefox, office on mac, excel, xlm, macros, honeypot, formbook, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6738 Bluekeep Exploit Update; ClamAV Vuln; XCode Patch; MikroTik DNS Cache Poison Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Bluekeep Exploit Update; ClamAV Vuln; XCode Patch; MikroTik DNS Cache Poison https://traffic.libsyn.com/securitypodcast/6738.mp3 https://isc.sans.edu/podcastdetail/6738 Tue, 05 Nov 2019 03:00:03 GMT https://twitter.com/hackerfantastic/status/1190685521153937408
https://pastebin.com/cfP7X89m
XCode Vulnerability
https://support.apple.com/en-is/HT210729
MikroTik DNS Cache Poisoning
https://blog.mikrotik.com/security/dns-cache-poisoning-vulnerability.html
]]> 6:18 xcode, microtik, dns cache poisoning, dns, clamav, clambc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6736 Chrome Update; BlueKeep Mass Exploit; Unpached rConfig RCE (exploited, but maybe not a big deal) Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Chrome Update; BlueKeep Mass Exploit; Unpached rConfig RCE (exploited, but maybe not a big deal) https://traffic.libsyn.com/securitypodcast/6736.mp3 https://isc.sans.edu/podcastdetail/6736 Mon, 04 Nov 2019 03:44:56 GMT https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
rConfig Vulnerabilities
https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
]]> 5:59 rconfig, blue keep, google chrome update, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6734 EML O365 Phishing; MSFT TLS Timeouts; MESSAGETAP; Amazon 3rd Party Device Auth Issues Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. EML O365 Phishing; MSFT TLS Timeouts; MESSAGETAP; Amazon 3rd Party Device Auth Issues https://traffic.libsyn.com/securitypodcast/6734.mp3 https://isc.sans.edu/podcastdetail/6734 Fri, 01 Nov 2019 03:00:04 GMT https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/
Microsoft TLS Security Enhancements Lead to Timeouts
https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or

MESSAGETAP: Who's Reading Your Text Messages
https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html
Amazon Authentication Failure for 3rd Party Devices
https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/
]]> 5:52 amazon, oauth2, messagetap, microsoft, tls, phishing, outlook 365, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6732 Apple Updates; Untitled Goose; Pagers in Medicine; Kibana Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; Untitled Goose; Pagers in Medicine; Kibana Vuln https://traffic.libsyn.com/securitypodcast/6732.mp3 https://isc.sans.edu/podcastdetail/6732 Thu, 31 Oct 2019 03:00:03 GMT https://support.apple.com/en-us/HT201222
Untitled Goose Deserialization
https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization
Insecure Pagers Leak Medical Data
https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/
Kibana Vulnerablity
https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
]]> 6:34 kibana, pagers, medical data, untitled goose, deserialization, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6730 xHelper Update; Counterstrike Money Laundry; PCAPs from YAML Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. xHelper Update; Counterstrike Money Laundry; PCAPs from YAML https://traffic.libsyn.com/securitypodcast/6730.mp3 https://isc.sans.edu/podcastdetail/6730 Wed, 30 Oct 2019 03:00:04 GMT https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
Counterstrike Game Keys Used for Money Laundry
https://blog.counter-strike.net/index.php/2019/10/26113/
Greating PCAP Files From YAML
https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/
]]> 5:36 pcap, yaml, pcraft, counterstrike, game keys, xhelper, android, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6728 PHP 7 RCE Exploited; Finding Shellcode; iOS/tvOS/Safari Updates; Sextortion Blogs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PHP 7 RCE Exploited; Finding Shellcode; iOS/tvOS/Safari Updates; Sextortion Blogs https://traffic.libsyn.com/securitypodcast/6728.mp3 https://isc.sans.edu/podcastdetail/6728 Tue, 29 Oct 2019 03:00:03 GMT https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/
https://github.com/neex/phuip-fpizdam
Finding Shellcode with scdbg
https://isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/
Apple iOS / tvOS / Safari Updates
https://support.apple.com/en-us/HT201222
Sextortion Attempts Are Targeting Blogs
https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/
]]> 4:49 sextortion, wordpress, blogger, php7, nginx, fpm, scdbg, apple, ios, tvos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6726 Odd Double Base64 Header; Parsing DNS Logs in PS; iOS Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd Double Base64 Header; Parsing DNS Logs in PS; iOS Malware https://traffic.libsyn.com/securitypodcast/6726.mp3 https://isc.sans.edu/podcastdetail/6726 Mon, 28 Oct 2019 03:45:03 GMT https://isc.sans.edu/forums/diary/Unusual+Activity+with+Double+Base64+Encoding/25458/
DNS Archeology With PowerShell
https://isc.sans.edu/forums/diary/More+on+DNS+Archeology+with+PowerShell/25452/
iOS Appstore Malware
https://www.wandera.com/mobile-security/ios-trojan-malware/
British Law Enforcement Misses Malware Reports Due to Anti-Malware
https://www.theregister.co.uk/2019/10/24/hmicfrs_report_cyber_crime/
]]> 5:49 malware, law enforcement, england, dns, ios, powershell, windows, bs_real_ip, base64, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6724 XXE Vuln in LSP4XML (VS Code); Google Chrome SameSite Changes; Gigamon Leftovers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. XXE Vuln in LSP4XML (VS Code); Google Chrome SameSite Changes; Gigamon Leftovers https://traffic.libsyn.com/securitypodcast/6724.mp3 https://isc.sans.edu/podcastdetail/6724 Fri, 25 Oct 2019 04:45:03 GMT https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true
Google Chrome Will Make "SameSite" Default
https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Leftover Gigamon Configurations
https://isc.sans.edu/forums/diary/Your+Supply+Chain+Doesnt+End+At+Receiving+How+Do+You+Decommission+Network+Equipment/25448/
]]> 6:55 gigamon, google, chrome, samesite, xml, xxe, lsp4xml, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6722 SIM Swapping; Discord Infostealer; Cisco Exploit Code; Tails 4.0 Released Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SIM Swapping; Discord Infostealer; Cisco Exploit Code; Tails 4.0 Released https://traffic.libsyn.com/securitypodcast/6722.mp3 https://isc.sans.edu/podcastdetail/6722 Thu, 24 Oct 2019 03:45:02 GMT https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself
Discord Used as Info Stealer Backdoor
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/
Cisco Exploit Code
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
Tails 4.0 Released
https://tails.boum.org/news/version_4.0/index.en.html
]]> 5:03 tails 4.0, privacy, cisco, discord, electron, javascript, SIM swapping, ftc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6720 Testing TLS 1.3; Firefox/Chrome Updates; Cache Poisoning DoS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Testing TLS 1.3; Firefox/Chrome Updates; Cache Poisoning DoS https://traffic.libsyn.com/securitypodcast/6720.mp3 https://isc.sans.edu/podcastdetail/6720 Wed, 23 Oct 2019 03:45:02 GMT https://isc.sans.edu/forums/diary/Testing+TLSv13+and+supported+ciphers/25442/
Google Chrome 78 Released
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Firefox 70 Released
https://www.mozilla.org/en-US/firefox/70.0/releasenotes/
Cache Poisoning DoS
https://cpdos.org/
]]> 7:09 cache poisoning, cpdos, dos, proxy, firefox, google, chrome, mozilla, tls 1.3, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6718 DNS over TLS Scans; North/Thor/Viking/VPN Compromises; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS over TLS Scans; North/Thor/Viking/VPN Compromises; https://traffic.libsyn.com/securitypodcast/6718.mp3 https://isc.sans.edu/podcastdetail/6718 Tue, 22 Oct 2019 04:35:02 GMT https://isc.sans.edu/forums/diary/Whats+up+with+TCP+853+DNS+over+TLS/25438/
NordVPN and Others Compromised
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
https://twitter.com/hexdefined/status/1186106695073726466
Trend Micro Bypass
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-(ATTK)-REMOTE-CODE-EXECUTION.txt
Realtek Linux Wifi Driver Buffer Overflow
https://twitter.com/nicowaisman/status/1184864519316758535
]]> 5:41 realtek, wifi, trend micro, attk, vpn, nordvpn, vikingvpn, dns over tls, dot, scans, 853, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6716 Attacks Against NVMS-9000 DVR; Pixel 4 / Galaxy S10 Biometrics; Home Speaker Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Attacks Against NVMS-9000 DVR; Pixel 4 / Galaxy S10 Biometrics; Home Speaker Phishing https://traffic.libsyn.com/securitypodcast/6716.mp3 https://isc.sans.edu/podcastdetail/6716 Mon, 21 Oct 2019 03:36:42 GMT https://isc.sans.edu/forums/diary/Scanning+Activity+for+NVMS9000+Digital+Video+Recorder/25434/
Pixel 4 Face Unlock Works with Eyes Shut
https://www.bbc.com/news/technology-50085630
Samsung Galaxy S10 Fingerprint Unlock Bug
https://www.bbc.com/news/technology-50080586
Alexa/Google Home Phishing
https://srlabs.de/bites/smart-spies/
]]> 6:52 Alexa, Google Home, Phishing, Samsung, galaxy, s10, fingerprint, biometrics, pixel 4, sleeping, face recognition, nvms-9000, dvr, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6714 Bypassing SPF Records; Old Domain Paypal Accounts; Typosquatting 2020 Election; @sans_edu interview Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Bypassing SPF Records; Old Domain Paypal Accounts; Typosquatting 2020 Election; @sans_edu interview https://traffic.libsyn.com/securitypodcast/6714.mp3 https://isc.sans.edu/podcastdetail/6714 Fri, 18 Oct 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/
Purchased Domain Arrives with Paypal Accounts Linked to it
https://www.theregister.co.uk/2019/10/17/paypal_account_domain/
Typosquatting Attacks Affect 2020 Presidential Election
https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/
STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response
https://www.sans.org/reading-room/whitepapers/detection/paper/39165
]]> 16:41 sans_edu, interview, student, osquery, fleet, elastic, typosquatting, 2020 election, paypal, domain, phishing, spf, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6712 Oracle CPU; jackson-databind vulnerability; VMWare; Wordpress Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Oracle CPU; jackson-databind vulnerability; VMWare; Wordpress https://traffic.libsyn.com/securitypodcast/6712.mp3 https://isc.sans.edu/podcastdetail/6712 Thu, 17 Oct 2019 03:00:03 GMT https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Jackson-Databind Vulnerablity
https://github.com/FasterXML/jackson-databind/issues/2387
VMWare Cloud Foundation and VMware Harbor Container Registry Patch
https://www.vmware.com/security/advisories/VMSA-2019-0016.html
Wordpress Update
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
Cryptominers Hiding in WAV Files
https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html
]]> 5:31 oracle, cpu, jackson-databind, vmware, wordpress, wav files, cryptominers, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6710 Adobe Updates; Symantec BSDO; OSX Shlayer/Tarmac; Fake iOS Jailbreak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Adobe Updates; Symantec BSDO; OSX Shlayer/Tarmac; Fake iOS Jailbreak https://traffic.libsyn.com/securitypodcast/6710.mp3 https://isc.sans.edu/podcastdetail/6710 Wed, 16 Oct 2019 03:00:03 GMT https://helpx.adobe.com/security.html
Symantec BSOD
https://support.symantec.com/us/en/article.TECH256643.html
OSX/Shlayer Bypasses Gatekeeper/XProtect
https://blog.confiant.com/osx-shlayer-new-shurprise-unveiling-osx-tarmac-f965a32de887
Fake iOS Jailbreak Leads to Clickfraud
https://blog.talosintelligence.com/2019/10/checkrain-click-fraud.html
]]> 5:29 ios, jailbreak, clickfraud, checkrain, shlayer, gatekeeper, xprotect, adobe, symantec, bsod, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6708 Sudo Vulnerablity; Apple Safebrowsing; Streaming Privacy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sudo Vulnerablity; Apple Safebrowsing; Streaming Privacy https://traffic.libsyn.com/securitypodcast/6708.mp3 https://isc.sans.edu/podcastdetail/6708 Tue, 15 Oct 2019 03:00:03 GMT https://www.sudo.ws/alerts/minus_1_uid.html
Apple Safebrowsing Controversy
https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/
Streaming Service Tracking Behaviour
https://www.princeton.edu/~pmittal/publications/tv-tracking-ccs19.pdf
]]> 6:03 roku, amazon fire, tracking, streaming, safebrowsing, apple, sudo, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6706 YARA Update; Hacking Back Against Ransomware; Fake Crypto Trading Software Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. YARA Update; Hacking Back Against Ransomware; Fake Crypto Trading Software https://traffic.libsyn.com/securitypodcast/6706.mp3 https://isc.sans.edu/podcastdetail/6706 Mon, 14 Oct 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/YARA+v3110+released/25408/
Hacking Back Against Ransomware
https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/
Fake Crypto Trading Software
https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/
]]> 3:37 crypto trading, hacking back, ransomware, muhstik, yara, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6704 OUI Mining; iTerm2 Vuln; Apple Updater Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OUI Mining; iTerm2 Vuln; Apple Updater Exploited https://traffic.libsyn.com/securitypodcast/6704.mp3 https://isc.sans.edu/podcastdetail/6704 Fri, 11 Oct 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Mining+Live+Networks+for+OUI+Data+Oddness/25404/
iTerm2 Vulnerability
https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4
Apple Updater Exploited in Bitpaymer Campaign
https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign
]]> 6:14 oui, ethernet, mac, iterm2, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6702 Vidar Malware Analysis; NTLM MIC Bypass; Threats on Google Play Store Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Vidar Malware Analysis; NTLM MIC Bypass; Threats on Google Play Store https://traffic.libsyn.com/securitypodcast/6702.mp3 https://isc.sans.edu/podcastdetail/6702 Thu, 10 Oct 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/What+data+does+Vidar+malware+steal+from+an+infected+host/25398/
NTLM MIC Bypass
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
Threats on Google Play
https://news.drweb.com/show/review/?i=13446#google
]]> 5:35 google play, mic, ntlm, relay attack, vidar, infostealer, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6700 MSFT Patches; Android Patches; vBulletin Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patches; Android Patches; vBulletin Patches https://traffic.libsyn.com/securitypodcast/6700.mp3 https://isc.sans.edu/podcastdetail/6700 Wed, 09 Oct 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/
Android Update
https://source.android.com/security/bulletin/2019-10-01
vBulletin Update
https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2
]]> 5:22 vbulletin, android, update, patches, microsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6698 2xVPN=0VPN; WhatsApp GIF Bug; MacOS Catalina; Magecart Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 2xVPN=0VPN; WhatsApp GIF Bug; MacOS Catalina; Magecart Update https://traffic.libsyn.com/securitypodcast/6698.mp3 https://isc.sans.edu/podcastdetail/6698 Tue, 08 Oct 2019 03:00:03 GMT https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
WhatsApp Bug
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
MacOS Catalina and Safari Update Released
https://www.macrumors.com/2019/10/07/apple-releases-macos-catalina/
https://support.apple.com/en-us/HT201222 (nothing new yet)
Magecart Still Going Strong
https://www.theregister.co.uk/2019/10/04/magecart/
(original RiskIQ report requires Registration)
]]> 6:00 magecart, macos, catalina, whatsapp, cloudflare, nordvpn, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6696 R and visNetwork; Android Priv. Escalation Exploited; Signal Evesdropping Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. R and visNetwork; Android Priv. Escalation Exploited; Signal Evesdropping https://traffic.libsyn.com/securitypodcast/6696.mp3 https://isc.sans.edu/podcastdetail/6696 Mon, 07 Oct 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/visNetwork+for+Network+Data/25390/
Android Priv. Escalation Vulnerability Exploited in the Wild
https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
Signal Evesdropping Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
]]> 5:18 signal, android, evesdropping, priviledge escalation, nso group, R, visnetwork, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6694 Lost Files Ransomware; tcpdump vulnerabilities; Reductor Malware; Pass The Hash @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Lost Files Ransomware; tcpdump vulnerabilities; Reductor Malware; Pass The Hash @sans_edu https://traffic.libsyn.com/securitypodcast/6694.mp3 https://isc.sans.edu/podcastdetail/6694 Fri, 04 Oct 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/LostFiles+Ransomware/25382/
tcpdump vulnerabilities
https://www.tcpdump.org/tcpdump-changes.txt
TLS Manipulating Malware
https://securelist.com/compfun-successor-reductor/93633/
Luasz Cyra: Pass the Hash in Windows 10
https://www.sans.org/reading-room/whitepapers/testing/paper/39170
]]> 15:10 pass the hash, windows 10, tls, reductor, tcpdump, ransomware, last files, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6692 Latest Emotet News; Ouch! Newsletter; XPdf/Foxit Updates; eFax Malspam Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Latest Emotet News; Ouch! Newsletter; XPdf/Foxit Updates; eFax Malspam https://traffic.libsyn.com/securitypodcast/6692.mp3 https://isc.sans.edu/podcastdetail/6692 Thu, 03 Oct 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/A+recent+example+of+Emotet+malspam/25378/
SANS Ouch! Newsletter
https://www.sans.org/security-awareness-training/resources/four-simple-steps-staying-secure
XPdf and Foxit Updates
https://www.foxitsoftware.com/support/security-bulletins.php
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885
eFax Malspam
https://www.heise.de/security/meldung/Achtung-Angebliches-eFax-birgt-Trojaner-4544386.html
Office 365 Idle Timeout
https://docs.microsoft.com/en-us/sharepoint/sign-out-inactive-users
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=55183
]]> 5:18 office 365, timeout, efax, spam, malspam, xpdf, foxit, ouch, awareness, emotet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6690 PDF Encryption Flaw; Windows 7 Security Extended Updates; ODT Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PDF Encryption Flaw; Windows 7 Security Extended Updates; ODT Malware https://traffic.libsyn.com/securitypodcast/6690.mp3 https://isc.sans.edu/podcastdetail/6690 Wed, 02 Oct 2019 03:00:03 GMT https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html
Windows 7 Security Updates Beyond 2020
https://www.microsoft.com/en-us/microsoft-365/blog/2019/10/01/windows-small-midsize-businesses-stay-secure-current/
ODT Documents Used to Distribute Malware
https://blog.talosintelligence.com/2019/09/odt-malware-twist.html
]]> 6:04 ODT, Documents, Malware, Talos, Windows 7, PDF, encryption, PDFex, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6688 Maldoc, Powershell and BITS; Cisco Patch Cycle; Exim Flaw Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Maldoc, Powershell and BITS; Cisco Patch Cycle; Exim Flaw https://traffic.libsyn.com/securitypodcast/6688.mp3 https://isc.sans.edu/podcastdetail/6688 Tue, 01 Oct 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Maldoc+PowerShell+BITS/25372/
Yet Another Critical Exim Flaw
https://nvd.nist.gov/vuln/detail/CVE-2019-16928
CISCO Introduces Semianual Patch Day
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72547
Windows 2019 to make it easier to disable legacy TLS Versions
https://www.microsoft.com/security/blog/2019/09/30/tls-version-enforcement-capabilities-now-available-certificate-binding-windows-server-2019
]]> 4:51 Windows Server 2019, TLS, Cisco, Exim, Maldoc, powershell, bits, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6686 Polycom Scans; Apple Security Details; iOS Jail Break Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Polycom Scans; Apple Security Details; iOS Jail Break https://traffic.libsyn.com/securitypodcast/6686.mp3 https://isc.sans.edu/podcastdetail/6686 Mon, 30 Sep 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/New+Scans+for+Polycom+Autoconfiguration+Files/25366/
Apple Security Details
https://support.apple.com/en-us/HT201222
iOS Jailbreak
https://github.com/axi0mX/ipwndfu
]]> 5:52 ios, apple, macos, jailbreak, patches, polycom, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6684 vBulletin Botnet; Cisco Patches; Sniffle BT Sniffer; OWA Blocking Extensions Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. vBulletin Botnet; Cisco Patches; Sniffle BT Sniffer; OWA Blocking Extensions https://traffic.libsyn.com/securitypodcast/6684.mp3 https://isc.sans.edu/podcastdetail/6684 Fri, 27 Sep 2019 03:00:03 GMT https://twitter.com/bad_packets/status/1177256656322695168
Cisco Industrial Router Security Bulletin
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth
Sniffle Bluetooth Sniffer
https://github.com/nccgroup/sniffle
Outlook on the web blocking more extensions
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Changes-to-File-Types-Blocked-in-Outlook-on-the-web/ba-p/874451
]]> 5:39 outlook, extensions, owa, sniffle, cisco, router, security, vbulletin, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6682 Malspam Pushing Quasar; vBulletin Patch; Fake Veteran Employment Site Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malspam Pushing Quasar; vBulletin Patch; Fake Veteran Employment Site https://traffic.libsyn.com/securitypodcast/6682.mp3 https://isc.sans.edu/podcastdetail/6682 Thu, 26 Sep 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Malspam+pushing+Quasar+RAT/25354/
vBulletin 0-Day Exploit Update
https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/
Fake Veteran Employment Site
https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html
]]> 4:35 cisco, talos, veteran, malware, vbulletin, exploit, patch, quasar, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6680 Remotewebaccess CT Logs; Coldfusion Patch; Apple Updates; vBulletin 0Day RCE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Remotewebaccess CT Logs; Coldfusion Patch; Apple Updates; vBulletin 0Day RCE https://traffic.libsyn.com/securitypodcast/6680.mp3 https://isc.sans.edu/podcastdetail/6680 Wed, 25 Sep 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Huge+Amount+of+remotewebaccesscom+Sites+Found+in+Certificate+Transparency+Logs/25352/
Adobe Releases Emergency ColdFusion Patch
https://blogs.adobe.com/psirt/?p=1789
Apple Releases Additional Updates for iOS/iPadOS
https://support.apple.com/en-us/HT201222
vBulletin Vulnerability 0-Day Exploit Released
https://seclists.org/fulldisclosure/2019/Sep/31
]]> 5:23 vbulletin, 0day, rce, apple, ios, ipados, adobe, coldfusion, patch, remotewebaccess, certificate transparency, ct, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6678 MSFT releases IE Patch; Cloudflare Blocking Bots; iOS Bluetooth Restriction; Forcepoint VPN Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT releases IE Patch; Cloudflare Blocking Bots; iOS Bluetooth Restriction; Forcepoint VPN https://traffic.libsyn.com/securitypodcast/6678.mp3 https://isc.sans.edu/podcastdetail/6678 Tue, 24 Sep 2019 03:00:03 GMT https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367
Cloudflare Adding "Bot Fight" option
https://blog.cloudflare.com/cleaning-up-bad-bots/
iOS Bluetooth Access Feature
https://www.theverge.com/2019/9/19/20867286/ios-13-bluetooth-permission-privacy-feature-apps
Forcepoint VPN Update
https://support.forcepoint.com/KBArticle?id=000017525
]]> 5:30 forcepoint, unquoted path, ios, bluetooth, permissions, privacy, location, cloudflare, bot fight, microsoftl, internet explorer, patch, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6676 Android Adware; Wireshark Update; Harbor Priv. Escalation Bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Android Adware; Wireshark Update; Harbor Priv. Escalation Bug https://traffic.libsyn.com/securitypodcast/6676.mp3 https://isc.sans.edu/podcastdetail/6676 Mon, 23 Sep 2019 03:00:02 GMT https://www.wandera.com/mobile-security/google-play-adware/
Wireshark Update
https://www.wireshark.org/docs/relnotes/wireshark-3.0.5.html
Harbor Privilege Escalation
https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
]]> 5:29 harbor, docker, wireshark, android, selfie, adware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6674 Agent Tesla; Apple Updates; SAMBA disables SMB1; GitHub Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Agent Tesla; Apple Updates; SAMBA disables SMB1; GitHub Updates https://traffic.libsyn.com/securitypodcast/6674.mp3 https://isc.sans.edu/podcastdetail/6674 Fri, 20 Sep 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Agent+Tesla+Trojan+Abusing+Corporate+Email+Accounts/25336/
Apple Updates
https://support.apple.com/en-us/HT201222
https://developer.apple.com/documentation/safari_release_notes/safari_13_release_notes
SAMBA 4.11 Released
https://www.samba.org/samba/history/samba-4.11.0.html
GitHub Security Updates
https://github.blog/2019-09-18-securing-software-together/
]]> 5:08 github, samba, apple, ios, watchos, safari, agent tesla, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6672 Emotet Sample; Windows Defender Bug; QEMU/VMWare VM Escape; CWE Top 25 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet Sample; Windows Defender Bug; QEMU/VMWare VM Escape; CWE Top 25 https://traffic.libsyn.com/securitypodcast/6672.mp3 https://isc.sans.edu/podcastdetail/6672 Thu, 19 Sep 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
Windows Defender "Scan Now" Failed Bug Fix
https://www.bleepingcomputer.com/news/microsoft/windows-defender-antivirus-scans-broken-after-new-update/
https://borncity.com/win/2019/09/18/defender-antimalware-version-4-18-1908-7-released/
QEMU Vulnerablity
https://www.openwall.com/lists/oss-security/2019/09/17/1
VMWare Vulnerabilty
https://blogs.vmware.com/security/2019/09/amd-display-driver-security-updates-address-cve-2019-5685.html
New CWE Top 25 Released
https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
]]> 6:16 cwe, vmware, qemu, vm escape, windows defender, emotet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6670 Find Windows Log Gaps; SOHOpelesly Broken; HP Printer Privacy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Find Windows Log Gaps; SOHOpelesly Broken; HP Printer Privacy https://traffic.libsyn.com/securitypodcast/6670.mp3 https://isc.sans.edu/podcastdetail/6670 Wed, 18 Sep 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Investigating+Gaps+in+your+Windows+Event+Logs/25328/
SOHOpelesly Broken 2
https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/
HP Printer Privacy
https://robertheaton.com/2019/09/15/hp-printers-send-data-on-what-you-print-back-to-hp/
]]> 5:52 hp, privacy, printer, soho, router, nas, sohoplesly, windows, event logs, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6668 Encrypted Sextortion; Simjacker; LassPass Fix Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Encrypted Sextortion; Simjacker; LassPass Fix https://traffic.libsyn.com/securitypodcast/6668.mp3 https://isc.sans.edu/podcastdetail/6668 Tue, 17 Sep 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Encrypted+Sextortion+PDFs/25324/
SimJacker
https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile
LastPass Password Leak
https://bugs.chromium.org/p/project-zero/issues/detail?id=1930
Microsoft Extends EoL For Exchange Server 2010
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Microsoft-Extending-End-of-Support-for-Exchange-Server-2010-to/ba-p/753591
]]> 6:36 exchange server, eol, lastpass, simjacker, sextortion, encrypted, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6666 #RigEK -> VBScript; Pentesters Arrested; iOS 13 Unlock Trick Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #RigEK -> VBScript; Pentesters Arrested; iOS 13 Unlock Trick https://traffic.libsyn.com/securitypodcast/6666.mp3 https://isc.sans.edu/podcastdetail/6666 Mon, 16 Sep 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+Delivering+VBScript/25318/
Pentesters Arrested During Physical Access Pentest
https://arstechnica.com/information-technology/2019/09/check-the-scope-pen-testers-nabbed-jailed-in-iowa-courthouse-break-in-attempt/
iOS Lock Screen Unlock Vulnerability
https://www.theregister.co.uk/2019/09/12/apples_ios_lock_workaround/
]]> 6:10 ios, lock screen, unlock, pentest, arrested, iowa, vbscript, rigek, rig, exploit kit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6660 Microsoft Patch Tuesday; Adobe Patches; SSH Side Channel Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Patches; SSH Side Channel https://traffic.libsyn.com/securitypodcast/6660.mp3 https://isc.sans.edu/podcastdetail/6660 Wed, 11 Sep 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Microsoft+September+2019+Patch+Tuesday/25310/
Adobe Patches
https://helpx.adobe.com/security.html
Intel SSH Side Channel Vulnerability
https://www.vusec.net/projects/netcat/
https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
]]> 5:29 intel, ssh, side channel, netcat, adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6658 Firefox Making DoH Default; Telegram Fixes Privacy Bug; PsiXBot uses DoH Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Firefox Making DoH Default; Telegram Fixes Privacy Bug; PsiXBot uses DoH https://traffic.libsyn.com/securitypodcast/6658.mp3 https://isc.sans.edu/podcastdetail/6658 Tue, 10 Sep 2019 03:00:03 GMT https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/
Telegram Fixes Privacy Bug
https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html
PsiXBot Uses DoH
https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module
]]> 6:26 psixbot, doh, telegram, firefox, https, dns, privacy, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6656 Mirai Updates; Bluekeep in Metasploit; Gmail Spam Response; Exim TLS SNI Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mirai Updates; Bluekeep in Metasploit; Gmail Spam Response; Exim TLS SNI Exploit https://traffic.libsyn.com/securitypodcast/6656.mp3 https://isc.sans.edu/podcastdetail/6656 Mon, 09 Sep 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Unidentified+Scanning+Activity/25304/
Bluekeep Exploit Now in Metasploit
https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/
How to Remove GMail Calendar Spam
https://support.google.com/calendar/answer/6084018?co=GENIE.Platform%3DDesktop&hl=en
Exim SNI TLS Vulnerability
https://exim.org/static/doc/security/CVE-2019-15846.txt
]]> 4:49 gmail spam, bluekeep, metasploit, mirai, exim, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6650 LNK File Trickbot; Supermicro Vritual USB BMC Vuln; Facebook Free Basics Key Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LNK File Trickbot; Supermicro Vritual USB BMC Vuln; Facebook Free Basics Key https://traffic.libsyn.com/securitypodcast/6650.mp3 https://isc.sans.edu/podcastdetail/6650 Wed, 04 Sep 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Guest+Diary+Tricky+LNK+points+to+TrickBot/25290/
Supermicro Virtual USB Vulnerability
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
Facebook Free Basics Key Used to Sign Unrelated Android Apps
https://www.androidpolice.com/2019/08/29/cryptographic-key-used-to-sign-one-of-facebooks-android-apps-compromised/
]]> 5:59 facebook, free basics, private key, supermicro, bmc, usb, trickbot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6648 Malware Installs Node.js; Dovecot Vulnerability; Cloudflare Workers Spreading Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Installs Node.js; Dovecot Vulnerability; Cloudflare Workers Spreading Malware https://traffic.libsyn.com/securitypodcast/6648.mp3 https://isc.sans.edu/podcastdetail/6648 Tue, 03 Sep 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Malware+Dropping+a+Local+Nodejs+Instance/25284/
Dovecot and PigeonHole Vulnerability
https://www.openwall.com/lists/oss-security/2019/08/28/3
Cloudflare Workers Spreading Malware
https://medium.com/@marcelx/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
]]> 4:42 cloudflare, workers, astaroth, dovecot, nodejs, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6646 iOS Exploits in the Wild; Twitter CEO Account Hijack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. iOS Exploits in the Wild; Twitter CEO Account Hijack https://traffic.libsyn.com/securitypodcast/6646.mp3 https://isc.sans.edu/podcastdetail/6646 Mon, 02 Sep 2019 03:00:02 GMT https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Twitter CEO's Twitter Account Hijacked
https://twitter.com/TwitterComms/status/1167528672523210752
]]> 5:18 twitter, ios, google, sim swapping, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6644 Malware Compiling Itself; Notifying Vulnerable Home Automation Owners; Botnet Takedown Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Compiling Itself; Notifying Vulnerable Home Automation Owners; Botnet Takedown https://traffic.libsyn.com/securitypodcast/6644.mp3 https://isc.sans.edu/podcastdetail/6644 Fri, 30 Aug 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Malware+Samples+Compiling+Their+Next+Stage+on+Premise/25278/
CERT-Bund Attempts to Notify Users of Vulnerable Home Automation Systems
https://www.heise.de/security/meldung/CERT-Bund-warnt-vor-offenen-Smarthome-Systemen-4509977.html
French Authorities Shut Down Coinminer Botnet
https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/
]]> 6:24 france, retadup, coinminer, takedown, shutdown, cert-bund, home automation, jsc.exe, msbuild.exe, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6642 Open Redirects; ADB Botnet; Android CamScanner Malware; Cisco REST API Auth Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Open Redirects; ADB Botnet; Android CamScanner Malware; Cisco REST API Auth Bypass https://traffic.libsyn.com/securitypodcast/6642.mp3 https://isc.sans.edu/podcastdetail/6642 Thu, 29 Aug 2019 03:25:02 GMT https://isc.sans.edu/forums/diary/Guest+Diary+Open+Redirect+A+Small+But+Very+Common+Vulnerability/25276/
CamScanner Malicious Download Component
https://securelist.com/dropper-in-google-play/92496/
Ares ADB Botnet
https://www.wootcloud.com/blogs/ars_botnet.html
Cisco REST API Container for IOS XE Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
]]> 5:55 Cisco, Ares, ADB, rest api, container, redirects, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6640 TLS 1.2 For Email; xHelper Android Trojan; LYCEUM Threat Group Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TLS 1.2 For Email; xHelper Android Trojan; LYCEUM Threat Group https://traffic.libsyn.com/securitypodcast/6640.mp3 https://isc.sans.edu/podcastdetail/6640 Wed, 28 Aug 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Is+it+Safe+to+Require+TLS+12+for+EMail/25270/
Android Trojan Infects Tens of Thousands of Devices in 4 Months
https://www.bleepingcomputer.com/news/security/android-trojan-infects-tens-of-thousands-of-devices-in-4-months/
LYCEUM Threat Group Targeting Middle East
https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign
]]> 6:40 lyceum, middle east, android, xhelper, tls, email, starttls, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6638 iOS/macOS Patch; Pulse Secure VPN Scans; Emotet Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. iOS/macOS Patch; Pulse Secure VPN Scans; Emotet https://traffic.libsyn.com/securitypodcast/6638.mp3 https://isc.sans.edu/podcastdetail/6638 Tue, 27 Aug 2019 03:00:02 GMT https://support.apple.com/en-us/HT210549
Scanning for Pulse Secure VPN Endpoints
https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
Emotet is Back
https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/
]]> 4:55 emotet, pulse secure vpn, vpn, pulse, apple, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6636 Mimikatz/RDPWrapper Dropper; IRS Impersonation; Instagraph Phish; GitHub WebAuthn Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mimikatz/RDPWrapper Dropper; IRS Impersonation; Instagraph Phish; GitHub WebAuthn https://traffic.libsyn.com/securitypodcast/6636.mp3 https://isc.sans.edu/podcastdetail/6636 Mon, 26 Aug 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Simple+Mimikatz+RDPWrapper+Dropper/25262/
Malware Impersonating IRS
https://www.irs.gov/newsroom/security-summit-warns-of-new-irs-impersonation-email-scam-reminds-taxpayers-the-irs-does-not-send-unsolicited-emails
Instagram Phishing with 2FA Codes
https://nakedsecurity.sophos.com/2019/08/23/instagram-phishing-uses-2fa-as-a-lure/
GitHub Adding WebAuthn Support
https://www.theregister.co.uk/2019/08/23/github_upgrades_its_twofactor_authentication_with_webauthn_support/
Lenovo Solution Center Privilege Escalation
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/
]]> 5:22 lenovo, github, webauthn, instagram, phishing, 2fa, malware, irs, mimikatz, rdpwrapper, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6634 Steam Double 0; Malicious npm Packages; Branded Outlook 365 Phishing Pages Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Steam Double 0; Malicious npm Packages; Branded Outlook 365 Phishing Pages https://traffic.libsyn.com/securitypodcast/6634.mp3 https://isc.sans.edu/podcastdetail/6634 Fri, 23 Aug 2019 03:00:02 GMT https://www.theregister.co.uk/2019/08/22/valve_bug_bounty_steam_u_turn/
bb-builder malicious npm Package
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords
Phishers Customize Branded Outlook 365 Login Pages
https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/
]]> 5:49 phishing, outlook, msft, bb-builder, bb-build, npm, steam, valve, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6632 KAPE vs. Commando; Sphinx Servers; Cisco Patches; Newly Registered Domains Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. KAPE vs. Commando; Sphinx Servers; Cisco Patches; Newly Registered Domains https://traffic.libsyn.com/securitypodcast/6632.mp3 https://isc.sans.edu/podcastdetail/6632 Thu, 22 Aug 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/
Attacks against Exposed Sphinx Servers
https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-Sphinx-Server/open-Sphinx-server_node.html
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities
Newly Registered Domains Most Dangerous
https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/
]]> 5:38 NRD, newly registerd domains, cisco, patches, sphinx, kape, commando, red vs. blue, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6630 Guildma Malware using Facebook/YouTube C&C; rest-client ruby gem backdoored Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Guildma Malware using Facebook/YouTube C&C; rest-client ruby gem backdoored https://traffic.libsyn.com/securitypodcast/6630.mp3 https://isc.sans.edu/podcastdetail/6630 Wed, 21 Aug 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/
Supply Chain Issues: rest-client ruby gem backdoored
https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
]]> 5:39 suppy chain, rest-client, ruby, gem, guildma, malware, facebook, youtube, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6628 iOS 12.4 Jailbreak; SHA2-Signed Updates vs. Symantec AV; Attacking Bluetooth Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. iOS 12.4 Jailbreak; SHA2-Signed Updates vs. Symantec AV; Attacking Bluetooth https://traffic.libsyn.com/securitypodcast/6628.mp3 https://isc.sans.edu/podcastdetail/6628 Tue, 20 Aug 2019 03:00:02 GMT https://github.com/pwn20wndstuff/Undecimus/releases
SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection
https://support.symantec.com/us/en/article.tech255857.html
Attacking and Downgrading Bluetooth Key Negotiation
https://knobattack.com
]]> 5:32 bluetooth, sha2, windows, symantec, windows 7, windows 2008, ios, jailbreak, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6626 VoIP Vulnerabilities; AV Sandbox Leaks; Trend Micro Password Manager; Firefox Password Manager; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VoIP Vulnerabilities; AV Sandbox Leaks; Trend Micro Password Manager; Firefox Password Manager; https://traffic.libsyn.com/securitypodcast/6626.mp3 https://isc.sans.edu/podcastdetail/6626 Mon, 19 Aug 2019 03:00:03 GMT https://www.sit.fraunhofer.de/en/cve/
Confidential Company Documents Leaked in Public Sandboxes
https://blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/
https://www.sit.fraunhofer.de/en/news-events/latest/press-releases/details/news-article/show/gefahr-uebers-telefon/
Trend Micro Password Manager DLL Hijacking
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx
Firefox Password Manager May Leak Passwords
https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733
]]> 5:04 firefox, mozilla, password manager, trend micro, sandbox leaks, virustotal, voip, vulnerabilities, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6624 Spearphishing Maldoc Analysis; No News IoT Security; Kaspersky Insecurity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Spearphishing Maldoc Analysis; No News IoT Security; Kaspersky Insecurity https://traffic.libsyn.com/securitypodcast/6624.mp3 https://isc.sans.edu/podcastdetail/6624 Fri, 16 Aug 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Analysis+of+a+Spearphishing+Maldoc/25242/
IoT Security Stagnation
https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/
Kaspersky Insecurity
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
]]> 6:21 kaspesky, privacy, iot, security, spearphishing, maldoc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6622 MedusaHTTP Malware; DuckDNS C&C; HTTP/2 Vulnerabilities; Intel NUC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MedusaHTTP Malware; DuckDNS C&C; HTTP/2 Vulnerabilities; Intel NUC https://traffic.libsyn.com/securitypodcast/6622.mp3 https://isc.sans.edu/podcastdetail/6622 Thu, 15 Aug 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Recent+example+of+MedusaHTTP+malware/25234/
Cryptominer uses DuckDNS for C&C
https://www.varonis.com/blog/monero-cryptominer/
Intel NUC Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/default.html
HTTP/2 Vulnerabilities
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
]]> 6:04 http/2, intel, nuc, cryptominer, duckdns, medusahttp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6620 MSFT/Adobe Patch Tuesday; Windwos Text Services (CTF) Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT/Adobe Patch Tuesday; Windwos Text Services (CTF) Vulnerabilities https://traffic.libsyn.com/securitypodcast/6620.mp3 https://isc.sans.edu/podcastdetail/6620 Wed, 14 Aug 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/August+2019+Microsoft+Patch+Tuesday/25236/
Adobe Patches
https://helpx.adobe.com/security.html
Windows Text Services Vulnerabilities
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html#ftnt2
]]> 5:23 ctf, windows text services, project zero, google, adobe, microsoft, patches, patch tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6618 DAA Files; Exploiting SQLLite; Printer Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DAA Files; Exploiting SQLLite; Printer Vulnerabilities https://traffic.libsyn.com/securitypodcast/6618.mp3 https://isc.sans.edu/podcastdetail/6618 Tue, 13 Aug 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Malicious+DAA+Attachments/25230/
SQLLite Exploits
https://research.checkpoint.com/select-code_execution-from-using-sqlite/
Printer Vulnerabilities
https://www.defcon.org/html/defcon-27/dc-27-speakers.html#Romero
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/?research=Technical+advisories

]]> 5:42 printers, kyocera, hp, xerox, sqllite, daa, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6616 Phishing With JavaScript; Camera Vulnerabilities; Tesla Surveilance; Electron Weaknesses Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phishing With JavaScript; Camera Vulnerabilities; Tesla Surveilance; Electron Weaknesses https://traffic.libsyn.com/securitypodcast/6616.mp3 https://isc.sans.edu/podcastdetail/6616 Mon, 12 Aug 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/100+JavaScript+Phishing+Page/25220/
Vulnerabilities in DSLR Cameras
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
https://global.canon/en/support/security/d-camera.html
Turning Tesla into Surveilance Platform
https://github.com/tevora-threat/scout
Basic Electron Framework Exploitation
https://www.contextis.com/en/blog/basic-electron-framework-exploitation
]]> 5:28 electron, Tesla, surveilance, dslr, checkpoint, cameras, javascript, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6614 Kubernetes Security Audit; Apple Bug Bounty; Steam Vuln; Actual Sextortion Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Kubernetes Security Audit; Apple Bug Bounty; Steam Vuln; Actual Sextortion https://traffic.libsyn.com/securitypodcast/6614.mp3 https://isc.sans.edu/podcastdetail/6614 Fri, 09 Aug 2019 03:55:13 GMT https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf
https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubernetes-security-audit/
Apple Expands Bug Bounty
https://www.blackhat.com/us-19/briefings/schedule/index.html#behind-the-scenes-of-ios-and-mac-security-17220
https://www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/
0-Day Privilege Escalation in Steam Client
https://amonitoring.ru/article/steamclient-0day/
Actual Sextortion Trojan
https://www.welivesecurity.com/2019/08/08/varenyky-spambot-campaigns-france/
]]> 6:27 sextortion, 0day, steam, priviledge escalation, apple, bug bounty, kubernetes, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6612 AT&T Insider Attack; RDP/HyperV Vulnerability; Cisco Patches; Firefox Android WebAuthn Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AT&T Insider Attack; RDP/HyperV Vulnerability; Cisco Patches; Firefox Android WebAuthn https://traffic.libsyn.com/securitypodcast/6612.mp3 https://isc.sans.edu/podcastdetail/6612 Thu, 08 Aug 2019 04:20:02 GMT https://www.justice.gov/usao-wdwa/press-release/file/1191031/download
Older RDP Vulnerability Can be Used for HyperV VM Escape
https://www.microsoft.com/security/blog/2019/08/07/a-case-study-in-industry-collaboration-poisoned-rdp-vulnerability-disclosure-and-response/
Cisco Patches Smart Switch 220 Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
Firefox for Android Supporting WebAuthn
https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/
]]> 6:31 firefox, android, webauthn, cisco, smart switch, rdp, hyperv, at and amp, t, insider, bribe, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6610 Corporate IoT Attack; SWAPGS Spectre Attacks; WPA-3 Weaknesses Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Corporate IoT Attack; SWAPGS Spectre Attacks; WPA-3 Weaknesses https://traffic.libsyn.com/securitypodcast/6610.mp3 https://isc.sans.edu/podcastdetail/6610 Wed, 07 Aug 2019 03:00:02 GMT https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/
New Spectre Variant: SWAPGS
https://www.bitdefender.com/business/swapgs-attack.html
New WPA3 Weaknesses
https://wpa3.mathyvanhoef.com/#new
]]> 6:15 wpa3, spectre, wifi, swpags, iot, microsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6608 Sexploitation Money Summary; VMWare Update; Android Qualcom Bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sexploitation Money Summary; VMWare Update; Android Qualcom Bug https://traffic.libsyn.com/securitypodcast/6608.mp3 https://isc.sans.edu/podcastdetail/6608 Tue, 06 Aug 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+The+Final+Chapter/25204/
VMWare Update
https://www.vmware.com/security/advisories/VMSA-2019-0012.html
Android Update Fixes Qualcom Bug
https://source.android.com/security/bulletin/2019-08-01.html
https://blade.tencent.com/en/advisories/qualpwn/
]]> 5:39 android, vmware, qualcom, qualpwn, exploitation, btc, bitcoin, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6606 Misconfigured JIRA; Voice Assistant Listening Policies Change; NVidia Updates; Detecting Chrome 76 Incognito Mode Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Misconfigured JIRA; Voice Assistant Listening Policies Change; NVidia Updates; Detecting Chrome 76 Incognito Mode https://traffic.libsyn.com/securitypodcast/6606.mp3 https://isc.sans.edu/podcastdetail/6606 Mon, 05 Aug 2019 03:00:02 GMT https://medium.com/@logicbomb_1/one-misconfig-jira-to-leak-them-all-including-nasa-and-hundreds-of-fortune-500-companies-a70957ef03c7
Google, Amazon, Apple modify policy on listening in on Assistant Recordings
https://datenschutz-hamburg.de/assets/pdf/2019-08-01_press-release-Google_Assistant.pdf
https://www.bloomberg.com/news/articles/2019-08-02/amazon-gives-option-to-disable-human-review-of-alexa-recordings
https://www.theverge.com/2019/8/2/20751270/apple-stops-contractors-siri-voice-recordings-privacy-opt-out
https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4841/kw/Security%20Bulletin
Detecting Incognito Mode in Google Chrome 76
https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/
]]> 5:52 google chrome, incognito, nvidia, google, amazon, apple, siri, alexa, jira, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6604 Investigating Port 9527; Rocke Cryptojacking; PowerShel Empire EOL Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Investigating Port 9527; Rocke Cryptojacking; PowerShel Empire EOL https://traffic.libsyn.com/securitypodcast/6604.mp3 https://isc.sans.edu/podcastdetail/6604 Fri, 02 Aug 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/What+is+Listening+On+Port+9527TCP/25194/
PowerShell Empire Abandonded
https://github.com/EmpireProject/Empire
https://twitter.com/xorrior/status/1156626182978383874
Cryptomining via GitHub/PasteBin C&C
https://unit42.paloaltonetworks.com/rockein-the-netflow/
]]> 5:31 rocke, cryptomining, cryptojacking, 9527, webcam, powershell, empire, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6602 Targeted Phish; Enterprise Software Phoning Home; Bypassing Contactless Limits Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Targeted Phish; Enterprise Software Phoning Home; Bypassing Contactless Limits https://traffic.libsyn.com/securitypodcast/6602.mp3 https://isc.sans.edu/podcastdetail/6602 Thu, 01 Aug 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry+Fire3+Phishing+Kit/25188/
Enterprise Software Phoneing Home
https://www.extrahop.com/company/press-releases/2019/extrahop-issues-warning-about-phoning-home/
Google Stripping www and https again
https://bugs.chromium.org/p/chromium/issues/detail?id=883038#c114
Bypassing VISA Contactless Limits
https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/
]]> 6:27 visa, contactless, google, chrome, enterprise software, exfil, phoning home, phishing, financial, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6600 Luno Phish and Pseudo 2FA; Chrome Update; Disabling Siri Server Side Logging; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Luno Phish and Pseudo 2FA; Chrome Update; Disabling Siri Server Side Logging; https://traffic.libsyn.com/securitypodcast/6600.mp3 https://isc.sans.edu/podcastdetail/6600 Wed, 31 Jul 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Can+You+Spell+2FA+A+Luno+Phish+Example/25186/
Google Chrome Update
https://w3c.github.io/webappsec-fetch-metadata/
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
Apple Re-Releases 2019-004 Security Update for Sierra/High Sierra
https://support.apple.com/en-us/HT210348
Disabling Server Side Recording of Apple Siri Commands
https://github.com/jankais3r/Siri-NoLoggingPLS
]]> 5:49 siri, apple, sierra, google, chrome, luno, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6598 VxWorks TCP/IP Flaws; iOS iMessage File Disclosure (patched) Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VxWorks TCP/IP Flaws; iOS iMessage File Disclosure (patched) https://traffic.libsyn.com/securitypodcast/6598.mp3 https://isc.sans.edu/podcastdetail/6598 Tue, 30 Jul 2019 03:00:03 GMT https://go.armis.com/urgent11
iOS iMessage File Disclosure Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
]]> 6:34 ios, imessage, vxworks, ipnet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6596 Port 34567 Uptick; LibreOffice Macro Code Exec; Extracting Private Keys from Amazon Music Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Port 34567 Uptick; LibreOffice Macro Code Exec; Extracting Private Keys from Amazon Music https://traffic.libsyn.com/securitypodcast/6596.mp3 https://isc.sans.edu/podcastdetail/6596 Mon, 29 Jul 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/DVRIP+Port+34567+Uptick/25174/
LibreOffice LibreLogo Macro Python Code Injection
https://insinuator.net/2019/07/libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848/
Extracting Private Key From Amazon Music Application
https://koen.io/2019/07/26/underscoring-the-private-in-private-key/
]]> 7:13 amazon, music, private key, librelogo, libreoffice, dvrip, port 34567, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6594 When Users Attack; BlueKeep in Canvas; Darkmatter Cert Nixed; Johannesburg Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. When Users Attack; BlueKeep in Canvas; Darkmatter Cert Nixed; Johannesburg Ransomware https://traffic.libsyn.com/securitypodcast/6594.mp3 https://isc.sans.edu/podcastdetail/6594 Fri, 26 Jul 2019 03:00:02 GMT https://isc.sans.edu/forums/diary/When+Users+Attack+Users+and+Admins+Thwarting+Security+Controls/25170/
Immunity's Canvas Now Includes BlueKeep Exploit
https://twitter.com/Immunityinc/status/1153752470130221057
Johannesburg Power Outages Due To Ransomware
https://twitter.com/CityofJoburgZA
https://www.theregister.co.uk/2019/07/25/johannesburg_ransomware_infection/
Darkmatter Intermediate Certificate Trust Removed From Google Chrome
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/7-oKhDBLetQ
]]> 6:22 dakrmatter, certificates, johannesburg, ransomware, immunity, canvas, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6592 VLC Non-Vulnerabilty; Crytominer with BlueKeep Scanner; Elastic; People as IOCs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VLC Non-Vulnerabilty; Crytominer with BlueKeep Scanner; Elastic; People as IOCs https://traffic.libsyn.com/securitypodcast/6592.mp3 https://isc.sans.edu/podcastdetail/6592 Thu, 25 Jul 2019 03:00:03 GMT https://threader.app/thread/1153963312981389312
Cryptominer With BlueKeep Scanner
https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/
Elasticsearch Vulnerabilities used to install DDoS Bot
https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/
May People Be Considered As IOC?
https://isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/
]]> 5:48 elastic, ddos, linux, cryptominer, bluekeep, watchbog, vlc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6590 TLS Configuration; #Apple Updates; #QNAP/#Synology Advice; New #Bluekeep Writeup @0xeb-bp Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TLS Configuration; #Apple Updates; #QNAP/#Synology Advice; New #Bluekeep Writeup @0xeb-bp https://traffic.libsyn.com/securitypodcast/6590.mp3 https://isc.sans.edu/podcastdetail/6590 Wed, 24 Jul 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Verifying+SSLTLS+configuration+part+1/25162/
https://www.sans.org/webcasts/beast-poodle-celebrating-sweet32-111400
Apple Updates Everything
https://support.apple.com/en-us/HT201222
QNAP/Synology Update Security Advise
https://www.qnap.com/en-us/security-advisory/nas-201907-11
https://www.facebook.com/synologydeutschland/photos/a.1594837477441905/2417134061878905/
New Bluekeep Writeup
https://github.com/0xeb-bp/bluekeep
]]> 6:01 bluekeep, apple, qnap, synology, tls, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6588 Compressed PowerShell; GlobalProtect RCE; FortiOS RCE; ProFTPD Permission Issue Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Compressed PowerShell; GlobalProtect RCE; FortiOS RCE; ProFTPD Permission Issue https://traffic.libsyn.com/securitypodcast/6588.mp3 https://isc.sans.edu/podcastdetail/6588 Tue, 23 Jul 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Analyzing+Compressed+PowerShell+Scripts/25158/
PaloAlto GlobalProtect PreAuth RCE
http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
Fortinet Vulnerability
https://fortiguard.com/psirt/FG-IR-19-144
ProFTPd Permission Bypass Vulnerability
https://tbspace.de/cve201912815proftpd.html
]]> 5:22 proftpd, cpto, cpfr, fortinet, paloalto, globalprotect, powershell, zlib, compression, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6586 php malware; iNSYNC breached by Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. php malware; iNSYNC breached by Ransomware https://traffic.libsyn.com/securitypodcast/6586.mp3 https://isc.sans.edu/podcastdetail/6586 Mon, 22 Jul 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Malicious+PHP+Script+Back+on+Stage/25148/
Drupal Vulnerabilities
https://www.drupal.org/sa-core-2019-008
iNSYNQ Breach
https://www.insynq.com/support/#status
]]> 6:10 php, malware, drupal, insynq, quickbooks, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6584 802.1x Tips; Kazachstan TLS Interception; Cylance Weakness; BEC Trends Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 802.1x Tips; Kazachstan TLS Interception; Cylance Weakness; BEC Trends https://traffic.libsyn.com/securitypodcast/6584.mp3 https://isc.sans.edu/podcastdetail/6584 Fri, 19 Jul 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/The+Other+Side+of+Critical+Control+1+8021x+Wired+Network+Access+Controls/25146/
Kazachstan TLS Interception
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wnuKAhACo3E/cpsvHgcuDwAJ
BEC Trends
https://www.fincen.gov/sites/default/files/shared/FinCEN_Financial_Trend_Analysis_FINAL_508.pdf
Cyclance Weakness
https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
]]> 7:02 cyclance, skylight, bec trends, fincen, kazachstan, tls, 802.1x, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6582 DNS TXT Records; Evilgnome Linux Malware; Interesting AMEX Phish Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS TXT Records; Evilgnome Linux Malware; Interesting AMEX Phish https://traffic.libsyn.com/securitypodcast/6582.mp3 https://isc.sans.edu/podcastdetail/6582 Thu, 18 Jul 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Analyzis+of+DNS+TXT+Records/25142/
Evil Gnome Linux Malware
https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/
New American Express Phishing Attacks
https://cofense.com/phishing-attacker-takes-american-express-victims-credentials/
]]> 6:16 amex, phishing, base, evilgome, linux, malware, dns, txt, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6580 More Zoom Patches; Boarding Pass Hack; Android File Jacking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Zoom Patches; Boarding Pass Hack; Android File Jacking https://traffic.libsyn.com/securitypodcast/6580.mp3 https://isc.sans.edu/podcastdetail/6580 Wed, 17 Jul 2019 03:00:03 GMT https://www.theverge.com/2019/7/16/20696529/apple-mac-silent-update-zoom-ringcentral-zhumu-vulnerabilty-patched
Lenovo/IOMega NAS API Vulnerability
https://www.theregister.co.uk/2019/07/16/iomega_nas_boxes/
Amadeus Vulnerability Allows Access to Boarding Passes
https://www.7elements.co.uk/resources/technical-advisories/insecure-direct-object-reference-within-amadeus-check-in-application/
FBI Releases GandGrab Master Keys
https://www.documentcloud.org/documents/6199678-GandCrab-Master-Decryption-Keys-FLASH.html
Android Media File Jacking
https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
]]> 5:40 android, media file jacking, fbi, gandgrab, keys, amadeus, lenovo, iomega, nas, api, zoom, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6578 isodump.py released; Scrapy Vuln; Atlassian Crowd; iOS URL Schemes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. isodump.py released; Scrapy Vuln; Atlassian Crowd; iOS URL Schemes https://traffic.libsyn.com/securitypodcast/6578.mp3 https://isc.sans.edu/podcastdetail/6578 Tue, 16 Jul 2019 03:00:04 GMT https://isc.sans.edu/forums/diary/isodumppy+and+Malicious+ISO+Files/25134/
Atlassian Crowd Vulnerability Details
https://www.corben.io/atlassian-crowd-rce/
Scrapy Vulnerabilities
https://medium.com/alertot/web-scraping-considered-dangerous-leaking-files-from-the-spiders-host-bd508f81d498
iOS URL Scheme Susceptible to Hijacking
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
]]> 6:30 ios, url schemes, scrapy, atlassian, crowd, isodump, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6576 Magecart Targets S3; Atlassian Jira; Tracking Anonymized BLE Devices Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Magecart Targets S3; Atlassian Jira; Tracking Anonymized BLE Devices https://traffic.libsyn.com/securitypodcast/6576.mp3 https://isc.sans.edu/podcastdetail/6576 Mon, 15 Jul 2019 03:00:02 GMT https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/
Atlassian Jira Vulnerability
https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html
Microsoft to Detect Phishing in Forms
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=52927
Tracking Anonymized Bluetooth Devices
https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf
]]> 6:06 tracking, privacy, bluetooth, ble, microsoft, phishing, forms, atlassian, jira, magecart, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6574 AZORult Sample; Zoom Followup; Apple Watch eavesdropping; PXE Windows Bug; @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AZORult Sample; Zoom Followup; Apple Watch eavesdropping; PXE Windows Bug; @sans_edu https://traffic.libsyn.com/securitypodcast/6574.mp3 https://isc.sans.edu/podcastdetail/6574 Fri, 12 Jul 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Recent+AZORult+activity/25120/
Apple Delete Zoom Web Server
https://www.macrumors.com/2019/07/10/apple-update-remove-zoom-server/
Apple Disables Walkie Talkie App
https://techcrunch.com/2019/07/10/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-eavesdropping/
Windows PXE Devices May Fail to Boot After Recent Update
https://support.microsoft.com/en-in/help/4512816/devices-that-start-up-using-preboot-execution-environment-pxe-images-f
Sean Goodwin: Attackers Inside the WAlls: Detecting Malicious Activity
https://www.sans.org/reading-room/whitepapers/detection/paper/39055
]]> 13:23 sti, sean goodwin, security onoin, windows pxe, apple, watch, walkie talkie, eavesdropping, zoom, azorult, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6572 Samba Disabling SMBv1; GnuPG Keyserver Update; eChoOraix Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Samba Disabling SMBv1; GnuPG Keyserver Update; eChoOraix Ransomware https://traffic.libsyn.com/securitypodcast/6572.mp3 https://isc.sans.edu/podcastdetail/6572 Thu, 11 Jul 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/Samba+Project+tells+us+Whats+New+SMBv1+Disabled+by+Default+finally/25116/
GnuPG Will No Longer Import Signatures From Keyservers
https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html
eChOraix Ransomware
https://www.anomali.com/blog/the-ech0raix-ransomware
]]> 5:03 echoraix, ransomware, gnupg, pgp, keyservers, samba, smbv1, qnap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6570 MSFT Patch Tuesday; Adobe Updates; Critical Zoom Video Conferencing Bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Tuesday; Adobe Updates; Critical Zoom Video Conferencing Bug https://traffic.libsyn.com/securitypodcast/6570.mp3 https://isc.sans.edu/podcastdetail/6570 Wed, 10 Jul 2019 03:00:03 GMT https://isc.sans.edu/forums/diary/MSFT+July+2019+Patch+Tuesday/25110/
Adobe Updates
https://helpx.adobe.com/security.html
Zoom Vulnerability
https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
]]> 6:26 zoom, adobe, msft, video conferencing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6568 Canonical Hack; New Magecart Wave; Facebook Libra/Calibra Scams Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Canonical Hack; New Magecart Wave; Facebook Libra/Calibra Scams https://traffic.libsyn.com/securitypodcast/6568.mp3 https://isc.sans.edu/podcastdetail/6568 Tue, 09 Jul 2019 03:00:02 GMT https://news.ycombinator.com/item?id=20373009
New Wave of Magecart Attacks
https://gist.github.com/gwillem/5d936f5a84837d5c1dcb488ce256294a
Facebook's Libra Crpto Currency Already Impersonated
https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/
]]> 5:27 Facebook, libra, calibra, crypto, scam, magecart, canonical, github, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6566 DoH Or Not? Cisco Exploit, Magento Exploit, Malicious XSL Files Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DoH Or Not? Cisco Exploit, Magento Exploit, Malicious XSL Files https://traffic.libsyn.com/securitypodcast/6566.mp3 https://isc.sans.edu/podcastdetail/6566 Mon, 08 Jul 2019 03:00:03 GMT https://www.golem.de/news/verschluesseltes-dns-falschmeldung-in-propagandaschlacht-um-dns-ueber-https-1907-142358.html
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Exploit for Cisco Authentication Bypass and RCE
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt
Magento RCE Exploit
https://blog.ripstech.com/2019/magento-rce-via-xss/
Malicous XSL Files
https://isc.sans.edu/forums/diary/Malicious+XSL+Files/25098/
]]> 5:40 xsl, magento, cisco, exploit, rce, godlua, doh, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6564 Zipato SmartHub; Blocking DoH; Cloudflare Outage; Android Update; Powershell Killswitch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Zipato SmartHub; Blocking DoH; Cloudflare Outage; Android Update; Powershell Killswitch https://traffic.libsyn.com/securitypodcast/6564.mp3 https://isc.sans.edu/podcastdetail/6564 Wed, 03 Jul 2019 03:00:03 GMT https://blackmarble.sh/zipato-smart-hub/
Blocking DNS over HTTPS
https://github.com/bambenek/block-doh
Cloudflare Outage
https://www.cloudflarestatus.com/incidents/tx4pgxs6zxdr
Android Update
https://source.android.com/security/bulletin/2019-07-01
Powershell Kill Switch Commands
https://isc.sans.edu/forums/diary/Using+Powershell+in+Basic+Incident+Response+A+Domain+Wide+KillSwitch/25088/
]]> 6:09 powershell, android, cloudflare, doh, https, dns, zipato, smarthub, smarthome, iot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6562 Maldoc Payloads; Zyxel Patches; AMD Secure Memory Patch; Card Encrollment Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Maldoc Payloads; Zyxel Patches; AMD Secure Memory Patch; Card Encrollment https://traffic.libsyn.com/securitypodcast/6562.mp3 https://isc.sans.edu/podcastdetail/6562 Tue, 02 Jul 2019 00:53:24 GMT https://isc.sans.edu/forums/diary/Maldoc+Payloads+in+User+Forms/25084/
Zyxel Vulnerabilities
https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
AMD SEV DH Key Recovery
https://seclists.org/fulldisclosure/2019/Jun/46
Card Enrollment Service Fraud
https://www.advanced-intel.com/post/card-enrollment-services-highly-effective-fraud-methodology-offered-in-russian-underground
]]> 5:21 card enrollment, AMD SEV, Zyxel, Maldoc, user forms, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6560 Domain Wide Virustotal Search; Mozilla TLS Guide; SKS Attack; QR Code Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Domain Wide Virustotal Search; Mozilla TLS Guide; SKS Attack; QR Code Phishing https://traffic.libsyn.com/securitypodcast/6560.mp3 https://isc.sans.edu/podcastdetail/6560 Sun, 30 Jun 2019 17:35:02 GMT https://isc.sans.edu/forums/diary/Verifying+Running+Processes+against+VirusTotal+DomainWide/25078/
Mozilla Server Side TLS Guide Updates
https://wiki.mozilla.org/Security/Server_Side_TLS
SKS Keyserver DoS Attack
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
QR Code Phishing
https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/
]]> 6:43 qr code, phishing, sks, keyserver, mozilla, pgp, gnupg, virustotal, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6558 New Brickerbot; Telco Service Provider Attachs; Malwaretising; Automating Phish Reporting Response @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New Brickerbot; Telco Service Provider Attachs; Malwaretising; Automating Phish Reporting Response @sans_edu https://traffic.libsyn.com/securitypodcast/6558.mp3 https://isc.sans.edu/podcastdetail/6558 Thu, 27 Jun 2019 21:25:02 GMT https://twitter.com/_larry0/status/1143532888538984448
Supply Chain Attacks Against Telco Providers
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
GreenFlash Sundown Malwaretising Campaign
https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/
TrackThis Demonstrates How Advertisers Track You
https://trackthis.link
Geoff Parker: Automating Phsh Reporting Resposne
http://www.sans.org/reading-room/whitepapers/email/automating-response-phish-reporting-39000
]]> 16:42 spam, phishing, automation, sti, sans_edu, trackthis, tracking, advertising, malvertising, greenflash sundown, supply chain, bricker bot, silex, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6556 Pitou.B Trojan; AWS VPC Traffic Mirroring; Elastic SIEM App; Spoofed Emergency Alerts Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Pitou.B Trojan; AWS VPC Traffic Mirroring; Elastic SIEM App; Spoofed Emergency Alerts https://traffic.libsyn.com/securitypodcast/6556.mp3 https://isc.sans.edu/podcastdetail/6556 Tue, 25 Jun 2019 22:50:03 GMT https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+sends+PitouB+Trojan/25068/
AWS VPC Traffic Mirroring
https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring
Elastic SIEM App
https://www.elastic.co/blog/introducing-elastic-siem
National Emergency Alerts Potentially Vulnerable to Attack
https://www.colorado.edu/today/2019/06/11/emergency-alerts
]]> 5:46 emergency alerts, lte, siem, elastic, aws, vpc, mirroring, rig, pitou, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6554 Cloudflare Outage; WeTransfer Leak; Jenkins Pillage @cloudflare @dolosgroup Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cloudflare Outage; WeTransfer Leak; Jenkins Pillage @cloudflare @dolosgroup https://traffic.libsyn.com/securitypodcast/6554.mp3 https://isc.sans.edu/podcastdetail/6554 Mon, 24 Jun 2019 23:00:03 GMT https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/
https://isc.sans.edu/forums/diary/Extensive+BGP+Issues+Affecting+Cloudflare+and+possibly+others/25064/
WeTransfer Misdirects Files
https://betanews.com/2019/06/21/wetransfer-fail/
Jenkins Pillage
https://dolosgroup.io/blog/2019/6/20/pillaging-the-jenkins-treasure-chest
]]> 7:08 jenkins, cloudflare, wetrasnfer, bpg, route leak, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6552 SSH Keys in Memory; #Bluekeep Patching; Android ADB/SSH Botnet @damientmiller @notninjacat Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SSH Keys in Memory; #Bluekeep Patching; Android ADB/SSH Botnet @damientmiller @notninjacat https://traffic.libsyn.com/securitypodcast/6552.mp3 https://isc.sans.edu/podcastdetail/6552 Sun, 23 Jun 2019 23:30:02 GMT https://marc.info/?l=openbsd-cvs&m=156109087822676&w=2
Bluekeep Patchrate at 83.4%
https://twitter.com/RavivTamir/status/1141788586922119168
Android ADB/SSH Botnet
https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-create-android-cryptomining-army/
]]> 5:33 android, adb, ssh, bluekeep, ssh, openssh, encryption, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6550 Dell Support Assistant Update; Cisco RVxxxW RCE Vuln; STI Research: Biometrics @sans_edu #dell #cisco #biometrics Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dell Support Assistant Update; Cisco RVxxxW RCE Vuln; STI Research: Biometrics @sans_edu #dell #cisco #biometrics https://traffic.libsyn.com/securitypodcast/6550.mp3 https://isc.sans.edu/podcastdetail/6550 Fri, 21 Jun 2019 02:25:03 GMT https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en
Critical Cisco Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
LoudMiner Comes with VM
https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/
STI Student Dave Todd: Overcoming the Comliance Challenges in Biometrics
https://www.sans.org/reading-room/whitepapers/legal/paper/38970
]]> 14:32 sti, biometrics, loudminer, cisco, qemu, virtualbox, dell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6548 WebLogic Critical Patch; Exim Exploits against Other Mail servers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WebLogic Critical Patch; Exim Exploits against Other Mail servers https://traffic.libsyn.com/securitypodcast/6548.mp3 https://isc.sans.edu/podcastdetail/6548 Thu, 20 Jun 2019 01:45:03 GMT https://isc.sans.edu/forums/diary/Critical+Actively+Exploited+WebLogic+Flaw+Patched+CVE20192729/25050/
Exim Exploits Against Other Mail Servers
https://isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/
SANS Fire Presentations (to be published soon)
https://isc.sans.edu/presentations
]]> 5:35 sansfire, presentations, exim, wizard, weblogic, oracle, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6546 SACK Panic Update; Critical Firefox Update; Google Site Reporter and Deceptive Site Protection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SACK Panic Update; Critical Firefox Update; Google Site Reporter and Deceptive Site Protection https://traffic.libsyn.com/securitypodcast/6546.mp3 https://isc.sans.edu/podcastdetail/6546 Wed, 19 Jun 2019 02:05:02 GMT https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
Bitdefender Releases GandCrap Decryptor
https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/
Google Launches New Deceptive Site Protections in Chrome
https://blog.chromium.org/2019/06/new-chrome-protections-from-deception.html
]]> 5:07 google, chrome, gandcrap, decryptor, firefox, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6544 TCP SACK Panic; Logitech Pointer Recall, Rig Exploit Kit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TCP SACK Panic; Logitech Pointer Recall, Rig Exploit Kit https://traffic.libsyn.com/securitypodcast/6544.mp3 https://isc.sans.edu/podcastdetail/6544 Tue, 18 Jun 2019 02:30:02 GMT https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://tools.ietf.org/html/rfc879
Logitech Pointer Recall
https://www.heise.de/security/meldung/Angreifbare-Logitech-Presenter-Hersteller-tauscht-gefaehrliche-USB-Empfaenger-aus-4423627.html
An Infection from the Rig Exploit Kit
https://isc.sans.edu/forums/diary/An+infection+from+Rig+exploit+kit/25040/
]]> 5:45 logitech, rig, sack, dos, linux, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6542 Whats App Phishing; Encrypted Email Phishing; Android Apps Link to Fake Sites Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Whats App Phishing; Encrypted Email Phishing; Android Apps Link to Fake Sites https://traffic.libsyn.com/securitypodcast/6542.mp3 https://isc.sans.edu/podcastdetail/6542 Mon, 17 Jun 2019 01:40:02 GMT https://www.heise.de/newsticker/meldung/Phishing-Mails-gaukeln-Ende-von-WhatsApp-Abonnement-vor-4447165.html
Encrypted EMail Phishing
https://www.bleepingcomputer.com/news/security/phishing-scam-asks-you-to-login-to-read-encrypted-message/
Android Apps Link to Fake Sites
https://news.drweb.com/show/?i=13313&lng=en&c=5
Precomputed Hash Tables
https://a.ndronic.us/pre-computed-hash-table-v-1-0/
]]> 5:36 hashes, android, phishing, encryption, whats app, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6540 #Exim Flaw Exploited; @YubiCo Recall; #Telegram Vuln; #Ghidra; VoWifi @sans_edu @0xAmit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #Exim Flaw Exploited; @YubiCo Recall; #Telegram Vuln; #Ghidra; VoWifi @sans_edu @0xAmit https://traffic.libsyn.com/securitypodcast/6540.mp3 https://isc.sans.edu/podcastdetail/6540 Fri, 14 Jun 2019 01:10:02 GMT https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability
Yubico Recalling FIPS Certified Yubikeys
https://www.yubico.com/support/security-advisories/ysa-2019-02/
Vulnerable Infusion Pumps
https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-unauthorized-firmware
Telegram DDoS Attack
https://twitter.com/telegram/status/1138768124914929664
Ghidra Tips for IDA Users: Function Call Graphs
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+4+function+call+graphs/25032/
Joel Chapman: Security Consideration for Voice over Wifi (VoWifi) Systems
https://www.sans.org/reading-room/whitepapers/telephone/paper/38945
]]> 15:15 joel chapman, sti, vowifi, voice over wifi, ghidra, ida, telegram, ddos, infusion pumps, yubico, fips, exim, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6538 More SandboxEscaper; Bypassing NTML Message Signing; macOS Keysteal Details @simakov_marina @LinusHenze Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More SandboxEscaper; Bypassing NTML Message Signing; macOS Keysteal Details @simakov_marina @LinusHenze https://traffic.libsyn.com/securitypodcast/6538.mp3 https://isc.sans.edu/podcastdetail/6538 Thu, 13 Jun 2019 01:05:03 GMT http://archive.is/3toQY
http://sandboxescaper.blogspot.com/p/disclosures_8.html
Bypassing NTLM Message Signing (CVE-2019-1040)
https://blog.preempt.com/drop-the-mic
Details About macOS Keysteal Vulnerability
https://www.pinauten.de/resources/KeySteal_OBTS_2019.pdf
]]> 5:10 macos, keysteal, ntml, mic, sandboxescaper, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6536 Microsoft, Adobe, Intel, SAP Patches; GPS Woes; RAMBleed Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft, Adobe, Intel, SAP Patches; GPS Woes; RAMBleed https://traffic.libsyn.com/securitypodcast/6536.mp3 https://isc.sans.edu/podcastdetail/6536 Wed, 12 Jun 2019 01:45:02 GMT https://isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/
Adobe Patches
https://helpx.adobe.com/security.html
SAP Security Notes
https://www.onapsis.com/blog/sap-patch-notes-june-2019
Intel Updates
https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products
Microsoft Certificate DoS
https://bugs.chromium.org/p/project-zero/issues/detail?id=1804
GPS Receiver Woes
https://www.flightglobal.com/news/articles/collins-gps-outage-grounds-regional-flights-458819/
RAMBleed Attack
https://www.documentcloud.org/documents/6150180-RamBleed-attack-CVE-2019-0174.html
]]> 6:13 rambleed, rowhammer, gps, microsoft, certificate, intel, sap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6534 JavaScript Deobfuscation; Spam Using DNS over HTTPS; BGP Leaks; VLC update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. JavaScript Deobfuscation; Spam Using DNS over HTTPS; BGP Leaks; VLC update https://traffic.libsyn.com/securitypodcast/6534.mp3 https://isc.sans.edu/podcastdetail/6534 Tue, 11 Jun 2019 01:20:02 GMT https://isc.sans.edu/forums/diary/Interesting+JavaScript+Obfuscation+Example/25020/
Spam Taking Advantage of DNS over HTTPS
https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/
European Mobile Operator Traffic Leaked to China
https://arstechnica.com/information-technology/2019/06/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours/?comments=1
VLC Update Patches Various Security Flaws
http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
]]> 6:09 vlc, bug bounty, european comission, mobile traffic, safe host, china telecom, spam, dns over https, doh, javascript obfuscation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6532 WMI Logs; DNS Logs and Sysmon; Komodo Wallet Highjack; MSFT SOC Lessons #MSFT #DNS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WMI Logs; DNS Logs and Sysmon; Komodo Wallet Highjack; MSFT SOC Lessons #MSFT #DNS https://traffic.libsyn.com/securitypodcast/6532.mp3 https://isc.sans.edu/podcastdetail/6532 Mon, 10 Jun 2019 02:35:02 GMT https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+WMI+Logs/25012/
Sysmon DNS Query Logging
https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/
Komodo Agama Vulnerability and Breach
https://komodoplatform.com/update-agama-vulnerability/
Lessons Learned From Microsoft SOC
https://www.microsoft.com/security/blog/2019/06/06/lessons-learned-from-the-microsoft-soc-part-2b-career-paths-and-readiness/
]]> 7:37 msft, soc, agama, komodo, sysmon, dns, wmi, logs, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6530 GoldBrute Botnet; Exim Vulnerability; iOS Apps Disabling TLS @wandera @renato_marinho @bojanz Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GoldBrute Botnet; Exim Vulnerability; iOS Apps Disabling TLS @wandera @renato_marinho @bojanz https://traffic.libsyn.com/securitypodcast/6530.mp3 https://isc.sans.edu/podcastdetail/6530 Thu, 06 Jun 2019 23:20:02 GMT https://isc.sans.edu/forums/diary/GoldBrute+Botnet+Brute+Forcing+15+Million+RDP+Servers/25002/
Exim Vulnerability
https://isc.sans.edu/forums/diary/Time+is+partially+on+our+side+the+new+Exim+vulnerability/25008/
iOS App Developers Disabling TLS
https://www.wandera.com/mobile-security/ios-app-developer-security-shortcuts/
]]> 7:14 rdp, golbrute, exim, ios, tls, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6528 Android Updates; Chrome Updates; Bing Injecting Mac Malware @AiroSecurity @Akamai Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Android Updates; Chrome Updates; Bing Injecting Mac Malware @AiroSecurity @Akamai https://traffic.libsyn.com/securitypodcast/6528.mp3 https://isc.sans.edu/podcastdetail/6528 Thu, 06 Jun 2019 00:35:02 GMT https://source.android.com/security/bulletin/2019-06-01
Google Chrome Updates
https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
MacOS Malware Injects Bing Ads
https://www.airoav.com/mitm-proxy-a-new-search-hijack-method-on-mojave/
Kubernetes Vulnerability
https://github.com/kubernetes/kubernetes/issues/78308
Vulnerabilities in Phihsing Kits
https://blogs.akamai.com/sitr/2019/06/identifying-vulnerabilities-in-phishing-kits.html
]]> 5:22 phishing kits, kubernetes, kubelet, macos, bing, google, chrome, android, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6526 Notepad Bug; vim bug; New RDP Vulnerability; @rawsec @taviso Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Notepad Bug; vim bug; New RDP Vulnerability; @rawsec @taviso https://traffic.libsyn.com/securitypodcast/6526.mp3 https://isc.sans.edu/podcastdetail/6526 Wed, 05 Jun 2019 01:00:03 GMT https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/
Vulnerability in vim/neovim
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
RDP Session Hijack Vulnerability
https://kb.cert.org/vuls/id/576688/
]]> 5:33 rdp, session hijack, vim, neovim, notepad, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6524 macOS Synthetic Clicks; Intel Microcode for Old Win 10; Fake AV in Games; GandGrab Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. macOS Synthetic Clicks; Intel Microcode for Old Win 10; Fake AV in Games; GandGrab https://traffic.libsyn.com/securitypodcast/6524.mp3 https://isc.sans.edu/podcastdetail/6524 Tue, 04 Jun 2019 02:00:03 GMT https://www.wired.com/story/apple-macos-bug-synthetic-clicks/
Intel Microcode Updates for Older Windows 10 Versions
https://support.microsoft.com/en-us/help/4494454/kb4494454-intel-microcode-updates
Fake AntiVirus Adds in Microsoft Games
https://answers.microsoft.com/en-us/windows/forum/all/malvertising-attack-on-microsoft-games/ced7ab87-7e0e-422b-97b7-fbfaed2b68a0
GandGrab Shutting Down
https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/
]]> 5:27 macos, clicks, objectivesee, gandgrab, fake antivirus, intel, microcode, windows 10, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6522 Google Outage; Siemens LOGO 8! BM Vulnerablity; Exposing tor users; nginx njs vulnerability; #google #siemens #nginx #tor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Google Outage; Siemens LOGO 8! BM Vulnerablity; Exposing tor users; nginx njs vulnerability; #google #siemens #nginx #tor https://traffic.libsyn.com/securitypodcast/6522.mp3 https://isc.sans.edu/podcastdetail/6522 Mon, 03 Jun 2019 01:45:02 GMT https://status.cloud.google.com/incident/compute/19003
Major Vulnerability in Siemens LOGO Controllers
https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf
Exposing TOR Users Via Cache Poisoning
https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/
nginx njs Vulnerability
https://github.com/nginx/njs/issues/131
]]> 5:57 tor, siemens, logo, google, outage, nginx, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6520 scdbg Shellcode Analysis; GitHub Auto Patching; Docker Malware and Shodan; Web Packaging Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. scdbg Shellcode Analysis; GitHub Auto Patching; Docker Malware and Shodan; Web Packaging https://traffic.libsyn.com/securitypodcast/6520.mp3 https://isc.sans.edu/podcastdetail/6520 Fri, 31 May 2019 02:10:02 GMT https://isc.sans.edu/forums/diary/Analyzing+First+Stage+Shellcode/24984/
GitHub Automating Security Patches
https://help.github.com/en/articles/configuring-automated-security-fixes
Exposed Docker Containers Uses for Cryptocoin Mining
https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/
Mozilla Objecting To Web Packaging
https://docs.google.com/document/d/1ha00dSGKmjoEh2mRiG8FIA5sJ1KihTuZe-AXX1r8P-8/preview#
]]> 6:43 mozillay, web packaging, docker, api, cryptocoin, shodan, github, scdbg, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6518 MSFT ASA Malware Analysis; Docker Symlink Race Attack; Nanshu Campaign; #MSFT #docker Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT ASA Malware Analysis; Docker Symlink Race Attack; Nanshu Campaign; #MSFT #docker https://traffic.libsyn.com/securitypodcast/6518.mp3 https://isc.sans.edu/podcastdetail/6518 Thu, 30 May 2019 11:10:02 GMT https://isc.sans.edu/forums/diary/Behavioural+Malware+Analysis+with+Microsoft+ASA/24980/
Docker Symlink Race Attack
https://seclists.org/oss-sec/2019/q2/131
Nanshu Campaign Using Signed Rootkit
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
]]> 6:07 nanshu, guardicore, docker, microsoft, asa, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6516 BASE64 Encoded Powershell; #BlueKeep Census; MSFT DHCP Client Vuln Analysis; @sensepost @ErrataRob @0xdf_ Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BASE64 Encoded Powershell; #BlueKeep Census; MSFT DHCP Client Vuln Analysis; @sensepost @ErrataRob @0xdf_ https://traffic.libsyn.com/securitypodcast/6516.mp3 https://isc.sans.edu/podcastdetail/6516 Wed, 29 May 2019 03:25:02 GMT https://isc.sans.edu/forums/diary/Office+Document+BASE64+PowerShell/24976/
https://0xdf.gitlab.io/2019/05/21/malware-analysis-unnamed-emotet-doc.html
Enumeration of BlueKeep Vulnerable Hosts
https://blog.erratasec.com/2019/05/almost-one-million-vulnerable-to.html
DHCP Client Vulnerablity Analysis
https://sensepost.com/blog/2019/analysis-of-a-1day-cve-2019-0547-and-discovery-of-a-forgotten-condition-in-the-patch-cve-2019-0726-part-1-of-2/
Office File Deleting Phishing Emails
https://www.bleepingcomputer.com/news/security/phishing-emails-pretend-to-be-office-365-file-deletion-alerts/
]]> 5:57 office, phishing, azure, dhcp, microsoft, msft, bluekeep, erratasec, powershell, base64, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6514 GateKeeper Bypass; FortiOS SSL VPN Vulnerablities; Customizing NMAP Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GateKeeper Bypass; FortiOS SSL VPN Vulnerablities; Customizing NMAP https://traffic.libsyn.com/securitypodcast/6514.mp3 https://isc.sans.edu/podcastdetail/6514 Tue, 28 May 2019 00:40:02 GMT https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass
Fortinet FortiOS SSL VPN Vulnerabilities
https://fortiguard.com/psirt
Customizing NMAP Service Detection
https://isc.sans.edu/forums/diary/Video+nmap+Service+Detection+Customization/24970/
]]> 5:45 nmap, fortinet, fortios, ssl vpn, macos, gatekeeper, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6512 Custom URL Schemes; Skimming Trends; #Apple T2 Chip Update; #MSFT APT for MacOS @IntelAdvanced @zer0pwn Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Custom URL Schemes; Skimming Trends; #Apple T2 Chip Update; #MSFT APT for MacOS @IntelAdvanced @zer0pwn https://traffic.libsyn.com/securitypodcast/6512.mp3 https://isc.sans.edu/podcastdetail/6512 Fri, 24 May 2019 00:25:02 GMT https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
Update on Phyiscal Skimmer Market
https://www.advanced-intel.com/blog/skimming-threat-landscape-technology-advances-lower-barriers-of-entry-for-novice-skimming-operators
Apple Supplemental Update For masOS 10.14.5
https://support.apple.com/kb/DL2005?locale=en_US
Microsoft Releases Advanced Threat Protection for MacOS
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Microsoft-Defender-ATP-for-Mac-now-in-open-public-preview/ba-p/634603
]]> 6:05 microsoft, apt, macos, t2, skimmer, url schemes, origin, ea, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6510 Yet Another BlueKeep Update; SanboxExcaper; Signed Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Yet Another BlueKeep Update; SanboxExcaper; Signed Malware https://traffic.libsyn.com/securitypodcast/6510.mp3 https://isc.sans.edu/podcastdetail/6510 Wed, 22 May 2019 22:55:02 GMT https://isc.sans.edu/forums/diary/An+Update+on+the+Microsoft+Windows+RDP+Bluekeep+Vulnerability+CVE20190708+now+with+pcaps/24960/
New Zero Day Exploits by SandboxEscaper
https://github.com/SandboxEscaper/polarbearrepo
Signed Exploit Code
https://medium.com/@chroniclesec/abusing-code-signing-for-profit-ef80a37b50f4
]]> 6:18 certificates, code signign, sandboxescaper, task scheduler, rdp, bluekeep, cve-2019-0708, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6508 Shodan Monitoring; Smartphone Fingerprinting; Docker Password Issues; #bluekeep #suricata sigs; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Shodan Monitoring; Smartphone Fingerprinting; Docker Password Issues; #bluekeep #suricata sigs; https://traffic.libsyn.com/securitypodcast/6508.mp3 https://isc.sans.edu/podcastdetail/6508 Tue, 21 May 2019 23:45:03 GMT https://isc.sans.edu/forums/diary/Using+Shodan+Monitoring/24956/
Fingerprinting Smartphones With Gyroscope Data
https://sensorid.cl.cam.ac.uk/
20% of Linux Docker Containers Without Password
https://www.kennasecurity.com/20-of-the-1000-most-popular-docker-containers-have-no-root-password/
RDP #bluekeep Signature For Snort/Suricata
https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt
]]> 5:32 bluekeep, snort, suricata, shodan, docker, passwords, smartphones, gyroscope, fingerprinting, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6506 MSFT RDP Vuln (#BlueKeep) Update; Sharepoint Exploited; JWT Risks; MuddyWater Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT RDP Vuln (#BlueKeep) Update; Sharepoint Exploited; JWT Risks; MuddyWater https://traffic.libsyn.com/securitypodcast/6506.mp3 https://isc.sans.edu/podcastdetail/6506 Mon, 20 May 2019 23:20:03 GMT https://twitter.com/search?q=%23bluekeep
Sharepoint Exploited
https://isc.sans.edu/forums/diary/CVE20190604+Attack/24952/
Risks of JWT
https://snikt.net/blog/2019/05/16/jwt-signature-vs-mac-attacks/
MuddyWater Campaign Evolves
https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
]]> 5:19 muddywater, cisco, jwt, sharepoint, msft, rdp, bluekeep, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6504 Google 0-Day Response Analysis; #ASUS WebStorage Exploited; #Apple Air Drop Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Google 0-Day Response Analysis; #ASUS WebStorage Exploited; #Apple Air Drop Vuln https://traffic.libsyn.com/securitypodcast/6504.mp3 https://isc.sans.edu/podcastdetail/6504 Sun, 19 May 2019 23:40:02 GMT https://googleprojectzero.blogspot.com/p/0day.html
ASUS WebStorage Abused For Malware Distribution
https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/
Vulnerabilities in Apple Air Drop
https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf
]]> 5:38 airdrop, apple, webstorage, asus, google, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6502 Vulnerability Scanner NTLM Relay; ARIN Revokes Malicious IPs; Cisco Patches; ILS Hacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Vulnerability Scanner NTLM Relay; ARIN Revokes Malicious IPs; Cisco Patches; ILS Hacks https://traffic.libsyn.com/securitypodcast/6502.mp3 https://isc.sans.edu/podcastdetail/6502 Fri, 17 May 2019 00:50:02 GMT https://isc.sans.edu/forums/diary/The+Risk+of+Authenticated+Vulnerability+Scans/24942/
ARIN Revokes about 735,000 IP Addresses
https://www.arin.net/vault/about_us/media/releases/20190513.html
More Cisco Patches (Prime Infrastructure, EPN Manager)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
Instrument Landing Systems Spoofing
https://aanjhan.com/assets/ils_usenix2019.pdf
]]> 6:01 isf, dsr, landing system, planes, cisco, patches, arin, ip addresses, vulnerability scans, openvas, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6500 Forbes vs Magecart; TLS Tampering; Titan Key Update; Samba Patch; SAP Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Forbes vs Magecart; TLS Tampering; Titan Key Update; Samba Patch; SAP Patch https://traffic.libsyn.com/securitypodcast/6500.mp3 https://isc.sans.edu/podcastdetail/6500 Thu, 16 May 2019 03:10:02 GMT https://twitter.com/bad_packets/status/1128517905765683201
Malware Randomizes TLS Ciphers
https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html
Google Recalls Titan Security Keys
https://security.googleblog.com/2019/05/titan-keys-update.html
SAMBA Update
https://www.samba.org/samba/security/CVE-2018-16860.html
SAP Patches
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
]]> 5:12 SAP, SAMBA, Google, Titan, WebAuthn, TLS, ciphers, forbes, magecart, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6498 More #Intel CPU Issues; #MSFT Patches (watch out #RDP!); #Apple/#Adobe Updates; Broken Trust Seal Logs Keystrokes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More #Intel CPU Issues; #MSFT Patches (watch out #RDP!); #Apple/#Adobe Updates; Broken Trust Seal Logs Keystrokes https://traffic.libsyn.com/securitypodcast/6498.mp3 https://isc.sans.edu/podcastdetail/6498 Wed, 15 May 2019 03:25:02 GMT https://cpu.fail/
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2019+Patch+Tuesday/24934/
Apple Updates
https://support.apple.com/en-us/HT201222
Broken Trustseal
https://twitter.com/gwillem/status/1127890329175244800
https://twitter.com/bestoftheweb/status/1128036593208524800
]]> 6:14 trust seal, best of the web, apple, rdp, microsoft, patches, intel, zombieland, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6496 Linux rds_tcp_kill_sock RCE; WhatsApp; Cisco Vuln; Linksys JNAP Exposure Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Linux rds_tcp_kill_sock RCE; WhatsApp; Cisco Vuln; Linksys JNAP Exposure https://traffic.libsyn.com/securitypodcast/6496.mp3 https://isc.sans.edu/podcastdetail/6496 Tue, 14 May 2019 04:20:02 GMT https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63
WhatsApp Buffer Overflow Exploited to Install Spyware
https://www.facebook.com/security/advisories/cve-2019-3568
Cisco Vulnerabilities Lead to Trust Anchor Module Exploit
https://thrangrycat.com/
Linksys Unauthenticated Information Leak
https://badpackets.net/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw/
]]> 5:33 linksys, jnap, cisco, thrangrycat, whatsapp, spyware, linux, tcp, rce, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6494 #DSSuite; #Sqlite Vuln; #NVidia Patch; Windows 10 #FIDO2 Cert; #Google ADB Backup Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #DSSuite; #Sqlite Vuln; #NVidia Patch; Windows 10 #FIDO2 Cert; #Google ADB Backup https://traffic.libsyn.com/securitypodcast/6494.mp3 https://isc.sans.edu/podcastdetail/6494 Mon, 13 May 2019 02:45:03 GMT https://isc.sans.edu/forums/diary/DSSuite+A+Docker+Container+with+Didiers+Tools/24926/
Sqlite3 Vulnerability
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4797
Windows 10 FIDO2 Certified
https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/
Google May Remove ADB Backup/Restore from Future Android Versions
https://www.xda-developers.com/adb-backup-and-restore-depreciated/
]]> 5:09 google, windows, fido2, sqlite3, nvidia, dssuite, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6492 ELECTRICFISH; Fake Keepass Site; Android Updates; AV Company Breah Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ELECTRICFISH; Fake Keepass Site; Android Updates; AV Company Breah https://traffic.libsyn.com/securitypodcast/6492.mp3 https://isc.sans.edu/podcastdetail/6492 Fri, 10 May 2019 04:20:02 GMT https://www.us-cert.gov/ncas/analysis-reports/AR19-129A
Fake KeePass Site Spreading Malware
https://twitter.com/berkcgoksel/status/1125727590440931329
Google Android Security Bulletin
https://source.android.com/security/bulletin/2019-05-01
Three Anti-Virus Companies Breached
https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
]]> 5:33 fxmsp, electricfish, dhs, keepass, google, android, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6490 EMail Roulette; Lightneuron Exchange Compromise; Alpine Linux Docker; Wordpress Secures Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. EMail Roulette; Lightneuron Exchange Compromise; Alpine Linux Docker; Wordpress Secures Updates https://traffic.libsyn.com/securitypodcast/6490.mp3 https://isc.sans.edu/podcastdetail/6490 Thu, 09 May 2019 03:48:10 GMT https://isc.sans.edu/forums/diary/Email+roulette+May+2019/24918/
Turla Lightneuron
https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf
Alpine Linux Docker Image root User Hard Coded Credentials
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782
Worpress 5.2 Adds Digitially Signed Updates
https://wordpress.org/support/wordpress-version/version-5-2/
]]> 5:45 wordpress, alpine, docker, root, password, updates, turla, lightneuron, exchange, email, roulette, ransomware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6488 Jenkins Exploit Mines Crypto; Confluence Miners; Cisco ESC REST Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Jenkins Exploit Mines Crypto; Confluence Miners; Cisco ESC REST Vuln; https://traffic.libsyn.com/securitypodcast/6488.mp3 https://isc.sans.edu/podcastdetail/6488 Wed, 08 May 2019 01:25:02 GMT https://isc.sans.edu/forums/diary/Vulnerable+Apache+Jenkins+exploited+in+the+wild/24916/
Confluence Vulnerablity Exploited to Delivery Cryptocurrency Miner with Rootkit
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit/
Cisco Elastic Services Controller REST API Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass
Google Chrome History Manipulation Prevention
https://groups.google.com/a/chromium.org/forum/?#!msg/blink-dev/T8d4_BRb2xQ/WSdOiOFcBAAJ
]]> 4:59 google chrome, history, cisco, elastic services controller, esc, rest, confluence, miner, jenkins, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6486 UTF-16 in UDF Files; VMWare Fusion RCE; Bad Bad Guy Passwords; Amazon S3 Path Style Access Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. UTF-16 in UDF Files; VMWare Fusion RCE; Bad Bad Guy Passwords; Amazon S3 Path Style Access https://traffic.libsyn.com/securitypodcast/6486.mp3 https://isc.sans.edu/podcastdetail/6486 Tue, 07 May 2019 01:35:02 GMT https://isc.sans.edu/forums/diary/Text+and+TNULeNULxNULtNUL/24912/
VMWare Fusion 11 Guest VM RCE
https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/
Hackers Are Using Bad Passwords Too
https://www.ankitanubhav.info/post/c2bruting
Amazon S3 Discontinues Path Style Access
https://www.bleepingcomputer.com/news/security/amazon-to-disable-s3-path-style-access-used-to-bypass-censorship/
]]> 6:11 amazone, s3, hackers, passwords, vmware, rce, websocket, udf, utf-16, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6484 Git Ransomware; DLink Ransomware Patch; Jenkins Plugins; Malicious WPAD Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Git Ransomware; DLink Ransomware Patch; Jenkins Plugins; Malicious WPAD https://traffic.libsyn.com/securitypodcast/6484.mp3 https://isc.sans.edu/podcastdetail/6484 Sun, 05 May 2019 23:45:02 GMT https://www.theregister.co.uk/2019/05/03/git_ransomware_bitcoin/
DLink Ransomware Patch
https://eu.dlink.com/de/de/support/support-news/2019/february/28/dns320_trojan_cr1pttor
Jenkins Plugin Vulnerabilities
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/may/story-of-a-hundred-vulnerable-jenkins-plugins/
Malicious WPAD Domains
https://blog.redteam.pl/2019/05/badwpad-and-wpad-pl-wpadblocking-com.html
]]> 6:32 wpad, jenkins, dlink, ransomware, git, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6482 SAP Targeted; Cisco Nexus 9000; CryptoJacking Update; DLink; Securepairs; #righttorepair Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SAP Targeted; Cisco Nexus 9000; CryptoJacking Update; DLink; Securepairs; #righttorepair https://traffic.libsyn.com/securitypodcast/6482.mp3 https://isc.sans.edu/podcastdetail/6482 Fri, 03 May 2019 01:55:02 GMT https://www.onapsis.com/10kblaze
Cisco Patches SSH Default Credential Vulnerability in Nexus 9000 Switches
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey
Current State of JavaScript Crypto Jacking
https://blog.malwarebytes.com/cybercrime/2019/05/cryptojacking-in-the-post-coinhive-era/
D-Link Camera Vulnerabilities
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
Securepairs Promotes "Right to Repair"
https://securepairs.org/
]]> 6:08 SAP, Cisco, Nexus, Crytpojacking, dlink, securepairs, right to repair, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6480 RCE in Dell SupportAssist; Creston Vuln; More JS Skimmers; S/Mime and PGP Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RCE in Dell SupportAssist; Creston Vuln; More JS Skimmers; S/Mime and PGP Vuln https://traffic.libsyn.com/securitypodcast/6480.mp3 https://isc.sans.edu/podcastdetail/6480 Thu, 02 May 2019 02:10:02 GMT https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
Creston Multiple Vulnerabilities
https://www.crestron.com/en-US/Security/Security_Advisories
Polymorphic Skimmer Targeting 57 different Payment Gateways
https://labs.sansec.io/2019/04/29/polymorphic-skimmer-57-payment-gateways/
More Attacks Against S/Mime and PGP Signed Email
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
]]> 5:57 s/mime, pgp, email, signatures, skimmer, magecart, creston, dell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6478 WebLogic Ransom Ware; Facebook Location Leak, AutoMacTC, KAPE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WebLogic Ransom Ware; Facebook Location Leak, AutoMacTC, KAPE https://traffic.libsyn.com/securitypodcast/6478.mp3 https://isc.sans.edu/podcastdetail/6478 Wed, 01 May 2019 02:20:02 GMT https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
Facebook Leaking Sellers Exact Locations
https://www.7elements.co.uk/resources/blog/facebooks-burglary-shopping-list/
Revive Adserver Deserialization Vulnerability
https://www.revive-adserver.com/security/revive-sa-2019-001/
AutoMacTC: Automating Mac Forensics Triage
https://www.crowdstrike.com/blog/automating-mac-forensic-triage/
Kroll Artifact Parser And Extractor (KAPE)
https://learn.duffandphelps.com/kape
]]> 5:37 kroll, automactc, kape, triage, incident response, revive, adserver, deserialization, facebook, location, sodinokibi, weblogic, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6476 iLnkP2P Weakness; iFrame Tech Support Scam; Window 10 Users Avoiding October 2018 Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. iLnkP2P Weakness; iFrame Tech Support Scam; Window 10 Users Avoiding October 2018 Update https://traffic.libsyn.com/securitypodcast/6476.mp3 https://isc.sans.edu/podcastdetail/6476 Tue, 30 Apr 2019 01:30:02 GMT https://hacked.camera
Windows 10 Users Not Applying October Update
https://reports.adduplex.com/#/r/2019-04
iFrame "Ransom Support" Attacks
https://blog.trendmicro.com/trendlabs-security-intelligence/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers/
]]> 5:51 ilnkp2p, cameras, windows 10, updates, iframe, ransom, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6474 WebLogic Update; Docker Hub Breach; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WebLogic Update; Docker Hub Breach; https://traffic.libsyn.com/securitypodcast/6474.mp3 https://isc.sans.edu/podcastdetail/6474 Mon, 29 Apr 2019 02:40:01 GMT https://isc.sans.edu/diary.html?storyid=24890
Docker Hub Breach
https://success.docker.com/article/docker-hub-user-notification
]]> 5:18 docker, docker hub, weblogic, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6472 Windows Service Acccounts; Weblogic Flaw; Confluence Exploited; New Windows 10/Server Security Baseline Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows Service Acccounts; Weblogic Flaw; Confluence Exploited; New Windows 10/Server Security Baseline https://traffic.libsyn.com/securitypodcast/6472.mp3 https://isc.sans.edu/podcastdetail/6472 Fri, 26 Apr 2019 03:15:02 GMT https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+Alert+WebLogic+Zero+Day/24880/
Collecting Windows Service Accounts
https://isc.sans.edu/forums/diary/Service+Accounts+Redux+Collecting+Service+Accounts+with+PowerShell/24882/
Confluence Vulnerablity Exploited by GandGrab
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
New Micrsoft Security Baseline for Windows 10 / Windows Server
https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/
]]> 5:25 microsoft, windows, security baseline, confluence, ransomware, gandgrab, serivce accounts, weblogic, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6470 Finding Domain Admins; X-Protect Covering PE Files; Hotspot Password Leak; Github Hosting Phishing Pages Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Finding Domain Admins; X-Protect Covering PE Files; Hotspot Password Leak; Github Hosting Phishing Pages https://traffic.libsyn.com/securitypodcast/6470.mp3 https://isc.sans.edu/podcastdetail/6470 Thu, 25 Apr 2019 03:15:02 GMT https://isc.sans.edu/forums/diary/Where+have+all+the+Domain+Admins+gone+Rooting+out+Unwanted+Domain+Administrators/24874/
Mac OS X-Protect Now Covering Windows Malware
https://twitter.com/patrickwardle/status/1120771284286103552
Wifi Finder Leaks Hotspot Passwords
https://techcrunch.com/2019/04/22/hotspot-password-leak/
Github Hosting Phishing Pages
https://www.proofpoint.com/us/threat-insight/post/threat-actors-abuse-github-service-host-variety-phishing-kits
RSA Webinar: The Five Most Dangerous New Attack Techniques and How to Counter Them
https://www.rsaconference.com/videos/rsac-2019-the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them-continued
]]> 7:28 rsa, heather, ed, alan, webinar, github, phishing, wifi finder, hotspot, password, x-protect, domain admins, powershell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6468 VBA Macro Wtihout Source Code; More Shadowhammer Victims; Malicous Google Sites Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VBA Macro Wtihout Source Code; More Shadowhammer Victims; Malicous Google Sites https://traffic.libsyn.com/securitypodcast/6468.mp3 https://isc.sans.edu/podcastdetail/6468 Wed, 24 Apr 2019 02:10:02 GMT https://isc.sans.edu/forums/diary/Malicious+VBA+Office+Document+Without+Source+Code/24870/
More Updates on "ShadowHammer" Supply Chain Attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/
A Malicious Sight in Google Sites
https://www.netskope.com/blog/malicious-google-sites
]]> 5:47 google sites, shadowhammer, vba, p-code, macro, decompiling, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6466 ACE Exploit; Younger Malware Senders; McAfee vs. Windows Update; Blocking Azure Blob Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ACE Exploit; Younger Malware Senders; McAfee vs. Windows Update; Blocking Azure Blob Phishing https://traffic.libsyn.com/securitypodcast/6466.mp3 https://isc.sans.edu/podcastdetail/6466 Mon, 22 Apr 2019 23:10:02 GMT https://isc.sans.edu/forums/diary/rar+Files+and+ACE+Exploit+CVE201820250/24864/
Malware Senders Become Younger and Less Sophisticated (in German)
https://www.heise.de/security/meldung/Malware-Verteiler-werden-immer-juenger-infizieren-sich-oft-selbst-4403823.html
McAfee Antivirus Affected by April Windows Update Crashes
http://kc.mcafee.com/corporate/index?page=content&id=KB91465
Rules to Protect Against Azure Blog Phishing in Outlook 365
https://malware-research.org/simple-rule-to-protect-against-spoofed-windows-net-phishing-attacks/
Windows 7 End of Support Messages
https://www.windowslatest.com/2019/04/20/windows-7-users-are-now-receiving-the-end-of-support-notifications/
]]> 5:44 ace, rar, winrar, malware, age, mcafee, windows update, azure, windows 7, blog storage, phishing, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6464 Analyzing UDF Files; HTML Link Ping; Edge User Agents; French Govt Chat User Managment Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing UDF Files; HTML Link Ping; Edge User Agents; French Govt Chat User Managment https://traffic.libsyn.com/securitypodcast/6464.mp3 https://isc.sans.edu/podcastdetail/6464 Mon, 22 Apr 2019 03:35:02 GMT https://isc.sans.edu/forums/diary/Analyzing+UDF+Files+with+Python/24860/
HTML Ping To Be Adopted By All Major Browsers
https://webkit.org/blog/8821/link-click-analytics-and-privacy/
Microsoft to Modify Edge User Agent for Some Sites
https://www.onmsft.com/news/new-edge-insider-browser-can-change-user-agent-strings-based-on-what-website-youre-visiting
French Government Chat System Used Weak User Management
https://m.heise.de/security/meldung/Tchap-Frankreichs-nicht-so-exklusiver-Regierungschat-4403961.html
]]> 6:53 france, government, chat, microsoft, edge, user-agent, ping, html, udf, python, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6462 Malicious UDF Files; Facebook Clear Text Passwords; Iranian Hackers Hacked; Win8 Live Tiles Takeover Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious UDF Files; Facebook Clear Text Passwords; Iranian Hackers Hacked; Win8 Live Tiles Takeover https://traffic.libsyn.com/securitypodcast/6462.mp3 https://isc.sans.edu/podcastdetail/6462 Fri, 19 Apr 2019 03:45:03 GMT https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/
Facebook Stored Passwords in Plain Text
https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/
Iranian Statesponsored Malware and Data Leaked
https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html
Windows 8 Live Tiles Domain Takeover
https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-ueber-windows-kacheln-1904-140709.html
]]> 6:50 windows 8, live tiles, iran, facebook, passwords, malware, udf, img, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6460 Sea Turtle; Broadcom Drivers; NamPoHyu, Confluence Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sea Turtle; Broadcom Drivers; NamPoHyu, Confluence Attacks https://traffic.libsyn.com/securitypodcast/6460.mp3 https://isc.sans.edu/podcastdetail/6460 Thu, 18 Apr 2019 03:05:02 GMT https://blog.talosintelligence.com/2019/04/seaturtle.html
Broadcom Wifi Driver Vulnerabilities
https://www.kb.cert.org/vuls/id/166939/
NamPoHyu Virus Infects Samba Servers
https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/
Increased Attacks on Confluence
https://twitter.com/DFNCERT/status/1118468599230943233
]]> 5:28 Altassian, confluence, nampohyu, ransomware, samba, broadcom, dns, sea turtle, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6458 CVE-2019-0726 (Win DHCP Client) PoC; Oracle CPU; WiPro Hacked; GHydra Tips Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CVE-2019-0726 (Win DHCP Client) PoC; Oracle CPU; WiPro Hacked; GHydra Tips https://traffic.libsyn.com/securitypodcast/6458.mp3 https://isc.sans.edu/podcastdetail/6458 Wed, 17 Apr 2019 03:20:03 GMT https://habr.com/ru/company/pt/blog/448378/
Oracle April 2019 Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
WiPro Breached Via Phishing Attacks
https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/
IDA and GHydra Part 2 (Strings And Parameters)
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+2+strings+and+parameters/24848/
]]> 5:34 ida, gyhdra, wipro, phishing, oracle, cpu, dhcp, windows, cve-2019-0726, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6456 DNS False Positives; Adblock Code Injection; Executables in DICOM Images; Misleading VPN Ads Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS False Positives; Adblock Code Injection; Executables in DICOM Images; Misleading VPN Ads https://traffic.libsyn.com/securitypodcast/6456.mp3 https://isc.sans.edu/podcastdetail/6456 Tue, 16 Apr 2019 04:40:02 GMT https://isc.sans.edu/forums/diary/Odd+DNS+Requests+that+are+Normal/24844/

Adblock Plus Allows Filter List Providers to Inject Code in Pages
https://armin.dev/blog/2019/04/adblock-plus-code-injection/
Executables in Polyglot DICOM Images
https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf
Malicious/Misleading VPN Ads
https://www.bleepingcomputer.com/news/security/mobile-vpns-promoted-by-you-are-infected-or-hacked-ads/
]]> 7:04 vpn ads, polyglot, dicom, pedicom, adblock, dns, query logs, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6454 MTA-STA; AirBNB Cameras; VPN Credentials; MSIE XXE Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MTA-STA; AirBNB Cameras; VPN Credentials; MSIE XXE Vulnerability https://traffic.libsyn.com/securitypodcast/6454.mp3 https://isc.sans.edu/podcastdetail/6454 Mon, 15 Apr 2019 04:35:03 GMT https://isc.sans.edu/forums/diary/Configuring+MTASTS+and+TLS+Reporting+For+Your+Domain/24840/
How to Find Hidden Cameras in Your AirBNB
https://isc.sans.edu/forums/diary/How+to+Find+Hidden+Cameras+in+your+AirBNB/24834/
Insecure Storage of VPN Credentials
https://www.kb.cert.org/vuls/id/192371/
Microsoft Patch Problems
https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472
https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446
Internet Explorer XML External Entity Vulnerability
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
]]> 6:24 Internet explorer, msie, xml, xee, airbnb, cameras, vpn, mta-sts, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6452 GMail Supporting MTA-STS; Juniper Patch; Uniden IP Camera Site Hosting Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GMail Supporting MTA-STS; Juniper Patch; Uniden IP Camera Site Hosting Malware https://traffic.libsyn.com/securitypodcast/6452.mp3 https://isc.sans.edu/podcastdetail/6452 Fri, 12 Apr 2019 00:55:02 GMT https://tools.ietf.org/html/rfc8461
https://tools.ietf.org/html/rfc8460
https://www.zdnet.com/article/gmail-becomes-first-major-email-provider-to-support-mta-sts-and-tls-reporting/
Juniper Patch Fixes Static Password in Junos OS
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10923&actp=METADATA
Uniden Commercial IP Camera Site Hosting Malware
https://twitter.com/JayTHL/status/1116200014630596609
]]> 6:16 uniden, wordpress, malware, juniper, junos, password, grpc, gmail, mta-sts, smtp tls reporting, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6450 WPA3 Dragonblood Vulnerablity; HOPLIGHT Trojan; SneakyPastes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WPA3 Dragonblood Vulnerablity; HOPLIGHT Trojan; SneakyPastes https://traffic.libsyn.com/securitypodcast/6450.mp3 https://isc.sans.edu/podcastdetail/6450 Thu, 11 Apr 2019 00:50:02 GMT http://papers.mathyvanhoef.com/dragonblood.pdf
North Korean Trojan: HOPLIGHT
https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Gaza Cybergang Group1 "SneakyPastes"
https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/
]]> 7:37 gaza, cybergang, sneakypastes, pastebin, north korea, hoplight, wpa3, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6448 Microsoft/Adobe Patches; Food Poisoning Malspam; Axis Vulnerability; Golang Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft/Adobe Patches; Food Poisoning Malspam; Axis Vulnerability; Golang Vuln https://traffic.libsyn.com/securitypodcast/6448.mp3 https://isc.sans.edu/podcastdetail/6448 Tue, 09 Apr 2019 23:20:02 GMT https://isc.sans.edu/forums/diary/Microsoft+April+2019+Patch+Tuesday/24826/
https://helpx.adobe.com/security.html
Fake "Food Poisoning" emails in Germany (in german)
https://www.polizei-praevention.de/aktuelles/erneut-mails-mit-schadsoftware-gegen-gewerbetreibende-im-umlauf.html
Vulnerability in Apache Axis
https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/
Golang DLL Injection Vulnerability
https://www.openwall.com/lists/oss-security/2019/04/09/1
]]> 6:41 golang, go, axis, soap, axis2, food poisoning, north korea, microsoft, adobe, patch tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6446 TrendMicro Patch; Dovecot Patch; Apache Exploit; Using Javascript in Exploits; Ghidra vs. IDA Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TrendMicro Patch; Dovecot Patch; Apache Exploit; Using Javascript in Exploits; Ghidra vs. IDA https://traffic.libsyn.com/securitypodcast/6446.mp3 https://isc.sans.edu/podcastdetail/6446 Tue, 09 Apr 2019 01:30:03 GMT https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+1+the+decompilerunreachable+code/24822/
TrendMicro Patch
https://success.trendmicro.com/solution/1122250
Dovecot Patch
https://dovecot.org/list/dovecot-news/2019-March/000403.html
Apache CVE-2019-0211 Exploit
https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache
Using JavaScript in Exploits
https://www.youtube.com/watch?v=HfpnloZM61I
]]> 5:33 trendmicro, dovecot, apache, javascript, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6444 Fake Office365 Invoices; "well-known" hiding place; Altering CT Data; QT Framework Bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake Office365 Invoices; "well-known" hiding place; Altering CT Data; QT Framework Bug https://traffic.libsyn.com/securitypodcast/6444.mp3 https://isc.sans.edu/podcastdetail/6444 Sun, 07 Apr 2019 23:00:03 GMT https://isc.sans.edu/forums/diary/Fake+Office+365+Payment+Information+Update/24818/
Malware Hiding in .well-known directory
https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-https-sites
Altering CT Images to Manipulate Diagnosis
https://arxiv.org/pdf/1901.03597.pdf
QT Framework RCE Vulnerability
https://www.zerodayinitiative.com/blog/2019/4/3/loading-up-a-pair-of-qt-bugs-detailing-cve-2019-1636-and-cve-2019-6739
]]> 6:47 qt rce, ct images, well-known, office365, fake invoice, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6442 Old Rule Triggers on New Exploit; Xiaomi Guardapp; Xwo Scanner; SmartWatches Pwned Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Old Rule Triggers on New Exploit; Xiaomi Guardapp; Xwo Scanner; SmartWatches Pwned https://traffic.libsyn.com/securitypodcast/6442.mp3 https://isc.sans.edu/podcastdetail/6442 Thu, 04 Apr 2019 23:35:02 GMT https://isc.sans.edu/forums/diary/New+Waves+of+Scans+Detected+by+an+Old+Rule/24812/
Xiaomi GuardApp Vulnerable to Man in the Middle
https://blog.checkpoint.com/2019/04/04/xiaomi-vulnerability-when-security-is-not-what-it-seems/
Xwo Web Scanner Hunting for MongoDB
https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner
Vulnerable SmartWatches "Defaced"
https://api.heise.de/svc/embetty/tweet/1112326532939374593-images-0
https://www.heise.de/newsticker/meldung/Vidimensio-Smartwatches-Der-Sicherheits-Alptraum-geht-weiter-4359967.html
]]> 5:47 smartwatch, xwo, xiaomi, guardapp, shellshock, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6440 Ghidra vs. IDA; IRS Phishing; Large Facebook Data Leak; PostgreSQL "COPY" Command Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ghidra vs. IDA; IRS Phishing; Large Facebook Data Leak; PostgreSQL "COPY" Command https://traffic.libsyn.com/securitypodcast/6440.mp3 https://isc.sans.edu/podcastdetail/6440 Thu, 04 Apr 2019 00:10:03 GMT https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+0+automatic+comments+for+API+call+parameters/24806/
Security Awareness Newsletter: Making Passwords Simple
https://www.sans.org/security-awareness-training/resources/making-passwords-simple
IRS Themed Phishing Emails
https://www.proofpoint.com/us/threat-insight/post/tax-themed-email-campaigns-target-2019-filers
Large Leak of Facebook User Data via 3rd Party App
https://www.upguard.com/breaches/facebook-user-data-leak
Arbitrary Command Execution in PostgreSQL
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
]]> 5:47 postgres, postgresql, facebook, amazon, s3, irs, phishing, ouch, passwords, ghidra, ida, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6438 LaCie Drives Spread Fake AV; Unpatched IE/Edge SOP Bug; Apache Patch; Verzion Phish Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LaCie Drives Spread Fake AV; Unpatched IE/Edge SOP Bug; Apache Patch; Verzion Phish https://traffic.libsyn.com/securitypodcast/6438.mp3 https://isc.sans.edu/podcastdetail/6438 Wed, 03 Apr 2019 01:25:02 GMT https://isc.sans.edu/forums/diary/Fake+AV+is+Back+LaCie+Network+Drives+Used+to+Spread+Malware/24802/
Unpatched SOP Vulnerability in Internet Explorer/Edge
https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html
Apache Fixes Privilege Escalation Flaw
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
Verizon Users Phished for Credentials
https://blog.lookout.com/mobile-phishing-verizon
]]> 5:21 verizon, phish, apache, privilege escalation, sop, edge, internet explorer, msie, lacie, eset, fakeav, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6436 OpenOffice PDFs; Android Updates; Android Malware Redirects Phonecalls; Google Extends WebAuthn Support Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OpenOffice PDFs; Android Updates; Android Malware Redirects Phonecalls; Google Extends WebAuthn Support https://traffic.libsyn.com/securitypodcast/6436.mp3 https://isc.sans.edu/podcastdetail/6436 Tue, 02 Apr 2019 01:45:02 GMT https://isc.sans.edu/forums/diary/Analysis+of+PDFs+Created+with+OpenOfficeLibreOffice/24798/
Android Monthly Update
https://source.android.com/security/bulletin/2019-04-01#2019-04-01-details
Malicious Android App Forwards Banking Calls to Attacker
https://www.blackhat.com/asia-19/briefings/schedule/index.html#when-voice-phishing-met-malicious-android-app-13419
Google Allowing WebAuthn Login from Firefox/Edge
https://twitter.com/christiaanbrand/status/1111430192596025347
All Your Data Are Belong to Us: Defending Against Credential Stuffing Attacks
https://www.sans.org/webcasts/data-belong-us-defend-credential-stuffing-110340
]]> 4:38 credential stuffing, webcast, webauthn, google, firefox, edge, android, patches, phone redirect, openaction, pdf, openoffice, libreoffice, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6434 Reversing Golang; Kubernetes Vulnerability; VMWare Patches; ASUS MACs Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reversing Golang; Kubernetes Vulnerability; VMWare Patches; ASUS MACs https://traffic.libsyn.com/securitypodcast/6434.mp3 https://isc.sans.edu/podcastdetail/6434 Sun, 31 Mar 2019 23:15:02 GMT https://isc.sans.edu/forums/diary/Annotating+Golang+binaries+with+Cutter+and+Jupyter/24790/
ASUS Targeted MAC Addresses Available for Download
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/
Weaponized Version of New Zealand Attack Manifesto
https://bluehexagon.ai/blog/weaponized-version-of-new-zealand-terror-suspects-manifesto-discovered-in-the-wild/
Kubernetes Directory Traversal
https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/
VMWare Patches
https://www.vmware.com/security/advisories/VMSA-2019-0005.html
]]> 5:36 vmwware, kubernetes, manifesto, asus, mac addresses, golang, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6432 Passive DNS; Incomplete Cisco RV320 Patch; TPLink Debug Port Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Passive DNS; Incomplete Cisco RV320 Patch; TPLink Debug Port https://traffic.libsyn.com/securitypodcast/6432.mp3 https://isc.sans.edu/podcastdetail/6432 Thu, 28 Mar 2019 20:45:02 GMT https://isc.sans.edu/forums/diary/Running+your+Own+Passive+DNS+Service/24784/
Incomplete Patch for Cisco RV320 Routers
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-003/-cisco-rv320-unauthenticated-configuration-export
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-004/-cisco-rv320-unauthenticated-diagnostic-data-retrieval
TPLink Debug Port Vulnerability
https://twitter.com/mjg59/status/1111106885736787975
https://pastebin.com/GAzccR95
]]> 4:30 tplink, tpdp, cisco, rv320, dns, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6430 MSFT Application Guard for FF/Chrome; LTE Vulnerabilities; NVidia Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Application Guard for FF/Chrome; LTE Vulnerabilities; NVidia Vuln; https://traffic.libsyn.com/securitypodcast/6430.mp3 https://isc.sans.edu/podcastdetail/6430 Wed, 27 Mar 2019 20:50:03 GMT https://blogs.windows.com/windowsexperience/2019/03/15/announcing-windows-10-insider-preview-build-18358/
New Set of LTE Vulnerabilities
https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf
NVidia Privilege Escalation
https://rhinosecuritylabs.com/application-security/nvidia-arbitrary-file-writes-to-command-execution-cve-2019-5674/
]]> 5:05 nvidia, lte, microsoft, application guard, firefox, chrome, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6428 Apple Updates; ASUS Response; Firefox Cert Issues; UC Browser MITM Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; ASUS Response; Firefox Cert Issues; UC Browser MITM Vuln https://traffic.libsyn.com/securitypodcast/6428.mp3 https://isc.sans.edu/podcastdetail/6428 Tue, 26 Mar 2019 20:50:02 GMT https://support.apple.com/en-us/HT201222
ASUS Response to Kaspersky Report
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
Firefox Importing Windows Root Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1533397
UC Webbrowser MITM Vulnerability
https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/
]]> 5:40 ucweb, uc webbrowser, firefox, certificates, asus, kasperksy, apple, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6426 ShadowHammer ASUS Backdoor; Telegram Unsend Feature; F5 BigIP Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ShadowHammer ASUS Backdoor; Telegram Unsend Feature; F5 BigIP Update https://traffic.libsyn.com/securitypodcast/6426.mp3 https://isc.sans.edu/podcastdetail/6426 Mon, 25 Mar 2019 21:00:07 GMT https://www.kaspersky.com/blog/shadow-hammer-teaser
https://shadowhammer.kaspersky.com/
Telegram Unsent Feature
https://techcrunch.com/2019/03/25/going-going-gone/
F5 Big IP Updates
https://support.f5.com/csp/article/K14812883

]]> 5:19 f5, bigip, telegram, asus, shadowhammer, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6424 Reversing Golang; Reading QR Codes; Pwn2Own; Java Card Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reversing Golang; Reading QR Codes; Pwn2Own; Java Card Vulnerabilities https://traffic.libsyn.com/securitypodcast/6424.mp3 https://isc.sans.edu/podcastdetail/6424 Sun, 24 Mar 2019 19:55:03 GMT https://isc.sans.edu/forums/diary/Introduction+to+analysing+Go+binaries/24770/
More "VelvetSweatshop" Maldocs
https://isc.sans.edu/forums/diary/VelvetSweatshop+Maldocs/24772/
Reading QR Codes in Python
https://isc.sans.edu/forums/diary/Decoding+QR+Codes+with+Python/24774/
Pwn2Own Contest: Firefox, Safari, Edge and others fall
https://www.zdnet.com/article/tesla-car-hacked-at-pwn2own-contest/
Norwegian Nokia Phones Sent Data to China (Article in Norwegian)
https://nrkbeta.no/2019/03/21/norske-telefoner-sendte-personopplysninger-til-kina/
Java Card Vulnerabilities
https://seclists.org/fulldisclosure/2019/Mar/35
]]> 6:08 java card, nokia, china, pwn2own, qr codes, velvetsweatshop, golang, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6422 Google Photo xsleaks; Fake CDC Emails; Atlassian Sourcetree Vulnerability; Microsoft Defender for MacOS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Google Photo xsleaks; Fake CDC Emails; Atlassian Sourcetree Vulnerability; Microsoft Defender for MacOS https://traffic.libsyn.com/securitypodcast/6422.mp3 https://isc.sans.edu/podcastdetail/6422 Thu, 21 Mar 2019 18:00:03 GMT https://www.imperva.com/blog/now-patched-google-photos-vulnerability-let-hackers-track-your-friends-and-location-history/
Fake CDC EMails Spread GandCrab Ransomware
https://myonlinesecurity.co.uk/fake-cdc-flu-pandemic-warning-delivers-gandcrab-5-2-ransomware/
Atlassian Sourcetree Vulnerability
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html
Microsoft Defender for MacOS
https://www.theregister.co.uk/2019/03/21/microsoft_defender_atp/
]]> 5:29 atlassian, microsoft, macos, anti-malware, defender, cdc, email, gandgrab, google, xsleak, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6420 Using AD to Find Hosts Outside of AD; MSFT Anti Malware Crashing Windows; Less DDoS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Using AD to Find Hosts Outside of AD; MSFT Anti Malware Crashing Windows; Less DDoS https://traffic.libsyn.com/securitypodcast/6420.mp3 https://isc.sans.edu/podcastdetail/6420 Wed, 20 Mar 2019 18:40:02 GMT https://isc.sans.edu/forums/diary/Using+AD+to+find+hosts+that+arent+in+AD+fun+with+the+IPAddress+construct/24762/
Microsoft Anti Malware Crashing Windows
https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance&prof=required
Reduction in DDoS Attacks
https://www.nexusguard.com/threat-report-q4-2018
]]> 5:40 ddos, microsoft, anti malware, false positives, active directory, , cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6418 Cloudflare Proxy Detection Tools; BEC Moving to SMS; IPv6 and UPNP Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cloudflare Proxy Detection Tools; BEC Moving to SMS; IPv6 and UPNP https://traffic.libsyn.com/securitypodcast/6418.mp3 https://isc.sans.edu/podcastdetail/6418 Tue, 19 Mar 2019 19:05:02 GMT https://blog.cloudflare.com/monsters-in-the-middleboxes/
Business Email Compromise Moving to SMS
https://www.agari.com/email-security-blog/bec-goes-mobile/
JavaScript Requests Without Same Origin Policy Limitations
https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy
Discovering IPv6 Hosts With UPNP
https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html#more
]]> 6:07 ipv6, upnp, javascript, same origin policy, bec, sms, cloudflare, proxy, mitm, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6416 Putty Updates; Fijitsu Keyboards; Signed Malware; Ubuntu 14.04 Support Ends; Mirai News Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Putty Updates; Fijitsu Keyboards; Signed Malware; Ubuntu 14.04 Support Ends; Mirai News https://traffic.libsyn.com/securitypodcast/6416.mp3 https://isc.sans.edu/podcastdetail/6416 Mon, 18 Mar 2019 18:40:02 GMT https://www.chiark.greenend.org.uk/~sgtatham/putty/
Fujitsu Wireless Keyboard Vulnerabilities
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt
Signed Malware Goes Undetected
https://twitter.com/malwrhunterteam/status/1104082562216062978/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1104082562216062978&ref_url=https%3A%2F%2Fwww.theregister.co.uk%2F2019%2F03%2F18%2Fsecurity_roundup_150319%2F
Free Support for Ubuntu 14.04 LTS Ends in April
https://lists.ubuntu.com/archives/ubuntu-announce/2019-March/000241.html
Latest Mirai Version with Even More Exploits
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
]]> 5:41 mirai, putty, ubuntu, signed malware, fujitsu, keyboard, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6414 Jupyter and radare2; IMAP Brute Fording; GSuites SMS Disable; Bitlocker/TPM Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Jupyter and radare2; IMAP Brute Fording; GSuites SMS Disable; Bitlocker/TPM https://traffic.libsyn.com/securitypodcast/6414.mp3 https://isc.sans.edu/podcastdetail/6414 Sun, 17 Mar 2019 18:40:02 GMT https://isc.sans.edu/forums/diary/Binary+Analysis+with+Jupyter+and+Radare2/24748/
IMAP Brute Forcing against Cloud Accounts
https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols
Google Allows GSuite Users to Disable SMS/Voice Authentication
https://gsuiteupdates.googleblog.com/2019/03/more-control-over-2-step-verification-security-phone-sms.html
Sniffing Bitlocker Keys from TPM
https://pulsesecurity.co.nz/articles/TPM-sniffing
]]> 7:02 tpm, bitlocker, google, gsuite, 2fa, mfa, imap, brute forcing, phishing, jupyter, radare2, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6412 Analyzing ZIP Files in Ghydra; 64 Bit Cert Serial Number; Cisco Patch; Intel Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing ZIP Files in Ghydra; 64 Bit Cert Serial Number; Cisco Patch; Intel Patches https://traffic.libsyn.com/securitypodcast/6412.mp3 https://isc.sans.edu/podcastdetail/6412 Fri, 15 Mar 2019 02:10:02 GMT https://isc.sans.edu/forums/diary/Tip+Ghidra+ZIP+Files/24732/
64 Bit Certificate Serial Number Revocation
https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/
Cisco Default Account Problem
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv
Intel Patches
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
]]> 5:13 intel, me, cisco, certificiates, google, godaddy, darkmatter, ghydra, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6410 MSFT/Adobe Patch Tuesday; PSMiner; ACME RFC8555 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT/Adobe Patch Tuesday; PSMiner; ACME RFC8555 https://traffic.libsyn.com/securitypodcast/6410.mp3 https://isc.sans.edu/podcastdetail/6410 Wed, 13 Mar 2019 01:05:02 GMT https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/
Adobe Updates
https://helpx.adobe.com/security.html
PSMiner
https://blog.360totalsecurity.com/en/new-mining-worm-psminer-uses-multiple-high-risk-vulnerabilities-to-spread/
Automatic Certificate Managment Environment
https://tools.ietf.org/html/rfc8555
]]> 6:10 acme, letsencrypt, rfc8555, psminer, adobe, microsoft, monero, redis, elasticsearch, patch tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6408 StackStorm Vulnerability; Secure Coding Study; Game Developer Supply Chain Attack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. StackStorm Vulnerability; Secure Coding Study; Game Developer Supply Chain Attack https://traffic.libsyn.com/securitypodcast/6408.mp3 https://isc.sans.edu/podcastdetail/6408 Tue, 12 Mar 2019 00:35:02 GMT https://quitten.github.io/StackStorm/
Developers Will Not Code Secure By Default
https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf
Gaming Industry Supply Chain Attack
https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/
]]> 5:05 devops, secure coding, gaming, backdoor, supply chain, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6406 Reversing HTA; Apache SOLR Patch; Vulnerable Car Alarms; Win7+Chrome Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reversing HTA; Apache SOLR Patch; Vulnerable Car Alarms; Win7+Chrome Exploit https://traffic.libsyn.com/securitypodcast/6406.mp3 https://isc.sans.edu/podcastdetail/6406 Sun, 10 Mar 2019 22:45:04 GMT https://isc.sans.edu/forums/diary/Quick+and+Dirty+Malicious+HTA+Analysis/24728/
Apache SOLR Patch
https://issues.apache.org/jira/browse/SOLR-13301
Windows 7 + Google Chrome Exploit in the Wild
https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
Vulnerable Car Alarms
https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
]]> 6:50 car alarm, windows 7, chrome, google, solr, apache, hta, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6404 RSA Panel; Disposable E-Mails; NetApp / Cisco Patches; Github/Slack as C&C; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RSA Panel; Disposable E-Mails; NetApp / Cisco Patches; Github/Slack as C&C; https://traffic.libsyn.com/securitypodcast/6404.mp3 https://isc.sans.edu/podcastdetail/6404 Fri, 08 Mar 2019 03:45:03 GMT https://www.rsaconference.com/videos/the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them
Disposable E-Mail Addresses
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Disposable+Email+Addresses/24716/
NetApp Default Account Vulnerability
https://security.netapp.com/advisory/ntap-20190305-0001/
Cisco NS-OS NX-API Privilege Escalation
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj
Slub Backdoor Users GitHub and Slack
https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/
]]> 6:23 slack, slub, github, backdoor, cisco, ns-os, nx-api, netapp, e-mail, disposable, rsa, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6402 More Resume Malspam; Cloudflare Protects Drupal; Cisco Exploit; Monitorkit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Resume Malspam; Cloudflare Protects Drupal; Cisco Exploit; Monitorkit https://traffic.libsyn.com/securitypodcast/6402.mp3 https://isc.sans.edu/podcastdetail/6402 Thu, 07 Mar 2019 04:05:02 GMT https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/
Cloudflare Deploys Rules to Protect Against Recent Drupal Exploit
https://www.bleepingcomputer.com/news/security/cloudflare-deploys-firewall-rule-to-block-new-drupal-exploits/
Cisco DoS Vulnerability Activity Exploited
https://www.pentestpartners.com/security-blog/cisco-rv130-its-2019-but-yet-strcpy/
MonitorKit uses macOS Game Engine to Analyze Security Events
https://github.com/objective-see
]]> 6:25 monitorkit, waddle, cloudflare, cisco, resume, malspam, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6400 Comcast Mobile Phone PIN; NSA Releases Ghidra; Google Chrome Vuln Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Comcast Mobile Phone PIN; NSA Releases Ghidra; Google Chrome Vuln Exploited https://traffic.libsyn.com/securitypodcast/6400.mp3 https://isc.sans.edu/podcastdetail/6400 Wed, 06 Mar 2019 04:35:02 GMT https://nakedsecurity.sophos.com/2019/03/05/comcast-security-nightmare-default-0000-pin-on-everybodys-account/
NSA Releases Ghidra Reverse Analysis Tool
https://ghidra-sre.org/
Recent Google Chrome Vulnerability Being Exploited
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html?m=1
Android Monthly Security Bulletin
https://source.android.com/security/bulletin/2019-03-01
]]> 5:35 android, google, chrome, comcast, xfinity, ghidra, nsa, reverse analysis, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6398 MacOS Unpatches Priv. Esclation; Windows Exploit Suggester; GPS Jamming Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MacOS Unpatches Priv. Esclation; Windows Exploit Suggester; GPS Jamming https://traffic.libsyn.com/securitypodcast/6398.mp3 https://isc.sans.edu/podcastdetail/6398 Tue, 05 Mar 2019 03:00:03 GMT https://bugs.chromium.org/p/project-zero/issues/detail?id=1726
Windows Exploit Suggester Next Generation Released
https://github.com/bitsadmin/wesng
Docker Vulnerability used for Crypto Miners
https://www.imperva.com/blog/hundreds-of-vulnerable-docker-hosts-exploited-by-cryptocurrency-miners/
Russian GPS Jamming Exercises
https://thebarentsobserver.com/en/security/2019/03/russian-military-officials-arrive-oslo-norway-provides-facts-gps-jamming
]]> 5:50 GPS jamming, docker, crypto miners, windows exploit suggester, macos, cow, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6396 Cisco Router Patch; Coldfusion Patch, Protonmail Ransomware, eBay Phish hosted on eBay Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cisco Router Patch; Coldfusion Patch, Protonmail Ransomware, eBay Phish hosted on eBay https://traffic.libsyn.com/securitypodcast/6396.mp3 https://isc.sans.edu/podcastdetail/6396 Mon, 04 Mar 2019 02:25:02 GMT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
Coldfusion Patch and Exploit
https://www.carehart.org/blog/client/index.cfm/2019/3/1/urgent_CF_security_update_Part_1
Ransomware Impersonates Protonmail
https://twitter.com/demonslay335/status/1097866931762282498
eBay Site Used for eBay Phish (article in German)
https://www.heise.de/security/meldung/eBay-Phishing-auf-eBay-Seite-4324266.html
]]> 5:39 ebay, ransomware, phishing, ebaydesc, coldfusion, cisco, protonmail, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6394 Emotet Backend Analysis; Kaspersky vs. Chromecast; Wireshark 3.0; MageCart Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet Backend Analysis; Kaspersky vs. Chromecast; Wireshark 3.0; MageCart Update https://traffic.libsyn.com/securitypodcast/6394.mp3 https://isc.sans.edu/podcastdetail/6394 Fri, 01 Mar 2019 02:40:02 GMT https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/
Kaspersky Vs. Chromecast
https://www.bleepingcomputer.com/news/security/kaspersky-av-having-certificate-conflicts-with-google-chromecast/
MageCart Updates
https://www.riskiq.com/research/inside-magecart/
]]> 6:05 magecart, kasperksy, chromecast, google, emotet, backend, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6392 Coinhive Shutting Down; Azure Blob Phishing; Old Elastic Exploit User; Drupal Vuln Exploited Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Coinhive Shutting Down; Azure Blob Phishing; Old Elastic Exploit User; Drupal Vuln Exploited https://traffic.libsyn.com/securitypodcast/6392.mp3 https://isc.sans.edu/podcastdetail/6392 Thu, 28 Feb 2019 02:40:03 GMT https://coinhive.com/blog/en/discontinuation-of-coinhive
Azure Blob Storage Phishing
https://www.edgewave.com/phishing/feeling-blue-about-phishing/
Old 2014 Elastic Search Vulnerability Exploited
https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html
Latest Drupal Vulnerability Exploited
https://www.imperva.com/blog/latest-drupal-rce-flaw-used-by-cryptocurrency-miners-and-other-attackers/
F5 Big IP Patches
https://support.f5.com/csp/article/K91026261
]]> 5:08 coinhive, azure, phishing, blob, storage, elastic, drupal, f5, bigip, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6390 Thunderbolt Vulnerabilities; Alterting Signed PDFs; NVidia Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Thunderbolt Vulnerabilities; Alterting Signed PDFs; NVidia Patches https://traffic.libsyn.com/securitypodcast/6390.mp3 https://isc.sans.edu/podcastdetail/6390 Wed, 27 Feb 2019 02:40:02 GMT https://thunderclap.io/thunderclap-paper-ndss2019.pdf
Altering Signed PDF Documents
https://www.pdf-insecurity.org/
NVidia Patches
https://nvidia.custhelp.com/app/answers/detail/a_id/4772
]]> 5:00 nvidia, pdf signatures, thunderbolt, thunderclap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6388 WinRAR ACE Exploited; QR Code Sextortion; Android FIDO2 Compliant; ICANN Pushing DNSSEC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WinRAR ACE Exploited; QR Code Sextortion; Android FIDO2 Compliant; ICANN Pushing DNSSEC https://traffic.libsyn.com/securitypodcast/6388.mp3 https://isc.sans.edu/podcastdetail/6388 Tue, 26 Feb 2019 02:35:02 GMT https://twitter.com/360TIC/status/1099987939818299392
Sextortion Email With QR Code
https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/
ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation
https://www.icann.org/news/announcement-2019-02-22-en
Android FIDO2 Certification
https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
]]> 7:09 fido2, icann, dnssec, sextortion, qr code, winrar, ace, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6386 B0r0nt0k Ransomware; DLink NAS Ransomware; Linkedin Job Offer Ruse Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. B0r0nt0k Ransomware; DLink NAS Ransomware; Linkedin Job Offer Ruse https://traffic.libsyn.com/securitypodcast/6386.mp3 https://isc.sans.edu/podcastdetail/6386 Mon, 25 Feb 2019 01:10:02 GMT https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
Cr1pt0r Ransomware Targets DLink NAS Devices
https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3
LinkedIn Messages Used to Push Fake Job Offers
https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
]]> 5:29 linux, server, ransomware, dlink, nas, b0ront0k, cr1pt0r, linkedin, job offer, malware, backdoor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6384 Adobe Reader/Acrobat Patch; MSFT IIS DoS; Drupal Fix; Linux Kernel RCE; MikroTik Open Proxy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Adobe Reader/Acrobat Patch; MSFT IIS DoS; Drupal Fix; Linux Kernel RCE; MikroTik Open Proxy https://traffic.libsyn.com/securitypodcast/6384.mp3 https://isc.sans.edu/podcastdetail/6384 Fri, 22 Feb 2019 03:25:02 GMT https://helpx.adobe.com/security/products/acrobat/apsb19-13.html
Microsoft Releases Fix for DoS Vulnerability in IIS
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005
Drupal Fixes Remote Code Execution Vulnerability
https://www.drupal.org/sa-core-2019-003
Linux Kernel Code Execution Vulnerablity
https://nvd.nist.gov/vuln/detail/CVE-2019-8912
MikroTik Unauthenticated Proxy
https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
]]> 6:34 microtik, linux, proxy, code execution, kernel, crypto, drupal, iis, microsoft, dos, adobe, ntlm, smb, information leakage, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6382 Edge Flash Whitelist; Bank App Screenshot Grab; Password Manager Weaknesses Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Edge Flash Whitelist; Bank App Screenshot Grab; Password Manager Weaknesses https://traffic.libsyn.com/securitypodcast/6382.mp3 https://isc.sans.edu/podcastdetail/6382 Thu, 21 Feb 2019 02:50:03 GMT https://bugs.chromium.org/p/project-zero/issues/detail?id=1722
Chinese Android Banking App Stores Screenshots of Other Apps
https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html
Password Manager Vulnerabilities
https://www.securityevaluators.com/casestudies/password-manager-hacking/
]]> 6:07 password manager, 1password, keypass, dashlane, android, screenshot, banking, edge, whitelist, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6380 Russian Malspam; GandCrab Decrypter; Phishing From Banks; SHA-2 Patch for Win7/2008 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Russian Malspam; GandCrab Decrypter; Phishing From Banks; SHA-2 Patch for Win7/2008 https://traffic.libsyn.com/securitypodcast/6380.mp3 https://isc.sans.edu/podcastdetail/6380 Wed, 20 Feb 2019 03:35:03 GMT https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/
Bitdefender Releases GandCrab Decrypter
https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/
Bank Infrastructure Used in Phishing Attacks (russian)
https://www.group-ib.ru/blog/incident
SHA-2 Patch For Windows 7 / 2008 R2 SP1
https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
]]> 6:08 sha2, windows 7, 2008, phishing, russian, banks, bitdefender, gandgrab, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6378 What Do You Log; Spectre Followup; VMWare Fixes runc; Exposed Phonecall Recordings Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. What Do You Log; Spectre Followup; VMWare Fixes runc; Exposed Phonecall Recordings https://traffic.libsyn.com/securitypodcast/6378.mp3 https://isc.sans.edu/podcastdetail/6378 Tue, 19 Feb 2019 03:05:02 GMT https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/
Spectre Software Mitigation Insufficient
https://arxiv.org/pdf/1902.05178.pdf
VMWare Releases Update To Address runc Vulnerability
https://www.vmware.com/security/advisories/VMSA-2019-0001.html
Swedish Healthcare Breach Leaks Phone call Recordings
https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet
]]> 5:29 healthcare, voip, call recordings, vmware, runc, spectre, google, chrome, loggin, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6376 Snap Patches; Properties in Office Docs, Bro-Sysmon, Cryptojacking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Snap Patches; Properties in Office Docs, Bro-Sysmon, Cryptojacking https://traffic.libsyn.com/securitypodcast/6376.mp3 https://isc.sans.edu/podcastdetail/6376 Mon, 18 Feb 2019 02:55:03 GMT https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing
Finding Property Values in Office Documents
https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/
Bro-Sysmon
https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88
Cryptojacking Apps in Microsoft App Store
https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
]]> 5:05 google tag manager, gtm, crytojacking, microsoft, store, bro, sysmon, office, oledump, snap, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6374 PDF includes SMB Link; QNAP Malware; Bomb Threat Spammers Arrested; MSP as Gateway Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PDF includes SMB Link; QNAP Malware; Bomb Threat Spammers Arrested; MSP as Gateway https://traffic.libsyn.com/securitypodcast/6374.mp3 https://isc.sans.edu/podcastdetail/6374 Fri, 15 Feb 2019 03:30:02 GMT https://isc.sans.edu/forums/diary/Suspicious+PDF+Connecting+to+a+Remote+SMB+Share/24646/
QNAP Malware
https://www.qnap.com/en/security-advisory/nas-201902-13
Bomb Threat Spammers Arrested
https://www.justice.gov/usao-cdca/pr/members-hacker-collective-face-federal-charges-attacking-computer-systems-emailing-mass
Managed Service Providers Targeted By Ransomware
https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
]]> 5:47 qnap, msp, pdf, bomb, ransomware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6372 Fake Updates; Shlayer vs. Gatekeeper; Cisco Def. Passwd Patch; VFEMail Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake Updates; Shlayer vs. Gatekeeper; Cisco Def. Passwd Patch; VFEMail https://traffic.libsyn.com/securitypodcast/6372.mp3 https://isc.sans.edu/podcastdetail/6372 Thu, 14 Feb 2019 03:40:02 GMT https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/
macOS Malware (Shlayer) Disables Gatekeeper
https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/
Microsoft Exchange Server Patch (Errata for yesterday's podcast)
https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce
Cisco Network Assurance Engine Password Synchronization Issue
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos
VFEMail Backup Failure
https://www.vfemail.net/
]]> 5:50 vfemail, backup, cisco, password, microsoft, exchange, shlayer, gatekeeper, macos, updates, fake, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6370 Microsoft Updates; Adobe Updates; Ubuntu snapd dirty_sock Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Updates; Adobe Updates; Ubuntu snapd dirty_sock https://traffic.libsyn.com/securitypodcast/6370.mp3 https://isc.sans.edu/podcastdetail/6370 Wed, 13 Feb 2019 03:10:02 GMT https://isc.sans.edu/forums/diary/Microsoft+February+2019+Patch+Tuesday/24638/
Adobe Updates
https://helpx.adobe.com/security.html
Ubuntu Linux snapd "dirty_sock" exploit
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
]]> 5:24 ubuntu, snapd, dirty_sock, adobe, acrobat, cold fusion, microsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6368 Docker runc Vulnerability; MacOS Privacy Flaw; Android Crypto Clipper Malware; Not an E-Mail Virus Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Docker runc Vulnerability; MacOS Privacy Flaw; Android Crypto Clipper Malware; Not an E-Mail Virus https://traffic.libsyn.com/securitypodcast/6368.mp3 https://isc.sans.edu/podcastdetail/6368 Tue, 12 Feb 2019 03:20:02 GMT https://seclists.org/oss-sec/2019/q1/119
MacOS Mojave Privacy Flaw
https://lapcatsoftware.com/articles/mojave-privacy3.html
Android Malware Steals Crypto Addresses from Clipboard
https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/
Not An E-Mail Virus, Just Intersting Malware
https://isc.sans.edu/forums/diary/Have+You+Seen+an+Email+Virus+Recently/24634/
]]> 4:54 email, virus, malware, android, macos, privacy, mojave, docker, runc, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6366 JavaScript Phishing; Translated Phishing; iPhone Screen Record Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. JavaScript Phishing; Translated Phishing; iPhone Screen Record https://traffic.libsyn.com/securitypodcast/6366.mp3 https://isc.sans.edu/podcastdetail/6366 Mon, 11 Feb 2019 03:25:02 GMT https://isc.sans.edu/forums/diary/Phishing+Kit+with+JavaScript+Keylogger/24622/
Phishing Via Google Translate
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html
iPhone Apps Record Screens
https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/
Packet Challenge
https://johannes.homepc.org/packet10.txt
]]> 6:49 iphone, phishing, google translate, javascript, glassbox, record screen, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6364 Value of UAC; Apple Releases Facetime Patch; Skype Blured Background; 2nd MSFT Exchange Advisory Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Value of UAC; Apple Releases Facetime Patch; Skype Blured Background; 2nd MSFT Exchange Advisory https://traffic.libsyn.com/securitypodcast/6364.mp3 https://isc.sans.edu/podcastdetail/6364 Fri, 08 Feb 2019 03:40:02 GMT https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/
Apple Releases Facetime Patch
https://support.apple.com/en-us/HT201222
Skype Video Now Allows For Blurred Background
https://blogs.skype.com/news/2019/02/06/introducing-background-blur-in-skype/
Microsoft Exchange Server Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190007
]]> 5:28 exchange, ntlm, skype, blurred, apple, facetime, ios, mohjave, uac, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6362 PNG Android Vulnerability; Skia Graphics Library Vuln; Google Chrome Password Check; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PNG Android Vulnerability; Skia Graphics Library Vuln; Google Chrome Password Check; https://traffic.libsyn.com/securitypodcast/6362.mp3 https://isc.sans.edu/podcastdetail/6362 Wed, 06 Feb 2019 23:50:02 GMT https://source.android.com/security/bulletin/2019-02-01.html
Skia Graphics Library Vulnerability
https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html
Google Chrome Password Check
https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno/related
Hancitor HelloFax Malspam
https://isc.sans.edu/forums/diary/Hancitor+malspam+and+infection+traffic+from+Tuesday+20190205/24616/
]]> 6:26 Hancitor, hellofax, google, chrome, passwords, skia, android, png, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6360 Mimikatz Defenses; LibreOffice Vulnerability; Firefox 65 And HTTPS AV Scanning Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Mimikatz Defenses; LibreOffice Vulnerability; Firefox 65 And HTTPS AV Scanning https://traffic.libsyn.com/securitypodcast/6360.mp3 https://isc.sans.edu/podcastdetail/6360 Wed, 06 Feb 2019 00:50:02 GMT https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks/24612/
LibreOffice Macro Vulnerability
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
Firefox 65 Breaks HTTPS AV Scanning
https://bugzilla.mozilla.org/show_bug.cgi?id=1523701
RDP Client Vulnerabilities
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
DNS "Lookingglass"
https://isc.sans.edu/tools/dnslookup.html
]]> 6:42 dns, lookingglass, firefox, tls, rdp, client, libreoffice, openoffice, mimikatz, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6358 Exploiting Struts in vCenter; Wikipedia Tech Support Scam; Stealing MacOS Keychain; Spy Beauty Cameras Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exploiting Struts in vCenter; Wikipedia Tech Support Scam; Stealing MacOS Keychain; Spy Beauty Cameras https://traffic.libsyn.com/securitypodcast/6358.mp3 https://isc.sans.edu/podcastdetail/6358 Tue, 05 Feb 2019 02:05:02 GMT https://isc.sans.edu/forums/diary/Struts+Vulnerability+CVE20175638+on+VMware+vCenter+the+Gift+that+Keeps+on+Giving/24606/
Wikipedia Tech Support Scam
https://isc.sans.edu/forums/diary/Wikipedia+Articles+as+part+of+Tech+Support+Scamming+Campaigns/24608/
Stealing MacOS Keychain
https://www.youtube.com/watch?v=nYTBZ9iPqsU
Beauty Camera Ads for Android include Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
]]> 5:21 beauty camera, android, spyware, adware, macos, keychain, wikipedia, tech support scam, sruts, vcenter, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6356 Sextortion Update; Ubiquity Discovery DDoS; Google Typodomain Warnings; Youtube Extortion Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sextortion Update; Ubiquity Discovery DDoS; Google Typodomain Warnings; Youtube Extortion https://traffic.libsyn.com/securitypodcast/6356.mp3 https://isc.sans.edu/podcastdetail/6356 Mon, 04 Feb 2019 03:30:03 GMT https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+cashout+begins/24592/
Ubiquity Devices Used in DDoS Attack
https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/?fbclid=IwAR0OUPQIfSV7YsBLvkjoC2WIbe_E4p9WGAM4LCTsL9TKr30I7aQ2Qwqoins
Google Chrome Experimenting with Typo Domain Detection
https://www.usenix.org/conference/enigma2019/presentation/stark
YouTube Copyright Extortion
https://www.youtube.com/watch?v=Q0i-sLESXqo
]]> 7:43 youtube, copyright, extortion, google, chrome, typo, ubiquity, discovery, ddos, sextortion, bitcoin, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6354 Tracking DNS Changes; Systemd Exploit; Windows Defender Boot Issues; MacOS Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Tracking DNS Changes; Systemd Exploit; Windows Defender Boot Issues; MacOS Malware https://traffic.libsyn.com/securitypodcast/6354.mp3 https://isc.sans.edu/podcastdetail/6354 Fri, 01 Feb 2019 00:40:02 GMT https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/
SystemD/JournalD PoC Exploit
https://capsule8.com/blog/exploiting-systemd-journald-part-1/
Windows Defender Boot Issues
https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform
Mac Malware Steals Crytocurrency Exchange Cookies
https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
]]> 6:03 mac, ox x, malware, cryptocurrency, cookies, windows, defender, boot, systemd, journald, dns, tracking, nagios, ossec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6352 Chrome Update; Firefox Update; Facbook/Google iOS Spy VPN; Samsung Store RCE Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Chrome Update; Firefox Update; Facbook/Google iOS Spy VPN; Samsung Store RCE https://traffic.libsyn.com/securitypodcast/6352.mp3 https://isc.sans.edu/podcastdetail/6352 Thu, 31 Jan 2019 02:35:02 GMT https://www.zdnet.com/article/google-chrome-72-removes-hpkp-deprecates-tls-1-0-and-tls-1-1/
Firefox Update
https://techdows.com/2019/01/firefox-to-disable-extensions-in-private-browsing-mode-by-default.html
Facebook (and Google) Research VPN
https://techcrunch.com/2019/01/29/facebook-project-atlas/
https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/
RCE In Samsung Store via "evilgrade"
https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
]]> 5:50 chrome, firefox, facebook, google, research vpn, vpn, rce, samsung, evilgrade, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6350 Phishing IPv6 Miss; Facetime Bug Update; Outlook 365 Error Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phishing IPv6 Miss; Facetime Bug Update; Outlook 365 Error https://traffic.libsyn.com/securitypodcast/6350.mp3 https://isc.sans.edu/podcastdetail/6350 Wed, 30 Jan 2019 01:55:03 GMT https://isc.sans.edu/forums/diary/A+Not+So+Well+Done+Phish+Why+Attackers+need+to+Implement+IPv6+Now/24582/
Apple Disables Facetime Group Messages
https://www.apple.com/support/systemstatus/
Outlook 365 Safe Link Errors
https://twitter.com/Swiss_Jay/status/1090271197193940992
]]> 5:49 outlook 365, 503, facetime, apple, ipv6, phishing, realtor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6348 Exchange Server Priv. Escalation; Facetime Spy Bug; AZORult Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Exchange Server Priv. Escalation; Facetime Spy Bug; AZORult https://traffic.libsyn.com/securitypodcast/6348.mp3 https://isc.sans.edu/podcastdetail/6348 Tue, 29 Jan 2019 02:15:03 GMT https://isc.sans.edu/forums/diary/Relaying+Exchanges+NTLM+authentication+to+domain+admin+and+more/24578/
Facetime Bug Allows Users to Receive Audio before Call is Accepted
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/
AZORult Fake (signed) Google Update
https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
]]> 5:09 azorult, google, minerva, facetime, spy, exchange, ntlm, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6346 Cisco RV320/5 Vuln Exploited; Signed HTTP Exchanges; BGP Research Affects Routers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cisco RV320/5 Vuln Exploited; Signed HTTP Exchanges; BGP Research Affects Routers https://traffic.libsyn.com/securitypodcast/6346.mp3 https://isc.sans.edu/podcastdetail/6346 Mon, 28 Jan 2019 03:00:03 GMT https://github.com/0x27/CiscoRV320Dump
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
HTTP Signed Exchanges
https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html
BGP Experiments Disrupt Routers
https://mailman.nanog.org/pipermail/nanog/2019-January/098761.html
Packet Challenge
https://johannes.homepc.org/packet9.txt
]]> 7:03 packetlife, packet, routers, bpg, HTTP Signed Exchanges, Cisco, RV320, RV325, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6344 Ghostscript RCE; Exchange Priv Escalation; iOS Remote Jailbreak Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ghostscript RCE; Exchange Priv Escalation; iOS Remote Jailbreak https://traffic.libsyn.com/securitypodcast/6344.mp3 https://isc.sans.edu/podcastdetail/6344 Fri, 25 Jan 2019 02:10:02 GMT https://www.openwall.com/lists/oss-security/2019/01/23/5
Abusing Exchange to Obtain Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
IPC Voucher UaF Remote Jailbreak
http://blogs.360.cn/post/IPC%20Voucher%20UaF%20Remote%20Jailbreak%20Stage%202%20(EN).html
Cisco Security Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
]]> 5:37 cisco, sd-wan, patches, ipc, uaf, ios, apple, jailbreak, exchange, domain admin, ghostscript, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6342 DHS Suggests Checking DNS; Azure Domain Abuse; Twitter Tech Support Scam Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DHS Suggests Checking DNS; Azure Domain Abuse; Twitter Tech Support Scam https://traffic.libsyn.com/securitypodcast/6342.mp3 https://isc.sans.edu/podcastdetail/6342 Thu, 24 Jan 2019 00:50:02 GMT https://cyber.dhs.gov/ed/19-01/
Abuse of Trusted Microsoft Azure Domains
https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/issues/233
Tech Support Scammers Unmasked
https://www.fidusinfosec.com/turning-the-tables-on-virgin-media-twitter-scammers/
]]> 5:11 tech support scam, twitter, microsoft, azure, domains, dhs, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6340 Turning MISP Data into RPZs; APT Vulnerability; PEAR compromise; Apple Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Turning MISP Data into RPZs; APT Vulnerability; PEAR compromise; Apple Updates https://traffic.libsyn.com/securitypodcast/6340.mp3 https://isc.sans.edu/podcastdetail/6340 Wed, 23 Jan 2019 00:55:02 GMT https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/
Man in the Middle Vulnerablity in apt
https://justi.cz/security/2019/01/22/apt-rce.html
PHP PEAR Compromised Package
http://pear.php.net
Apple Security Updates
https://support.apple.com/en-us/HT201222
]]> 7:08 apple, patches, ios, mac os, watchos, safari, tvos, php pear, apt, mitm, misp, rpz, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6338 Suspect GET Requests (need help!); DNS Flag Day Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Suspect GET Requests (need help!); DNS Flag Day https://traffic.libsyn.com/securitypodcast/6338.mp3 https://isc.sans.edu/podcastdetail/6338 Tue, 22 Jan 2019 02:15:02 GMT https://isc.sans.edu/forums/diary/Suspicious+GET+Request+Do+You+Know+What+This+Is/24552/
DNS Flag Day
https://dnsflagday.net/
]]> 5:31 dns, flag day, supicious get request, aes256, gpg, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6336 Drupal Patch; WPML Hack; Google Drive for C&C; Packet Challenge Solution Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Drupal Patch; WPML Hack; Google Drive for C&C; Packet Challenge Solution https://traffic.libsyn.com/securitypodcast/6336.mp3 https://isc.sans.edu/podcastdetail/6336 Mon, 21 Jan 2019 03:55:03 GMT https://www.drupal.org/sa-core-2019-002
https://www.drupal.org/sa-core-2019-001
WPML User Data Compromised and Used in EMail To Customers
https://wpml.org/2019/01/wpml-org-site-back-to-normal-after-an-attack-during-the-weekend/
Targeted Attack Uses Google Drive for Exfiltration
https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/
Packet Challenge Solution
https://johannes.homepc.org/packet8.txt
]]> 6:13 drupal, wordpress, wpml, employee, insider, ssh, google drive, packet challenge, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6334 Android Malware Motion Evasion; Twitter for Android Bug; WebAuthn/FIDO2; Iranian RaaS Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Android Malware Motion Evasion; Twitter for Android Bug; WebAuthn/FIDO2; Iranian RaaS https://traffic.libsyn.com/securitypodcast/6334.mp3 https://isc.sans.edu/podcastdetail/6334 Fri, 18 Jan 2019 02:05:03 GMT https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/
Twitter for Android Bug
https://help.twitter.com/en/protected-tweets-android
Introduction to WebAuthn/FIDO2
https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285
Ransomware As a Service
https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/
]]> 6:20 ransomware as a service, ransomware, webauthn, fido2, raas, iran, twitter, android, malware, banking trojan, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6332 Emotet Update; Magecart Advertising; Premisys Vulnerabilities; ES File Explorer https://isc.sans.edu/podcastdetail.html?podcastid=6332 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet Update; Magecart Advertising; Premisys Vulnerabilities; ES File Explorer https://isc.sans.edu/podcastdetail.html?podcastid=6332 https://traffic.libsyn.com/securitypodcast/6332.mp3 https://isc.sans.edu/podcastdetail/6332 Thu, 17 Jan 2019 01:47:39 GMT https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
Magecart Delivered Via Compromised Advertising Sites
https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/
Premisys Identicard Vulnerabilities
https://www.tenable.com/security/research/tra-2019-01
ES File Explorer Open Port Vulnerability
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln]]> 5:54 es file explorer, premisys, magecart, emotet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6330 MSFT Skype/Team Foundation Server Patch; SCP Client Vulnerabilites; Hosting Vulnerabilites; Industri Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Skype/Team Foundation Server Patch; SCP Client Vulnerabilites; Hosting Vulnerabilites; Industri https://traffic.libsyn.com/securitypodcast/6330.mp3 https://isc.sans.edu/podcastdetail/6330 Wed, 16 Jan 2019 05:15:03 GMT https://isc.sans.edu/forums/diary/Microsoft+Publishes+Patches+for+Skype+for+Business+and+Team+Foundation+Server/24540/
SCP Client Vulnerabilities
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Server Hosting Companies Trivilally Hacked
https://www.websiteplanet.com/blog/report-popular-hosting-hacked/
Vulnerabilities in Industrial Remote Controls
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/attacks-against-industrial-machines-via-vulnerable-radio-remote-controllers-security-analysis-and-recommendations
Oracle Quarterly Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
]]> 6:06 oracle, vulnerabilities, cpu, remote controls, crane, server hosting, hosting, scp, skype, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6328 Microsoft LAPS; Intel SGX Update; Godaddy Injecting JavaScript; Play with Docker Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft LAPS; Intel SGX Update; Godaddy Injecting JavaScript; Play with Docker https://traffic.libsyn.com/securitypodcast/6328.mp3 https://isc.sans.edu/podcastdetail/6328 Mon, 14 Jan 2019 23:30:02 GMT https://isc.sans.edu/forums/diary/Microsoft+LAPS+Blue+Team+Red+Team/24528/
Intel SGX Platform Update
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html
Godaddy Injecting JavaScript
https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/
Play with Docker Vulnerability
https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
]]> 5:59 play with docker, pwd, godaddy, javascript, intel, sgx, patch, laps, microsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6326 .gov TLS Failures; Firefox Flash EOL; Fake Movie Malware; MSFT Patch Breaks Access 97 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. .gov TLS Failures; Firefox Flash EOL; Fake Movie Malware; MSFT Patch Breaks Access 97 https://traffic.libsyn.com/securitypodcast/6326.mp3 https://isc.sans.edu/podcastdetail/6326 Mon, 14 Jan 2019 02:20:02 GMT https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html
Firefox EOL Plan for Flash
https://bugzilla.mozilla.org/show_bug.cgi?id=1519434
Fake Movie File Malware
https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/
Microsoft Windows Patch Breaks Access 97
https://borncity.com/win/2019/01/11/windows-january-2019-updates-breaks-access-to-access-dbs/
Snorpy Assists in Snort Rule Writing
https://isc.sans.edu/forums/diary/Snorpy+a+Web+Base+Tool+to+Build+SnortSuricata+Rules/24522/
Packet Challenge]]> 5:51 packet challenge, dns, packets, snorpy, snort, access, microsoft, patc, movie, malware, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6324 I Love You Again; Juniper got Love for you; Systemd doesn't love you; Iran Love DNS; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. I Love You Again; Juniper got Love for you; Systemd doesn't love you; Iran Love DNS; https://traffic.libsyn.com/securitypodcast/6324.mp3 https://isc.sans.edu/podcastdetail/6324 Fri, 11 Jan 2019 00:05:02 GMT https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512/
Juniper Updates Released
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916&cat=SIRT_1&actp=LIST
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10918&cat=SIRT_1&actp=LIST
New Systemd/Journald Exploit Release
https://www.qualys.com/2019/01/09/system-down/system-down.txt
Global DNS Hijacking
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
]]> 5:41 dns, iran, fireeye, systemd, journald, juniper, i love you, malspam, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6322 Face Recog. Test; Google DNS-over-TLS; Malwarebytes vs Win7 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Face Recog. Test; Google DNS-over-TLS; Malwarebytes vs Win7 https://traffic.libsyn.com/securitypodcast/6322.mp3 https://isc.sans.edu/podcastdetail/6322 Thu, 10 Jan 2019 02:15:02 GMT https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
Review of Smartphone Face Recognition
https://www.consumentenbond.nl/veilig-internetten/gezichtsherkenning-te-hacken
Google Public DNS now supports DNS-over-TLS
https://security.googleblog.com/2019/01/google-public-dns-now-supports-dns-over.html
Malwarebytes Freezes Windows 7
https://forums.malwarebytes.com/topic/241223-malwarebytes-for-windows-and-windows-7-freezelock-up/
German Police Looking for MAC Address
https://polizei.brandenburg.de/pressemeldung/f8-e0-79-af-57-eb-cyber-fahndung-nach-ma/1310909
]]> 5:54 certificates, mkcert, face recognition, smart phones, dns-over-tls, port 853, malwarebytes, mac address, german police, dhl, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6320 Microsoft Patch Tuesday; Adobe Updates; Google Play Store Adware; ETC 51% Attack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Updates; Google Play Store Adware; ETC 51% Attack https://traffic.libsyn.com/securitypodcast/6320.mp3 https://isc.sans.edu/podcastdetail/6320 Wed, 09 Jan 2019 00:20:02 GMT https://isc.sans.edu/forums/diary/Microsoft+January+2019+Patch+Tuesday/24504/
https://patchtuesdaydashboard.com/
Adobe Updates
https://helpx.adobe.com/security.html
Google Play Store Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/
Ethereum Classic 51% Attack
https://blog.coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de
]]> 5:48 ethereum, etc, 51%, google, adware, adobe, microsoft, patch tuesday, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6318 Encrypted Word Doc; iOS Apps and Malware C&C; NCSC Offers Help; Page Cache Side Channel Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Encrypted Word Doc; iOS Apps and Malware C&C; NCSC Offers Help; Page Cache Side Channel https://traffic.libsyn.com/securitypodcast/6318.mp3 https://isc.sans.edu/podcastdetail/6318 Tue, 08 Jan 2019 03:30:02 GMT https://isc.sans.edu/forums/diary/Analyzing+Encrypted+Malicious+Office+Documents/24498/
Apple iOS Apps Reaching Out to Malware Server
https://www.wandera.com/risky-apps/
NCSC Offers Assistance Against Attacks from Foreign Governments
https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-awareness-materials
Hardware Agnostic Side Channel Attacks
https://arxiv.org/abs/1901.01161
]]> 7:02 page cache, side channel, ncsc, ios, appstore, malware, encrypted, word, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6316 TAR Malware; ReiKey Protects Macs from Keystroke Loggers; Substition Cipher Font Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TAR Malware; ReiKey Protects Macs from Keystroke Loggers; Substition Cipher Font Phishing https://traffic.libsyn.com/securitypodcast/6316.mp3 https://isc.sans.edu/podcastdetail/6316 Mon, 07 Jan 2019 02:50:02 GMT https://isc.sans.edu/forums/diary/Malicious+tar+Attachments/24496/
ReiKey MacOS Keystoke Logger Detector
https://objective-see.com/products/reikey.html
Phishing Tool Kit uses Simple Substituion Fonts
https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection
]]> 6:42 phishing, fonts, substituion, tar, malware, keystroke logger, reikey, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6314 Malware Leaks Data Via FTP; Hijacking Dormant Twitter Accounts; Critical Adobe Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Leaks Data Via FTP; Hijacking Dormant Twitter Accounts; Critical Adobe Update https://traffic.libsyn.com/securitypodcast/6314.mp3 https://isc.sans.edu/podcastdetail/6314 Fri, 04 Jan 2019 00:15:03 GMT https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/24484/
Hijacking Dormant Twitter Accounts
https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/
Android Authentication Bypass via Skype
https://www.youtube.com/watch?v=EiEcwOfTFqI
Critical Adobe Updates
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
FilesLocker Ransomware Master Key Published
https://www.bleepingcomputer.com/news/security/master-decryption-key-released-for-fileslocker-ransomware/
]]> 6:07 fileslocker, ransomware, adobe, acrobat, reader, android, lock screen bypass, twitter, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6312 Gift Card Scams; Wifi Chipset Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Gift Card Scams; Wifi Chipset Exploit https://traffic.libsyn.com/securitypodcast/6312.mp3 https://isc.sans.edu/podcastdetail/6312 Thu, 03 Jan 2019 01:35:03 GMT https://isc.sans.edu/forums/diary/Gift+Card+Scams+on+the+rise/24482/
WiFi Chipset Exploit
https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf?fbclid=IwAR07FmZGKLKdJAKI4g0o-Wm-dLGwclV8Hhi-L4_HRlklldY8UC6WY72AdAw
]]> 5:51 wifi, gift cards, exploit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6310 Vein Scanner Bypass; Lightbulb Bots; EU Open Source Bug Bounty Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Vein Scanner Bypass; Lightbulb Bots; EU Open Source Bug Bounty https://traffic.libsyn.com/securitypodcast/6310.mp3 https://isc.sans.edu/podcastdetail/6310 Wed, 02 Jan 2019 01:50:02 GMT https://media.ccc.de/v/35c3-9545-venenerkennung_hacken
Hacking Smart Lightbulbs and Firmware Exploits
https://media.ccc.de/v/35c3-9723-smart_home_-_smart_hack
European Union Offers Bug Bounty for Open Source Software
https://juliareda.eu/fossa/
Bypassing Google ReCaptcha
https://github.com/ecthros/uncaptcha2
]]> 7:15 ccc, vein, scanner, biometrics, lightbulb, iot, open source, bug bounty, recaptcha, uncaptcha, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6308 Phish with Click Counter; Insecure IPMI Ransomware; MS Edge RCE Exploit; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Phish with Click Counter; Insecure IPMI Ransomware; MS Edge RCE Exploit; https://traffic.libsyn.com/securitypodcast/6308.mp3 https://isc.sans.edu/podcastdetail/6308 Fri, 28 Dec 2018 01:40:02 GMT https://isc.sans.edu/forums/diary/Matryoshka+Phish/24460/
JungleSec Ransomware Attacks via IPMI
https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/
Microsoft Edge PoC RCE Exploit
https://github.com/phoenhex/files/blob/master/pocs/cve-2018-8629-chakra.js
]]> 6:04 microsoft, edge, exploit, junglesec, ipmi, ransomware, phishing, ip counter, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6306 Problems with IE Emergency Patch; Bitcoin Blacklists; D-Link Password Overflow; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Problems with IE Emergency Patch; Bitcoin Blacklists; D-Link Password Overflow; https://traffic.libsyn.com/securitypodcast/6306.mp3 https://isc.sans.edu/podcastdetail/6306 Wed, 26 Dec 2018 23:20:01 GMT https://support.microsoft.com/en-us/help/4483229/december192018kb4483229osbuild143932670
Bitcoin Blacklists
https://isc.sans.edu/forums/diary/Bitcoin+Blacklists/24456/
D-Link DIR-816 A2 Stack Overflow
https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816
]]> 2:44 dlink, bitcoin, lenovo, emergency patch, problems, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6304 Windows 0-Day PoC; Targeted 2FA Attacks; Booter Services Shut Down; Intel VISA Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows 0-Day PoC; Targeted 2FA Attacks; Booter Services Shut Down; Intel VISA https://traffic.libsyn.com/securitypodcast/6304.mp3 https://isc.sans.edu/podcastdetail/6304 Fri, 21 Dec 2018 01:00:04 GMT https://sandboxescaper.blogspot.com/2018/12/readfile-0day.html
Attacks Against 2FA in the Middle East
https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/
FBI Shuts Down Booter Services
http://www.documentcloud.org/documents/5648950-DOJ-indictments-in-booter-cases.html
Intel VISA Undocumented Debug Feature
https://www.blackhat.com/asia-19/briefings/schedule/index.html#intel-visa-through-the-rabbit-hole-13513
]]> 5:44 intel, visa, fbi, booter, ddos, cloudflare, 2fa, middle east, amnesty, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6302 Emergency MSFT IE Patch; Restricting PowerShell; BMC Server Bricking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emergency MSFT IE Patch; Restricting PowerShell; BMC Server Bricking https://traffic.libsyn.com/securitypodcast/6302.mp3 https://isc.sans.edu/podcastdetail/6302 Thu, 20 Dec 2018 00:25:03 GMT https://isc.sans.edu/forums/diary/Microsoft+OOB+Patch+for+Internet+Explorer+Scripting+Engine+Memory+Corruption+Vulnerability/24438/
Restricting PowerShell Capabilities with NetSh
https://isc.sans.edu/forums/diary/Restricting+PowerShell+Capabilities+with+NetSh/24434/
Remotely Bricking a Server
https://eclypsium.com/2018/12/19/remotely-bricking-a-server/
]]> 4:16 Microsoft, Internet Explorer, powershell, netsh, bmc, bricking, servers, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6300 ASUS/Gigabyte Vulns; Apple Phishing; Kibana Exploit; SANS Holiday Hack Challenge #kringlecon Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ASUS/Gigabyte Vulns; Apple Phishing; Kibana Exploit; SANS Holiday Hack Challenge #kringlecon https://traffic.libsyn.com/securitypodcast/6300.mp3 https://isc.sans.edu/podcastdetail/6300 Wed, 19 Dec 2018 01:00:04 GMT https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
GIGABYTE Vulnerabilities
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Apple App Store Phishing
https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts
Kibana Vulnerability Exploited
https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/
Decrypter for InsaneCrypt and Everbe 1
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-insanecrypt-or-everbe-1-family-of-ransomware/
http://id-ransomware.malwarehunterteam.com/
SANS Holiday Hack Challenge
https://www.kringlecon.com
]]> 5:35 asus, gigabyte, apple, phishing, cecrypted, insanecrypt, everbe, kringlecon, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6298 ZIPed Maldoc; Memes Covert Channel; Shamoon is Back Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ZIPed Maldoc; Memes Covert Channel; Shamoon is Back https://traffic.libsyn.com/securitypodcast/6298.mp3 https://isc.sans.edu/podcastdetail/6298 Tue, 18 Dec 2018 02:45:03 GMT https://isc.sans.edu/forums/diary/Password+Protected+ZIP+with+Maldoc/24426/
Memes Used as Covert Command and Control Channel
https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/
Shamoon Disk Whipper Malware is Back
https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
]]> 5:23 zipped, maldoc, password, meme, covert channel, shamoon, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6296 Magellan Sqlite Vulnerability; Logitech Options Vuln; Intel NUC; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Magellan Sqlite Vulnerability; Logitech Options Vuln; Intel NUC; https://traffic.libsyn.com/securitypodcast/6296.mp3 https://isc.sans.edu/podcastdetail/6296 Mon, 17 Dec 2018 04:55:02 GMT https://blade.tencent.com/magellan/index_en.html
Logitech Options Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1663
Intel NUC BIOS Protection Flaw
https://embedi.org/blog/nuclear-explotion/
HiddenTear Ransomware Decrypter
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-hiddentear-ransomware-with-ht-brute-forcer/
]]> 4:57 magellan, sqlite, logitech, intel, nuc, bios, hiddentear, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6294 Fake E-Mail Bomb Threats; Phishing Via Non-Delivery Notices; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake E-Mail Bomb Threats; Phishing Via Non-Delivery Notices; https://traffic.libsyn.com/securitypodcast/6294.mp3 https://isc.sans.edu/podcastdetail/6294 Fri, 14 Dec 2018 02:20:02 GMT https://www.cnn.com/2018/12/13/us/email-bomb-threats/index.html
Phishing Via Non-Delivery Notices
https://isc.sans.edu/forums/diary/Phishing+Attack+Through+NonDelivery+Notification/24412/
LamePyre MacOS Malware
https://blog.malwarebytes.com/detections/osx-lamepyre/
]]> 6:39 phishing, bomb threats, non-delivery, outlook 365, lamepyre, macos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6292 DOSFuscation Leads to Emotet; OpenSSH Backdoors; Android Malware 2FA Bypass; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DOSFuscation Leads to Emotet; OpenSSH Backdoors; Android Malware 2FA Bypass; https://traffic.libsyn.com/securitypodcast/6292.mp3 https://isc.sans.edu/podcastdetail/6292 Thu, 13 Dec 2018 01:20:02 GMT https://isc.sans.edu/forums/diary/Yet+Another+DOSfuscation+Sample/24408/
OpenSSH Backdoors
https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
Android Malware Bypasses 2FA For Paypal
https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
]]> 4:55 android, malware, 2fa, paypal, openssh, dosfuscation, word, emotet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6290 #MSFT Patch Tuesday; #Adbode Patch; Certificate Authority DNS Spoofing Weakness Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #MSFT Patch Tuesday; #Adbode Patch; Certificate Authority DNS Spoofing Weakness https://traffic.libsyn.com/securitypodcast/6290.mp3 https://isc.sans.edu/podcastdetail/6290 Wed, 12 Dec 2018 00:55:02 GMT https://isc.sans.edu/forums/diary/Microsoft+December+2018+Patch+Tuesday/24404/
Adobe Patch Tuesday
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
Certificate Authority Weaknesses
https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf
]]> 5:31 certificate authorities, CA, adobe, microsoft, dns, fragmentation, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6288 Kubernetes 2nd PoC; WebAssembly Creates Client Side Buffer Overflow; Etherum scans Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Kubernetes 2nd PoC; WebAssembly Creates Client Side Buffer Overflow; Etherum scans https://traffic.libsyn.com/securitypodcast/6288.mp3 https://isc.sans.edu/podcastdetail/6288 Tue, 11 Dec 2018 03:50:02 GMT https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc
WebAssembly Brings Buffer Overflows to Browsers
https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly
Increased Ethereum Miner Attacks
https://isc.sans.edu/port.html?port=8545
https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter
Android Click Fraud Apps are Emulating iPhones for Higher Revenue
https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/
]]> 5:45 android, user-agent, iphone, click fraud, ethereum, json-rpc, api, miner, webassembly, buffer overflow, kubernetes, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6286 Analyzing Malicious Docker Images; Sextortion Ransomware; WebKit Exploit; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing Malicious Docker Images; Sextortion Ransomware; WebKit Exploit; https://traffic.libsyn.com/securitypodcast/6286.mp3 https://isc.sans.edu/podcastdetail/6286 Mon, 10 Dec 2018 01:55:02 GMT https://isc.sans.edu/forums/diary/A+Dive+into+malicious+Docker+Containers/24388/
Arrest of Huawei CFO Inspires Advance Fee Scam
https://isc.sans.edu/forums/diary/Arrest+of+Huawei+CFO+Inspires+Advance+Fee+Scam/24396/
Sextortion Messages Leading to Ransomware
https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware
WebKit Exploit Released
https://github.com/LinusHenze/WebKit-RegEx-Exploit
Implants Found in Russian Banks
https://securelist.com/darkvishnya/89169/
]]> 5:45 banks, webkit, exploit, safari, sextortion, ransomware, huawei, advance fee, docker, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6284 Adobe Vuln. PoC; WatchOS Update; Data Exfiltration; Marketing 2FA @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Adobe Vuln. PoC; WatchOS Update; Data Exfiltration; Marketing 2FA @sans_edu https://traffic.libsyn.com/securitypodcast/6284.mp3 https://isc.sans.edu/podcastdetail/6284 Fri, 07 Dec 2018 00:45:03 GMT https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/
WatchOS Update
https://support.apple.com/en-us/HT209343
Data Exfiltration During Pentests
https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/
PoC Exploit for Kubernetes Vulnerability
https://github.com/evict/poc_CVE-2018-1002105
Preston Ackerman: Marketing 2FA
https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695
]]> 21:33 2fa, sans_edu, ackerman, poc, kubernetes, exfiltration, pentesting, watchos, updates, adobe, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6282 Flash Update; Apple Patches; 3-5G Network Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Flash Update; Apple Patches; 3-5G Network Vulnerability https://traffic.libsyn.com/securitypodcast/6282.mp3 https://isc.sans.edu/podcastdetail/6282 Thu, 06 Dec 2018 01:40:02 GMT https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
Apple Updates Everything (but not WatchOS)
https://support.apple.com/en-us/HT201222
New Privacy Issues Affecting 3G-5G protocols
https://eprint.iacr.org/2018/1175
]]> 5:06 lte, 3g, 5g, sim, mobile, privacy, apple, ios, osx, macox, appletv, tvos, flash, adobe, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6280 Lokibot Update; Fake Ransomware Decrypt Service; Chrome 71 Released Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Lokibot Update; Fake Ransomware Decrypt Service; Chrome 71 Released https://traffic.libsyn.com/securitypodcast/6280.mp3 https://isc.sans.edu/podcastdetail/6280 Wed, 05 Dec 2018 00:00:03 GMT https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/
Latest Lokibot Malspam
https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/
Chrome 71 Released
https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/
RSA Followup Webcast
https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come
]]> 6:25 RSA, Webcast, Chrome, lokibot, ransomware, marriott, spg, starwood, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6278 Hiding in Plain Doc; Kubernets Patch; US-Cert SamSam Alert; Tricky iOS App Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hiding in Plain Doc; Kubernets Patch; US-Cert SamSam Alert; Tricky iOS App https://traffic.libsyn.com/securitypodcast/6278.mp3 https://isc.sans.edu/podcastdetail/6278 Tue, 04 Dec 2018 01:10:02 GMT https://isc.sans.edu/forums/diary/Word+maldoc+yet+another+place+to+hide+a+command/24370/
US-Cert Releases SamSam Alerts
https://www.us-cert.gov/ncas/alerts/AA18-337A
Kubernetes Patches
https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
Malicious iOS App Tricks User in Payment
https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead/
]]> 4:54 maldoc, word, oledump, us-cert, samsam, kubernetes, ios, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6276 KingMiner; Siglent Osciloscope Vuln; Autocad Malware; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. KingMiner; Siglent Osciloscope Vuln; Autocad Malware; https://traffic.libsyn.com/securitypodcast/6276.mp3 https://isc.sans.edu/podcastdetail/6276 Mon, 03 Dec 2018 00:50:02 GMT https://research.checkpoint.com/kingminer-the-new-and-improved-cryptojacker/
Siglent Technologies Oscilloscope Vulnerabilities
https://seclists.org/fulldisclosure/2018/Nov/68
Autocad Malware
https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft
ISC Stickers (login required. first 10 requests each day)
https://isc.sans.edu/sticker.html
]]> 6:46 autocad, kingminer, siglent, oscislloscope, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6274 Ancient Ransomware Family Still Active; Scamclub; Blocking Shodan @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ancient Ransomware Family Still Active; Scamclub; Blocking Shodan @sans_edu https://traffic.libsyn.com/securitypodcast/6274.mp3 https://isc.sans.edu/podcastdetail/6274 Fri, 30 Nov 2018 00:20:02 GMT https://isc.sans.edu/forums/diary/Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24358/
Scamclub Malvertising Against iOS Users
https://blog.confiant.com/malvertising-attack-hijacks-300-million-sessions-over-48-hours-9d0218fe02cd
Andre Shori: To Block Or Not To Block? Impact and Analysis of Actively Blocking Shodan Scans
http://www.sans.org/reading-room/whitepapers/networksecurity/block-block-impact-analysis-actively-blocking-shodan-scans-38645
]]> 13:59 russian, troldesh, shade, ransomware, scamclub, malvertising, ios, andre shori, shodan, blocklist, sans_edu, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6272 Fake Flash Obfuscated Shell Script; Sennheiser Headsdown; MSFT Patches; 3ve Botnet Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake Flash Obfuscated Shell Script; Sennheiser Headsdown; MSFT Patches; 3ve Botnet https://traffic.libsyn.com/securitypodcast/6272.mp3 https://isc.sans.edu/podcastdetail/6272 Thu, 29 Nov 2018 02:25:02 GMT https://isc.sans.edu/forums/diary/More+obfuscated+shell+scripts+Fake+MacOS+Flash+update/24352/
Sennheiser HeadSetup Certificate Authority Install
https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf
Microsoft Fixes Shared Folder Permission Deletion Problem
https://support.microsoft.com/en-us/help/4467684/windows-10-update-kb4467684
3ve Botnet Dismanteled
https://services.google.com/fh/files/blogs/3ve_google_whiteops_whitepaper_final_nov_2018.pdf
]]> 6:19 3ve, eve, botnet, clickfraud, advertisement, microsoft, windows, sennheiser, headsetup, macos, flash, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6270 QNAP bash Malware; HTTPS Phishing Sites; Wildfire Scams; FTP Going Away Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. QNAP bash Malware; HTTPS Phishing Sites; Wildfire Scams; FTP Going Away https://traffic.libsyn.com/securitypodcast/6270.mp3 https://isc.sans.edu/podcastdetail/6270 Wed, 28 Nov 2018 01:50:02 GMT https://isc.sans.edu/forums/diary/Obfuscated+bash+script+targeting+QNap+boxes/24348/
Half of All Phishing Sites Use HTTPS
https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/
Chrome and Firefox to Remove FTP Support
https://www.bleepingcomputer.com/news/google/chrome-and-firefox-developers-aim-to-remove-support-for-ftp/
California Wildfire Used in BEC Scams
https://www.agari.com/identity-intelligence-blog/california-wildfire-email-scams/
]]> 5:24 wildfire, bec scam, ftp, chrome, firefox, https, phishing, qnap, bash, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6268 ViperMonkey; More Malicious NPM Libraries; BMC Lateral Movement; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ViperMonkey; More Malicious NPM Libraries; BMC Lateral Movement; https://traffic.libsyn.com/securitypodcast/6268.mp3 https://isc.sans.edu/podcastdetail/6268 Tue, 27 Nov 2018 01:45:03 GMT https://isc.sans.edu/forums/diary/ViperMonkey+VBA+maldoc+deobfuscation/24346/
Malicious NPM Libraries
https://medium.com/@cnorthwood/todays-javascript-trash-fire-and-pile-on-f3efcf8ac8c7
Turning Your BMC Into A Revolving Door
https://www.synacktiv.com/ressources/zeronights_2018_turning_your_bmc_into_a_revolving_door.pdf
]]> 6:07 bmc, hp, ilo, npm, vipermonkey, vba, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6266 Attacks Against #Docker API; Mirai vs. Hadoop; #Rohammer for ECC Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Attacks Against #Docker API; Mirai vs. Hadoop; #Rohammer for ECC https://traffic.libsyn.com/securitypodcast/6266.mp3 https://isc.sans.edu/podcastdetail/6266 Mon, 26 Nov 2018 01:35:02 GMT https://isc.sans.edu/forums/diary/Moby+the+Shark/24340/
Mirai Like Attack Hitting Hadoop
https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/
New Rowhammer Variant Effects ECC Memory
https://www.vusec.net/projects/eccploit/
]]> 5:53 rowhammer, ecc, mirai, hadoop, docker, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6264 Critical Flash Update; Emotet Adds Thanksgiving Lure Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Critical Flash Update; Emotet Adds Thanksgiving Lure https://traffic.libsyn.com/securitypodcast/6264.mp3 https://isc.sans.edu/podcastdetail/6264 Wed, 21 Nov 2018 01:00:03 GMT https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
Thanksgiving Lure for Emotet
https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet
]]> 3:12 adobe, flash, emotet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6262 Google Play Malware; ATM Vulnerabilities; Nagios XI Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Google Play Malware; ATM Vulnerabilities; Nagios XI Update https://traffic.libsyn.com/securitypodcast/6262.mp3 https://isc.sans.edu/podcastdetail/6262 Tue, 20 Nov 2018 00:45:04 GMT https://twitter.com/LukasStefanko
ATM Vulnerabilities
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf
Nagios XI Update
https://www.tenable.com/security/research/tra-2018-37
]]> 4:43 nagios, atm, google play, eset, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6260 PCAP Analysis Tool; Lookyloo; Spoofing From in GMAIL Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PCAP Analysis Tool; Lookyloo; Spoofing From in GMAIL https://traffic.libsyn.com/securitypodcast/6260.mp3 https://isc.sans.edu/podcastdetail/6260 Sun, 18 Nov 2018 23:25:04 GMT https://isc.sans.edu/forums/diary/Multipurpose+PCAP+Analysis+Tool/24322/
Quickly Investigating Websites with Lookyloo
https://isc.sans.edu/forums/diary/Quickly+Investigating+Websites+with+Lookyloo/24320/
From Field Spoofing in GMail
https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f?gi=ce61de4cb006
]]> 5:29 from header, email, gmail, spoofing, lookyloo, pcap analysis, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6258 Emotet Spreads IcedID; Miners Go Docker; GPS Watches; Firefox Breach Notification; Auditd @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet Spreads IcedID; Miners Go Docker; GPS Watches; Firefox Breach Notification; Auditd @sans_edu https://traffic.libsyn.com/securitypodcast/6258.mp3 https://isc.sans.edu/podcastdetail/6258 Fri, 16 Nov 2018 00:55:03 GMT https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
Crypto Miners Abusing Insecure Docker Installs
https://forums.juniper.net/t5/Threat-Research/Container-Malware-Miners-Go-Docker-Hunting-In-The-Cloud/ba-p/400587
GPS Watches Can Be Used To Track Kids
https://www.pentestpartners.com/security-blog/tracking-and-snooping-on-a-million-kids/
Firefox Will Notify Users of Breached Sites
https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/
David Kennel: All-Seeing Eye or Blind Man? Understanding the Linux Kernel Auditing System
https://www.sans.org/reading-room/whitepapers/linux/all-seeing-eye-blind-man-understanding-linux-kernel-auditing-system-38605
]]> 14:59 emotet, icedid, banking malware, crypto miners, docker, gps, privacy, firefox, david kennel, auditd, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6256 Win32k Exploit Details (CVE-2018-8589); Pwn2OWn; More Spectre/Meltdown Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Win32k Exploit Details (CVE-2018-8589); Pwn2OWn; More Spectre/Meltdown https://traffic.libsyn.com/securitypodcast/6256.mp3 https://isc.sans.edu/podcastdetail/6256 Thu, 15 Nov 2018 01:35:02 GMT https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/
PacSec Pwn2Own Results
https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results
https://www.zerodayinitiative.com/blog/2018/11/14/pwn2own-tokyo-2018-day-two-results-and-master-of-pwn
More Spectre/Meltdown Flaws
https://arxiv.org/pdf/1811.05441.pdf
]]> 5:48 spectre, metdown, pwn2own, iphone, samsung, xiaomi, win32k, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6254 Microsoft Patch Tuesday; Adobe Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Patches https://traffic.libsyn.com/securitypodcast/6254.mp3 https://isc.sans.edu/podcastdetail/6254 Wed, 14 Nov 2018 00:10:02 GMT https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
]]> 5:06 adobe, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6252 Google BPG Hijack via Russia; Bootable USB Microcode Loader; Wordpress GDPR Vuln. Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Google BPG Hijack via Russia; Bootable USB Microcode Loader; Wordpress GDPR Vuln. https://traffic.libsyn.com/securitypodcast/6252.mp3 https://isc.sans.edu/podcastdetail/6252 Tue, 13 Nov 2018 03:10:02 GMT https://twitter.com/thousandeyes/status/1062102171506765825
https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392
Microcode Bootloader USB
https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/
Wordpress GDPR Tool Vulnerable
https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/
]]> 5:17 wordpress, gdpr, microcode, spectre, google, bpg, russia, china, nigeria, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6250 1.1.1.1 DNS For Mobile; CryotMiner Rootkits; Google Play Protect Success Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 1.1.1.1 DNS For Mobile; CryotMiner Rootkits; Google Play Protect Success https://traffic.libsyn.com/securitypodcast/6250.mp3 https://isc.sans.edu/podcastdetail/6250 Mon, 12 Nov 2018 00:55:02 GMT https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/
Crypto Coin Miners Now With Rootkits
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth
Google Play Protect Reduces Malware
https://security.googleblog.com/2018/11/introducing-android-ecosystem-security.html
]]> 6:28 cloudflare, ios, android, cryot miners, rootkits, google, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6248 Cisco Updates; Ruby Deserialization; Ouch Newsletter; Blockchain Botnets @sans_edu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cisco Updates; Ruby Deserialization; Ouch Newsletter; Blockchain Botnets @sans_edu https://traffic.libsyn.com/securitypodcast/6248.mp3 https://isc.sans.edu/podcastdetail/6248 Fri, 09 Nov 2018 01:55:03 GMT https://tools.cisco.com/security/center/publicationListing.x
Ruby Deserialization
https://www.elttam.com.au/blog/ruby-deserialization/
Ouch Newsletter: Am I Hacked?
https://www.sans.org/security-awareness-training/resources/am-i-hacked
Jonathan Sweeny: Smart Contract Botnets
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
https://www.sans.org/reading-room/whitepapers/warfare/tearing-smart-contract-botnets-38650
]]> 17:10 botnets, ethereum, jonathan sweeny, ouch, ruby, deserialization, cisco, struts, dirty cow, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6246 VirtualBox 0 Day; WooCommerce RCE #wordpress; Bing Notepad2 Malware; @Bsidesjax Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VirtualBox 0 Day; WooCommerce RCE #wordpress; Bing Notepad2 Malware; @Bsidesjax https://traffic.libsyn.com/securitypodcast/6246.mp3 https://isc.sans.edu/podcastdetail/6246 Thu, 08 Nov 2018 01:25:02 GMT https://github.com/MorteNoir1/virtualbox_e1000_0day
WooCommerce / Wordpress Bug Leads to RCE
https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/
Bing Advertises Fake Version of Notepad2
https://www.bleepingcomputer.com/news/security/beware-of-unofficial-sites-pushing-notepad2-adware-bundles/
Jacksonville BSides
https://bsidesjax.org
]]> 6:41 bsides, bsidesjax, bing, notepad2, wordpress, woocommerce, virtualbox, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6244 Chinese Routing Leak; Android Update; Facetime PoC; U-Boot Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Chinese Routing Leak; Android Update; Facetime PoC; U-Boot Vuln https://traffic.libsyn.com/securitypodcast/6244.mp3 https://isc.sans.edu/podcastdetail/6244 Wed, 07 Nov 2018 00:25:02 GMT https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection
Android Security Updates; Last for Nexus
https://source.android.com/security/bulletin/2018-11-01#framework
PoC Facetime Exploit
https://bugs.chromium.org/p/project-zero/issues/detail?id=1641
Vulnerability in U-Boot Bootloader
https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR2018-0001.txt
]]> 5:50 china telecom, bgp, android, nexus, facetime, uboot, u-boot, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6242 Struts 2.3 RCE; Fake Elon Musk Site Steals BTC; Bypassing SSD Encryption Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Struts 2.3 RCE; Fake Elon Musk Site Steals BTC; Bypassing SSD Encryption https://traffic.libsyn.com/securitypodcast/6242.mp3 https://isc.sans.edu/podcastdetail/6242 Tue, 06 Nov 2018 01:55:02 GMT https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File+Upload+Flaw/24278/
Fake Elon Musk Tweet used to steal Bitcoin
https://www.bleepingcomputer.com/news/security/fake-elon-musk-twitter-bitcoin-scam-earned-180k-in-one-day/
Bypassing SSD Drive Hardware Encryption
https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
]]> 5:48 ssd, encryption, elon musk, bitcoin, struts, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6240 MacOS IR Beyond LaunchAgents; Dissecting CVE-2017-11882 Exploit; Portsmash, Edge Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MacOS IR Beyond LaunchAgents; Dissecting CVE-2017-11882 Exploit; Portsmash, Edge Vuln https://traffic.libsyn.com/securitypodcast/6240.mp3 https://isc.sans.edu/podcastdetail/6240 Mon, 05 Nov 2018 00:40:02 GMT https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+1/24274/
Dissecting a CVE-2017-11882 Exploit
https://isc.sans.edu/forums/diary/Dissecting+a+CVE201711882+Exploit/24272/
Microsoft Edge Exploit About to Be Released
https://twitter.com/Yux1xi
Portsmash Vulnerability
https://github.com/bbbrumley/portsmash
RC4 (Arcfour) Depreciation in SSH
https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-12
]]> 5:18 rc4, ssh, portshmash, intel, cpu, SMT, microsoft, edge, equation editor, launchagents, macos, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6238 Windows Defender Sandboxing Bug; BLE Vulnerability; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows Defender Sandboxing Bug; BLE Vulnerability; https://traffic.libsyn.com/securitypodcast/6238.mp3 https://isc.sans.edu/podcastdetail/6238 Thu, 01 Nov 2018 23:45:03 GMT https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/
Bleedingbit Bluetooth Low Energy Vulnerability
https://armis.com/bleedingbit/
Cisco ASA/Firepower DoS Vulnerability Actively Exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos
]]> 5:29 cisco, bleedingbit, bluetooth, ble, meraki, windows, defender, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6236 Encrypted Word Maldocs; iOS/macOS ICMP Error RCE; iOS lock bypass; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Encrypted Word Maldocs; iOS/macOS ICMP Error RCE; iOS lock bypass; https://traffic.libsyn.com/securitypodcast/6236.mp3 https://isc.sans.edu/podcastdetail/6236 Thu, 01 Nov 2018 00:45:03 GMT https://isc.sans.edu/forums/diary/More+malspam+using+passwordprotected+Word+docs/24262/
iOS / MacOS ICMP Error Remote Code Execution
https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407
iOS Lock Screen Bypass
https://www.youtube.com/watch?v=ojigFgwrtKs
]]> 5:19 ios, macos, os x, high sierra, sierra, mojave, icmp, rce, malspam, encrypted, word, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6234 Hancitor Update; Apple Updates; Telegram Clear Text Messages Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hancitor Update; Apple Updates; Telegram Clear Text Messages https://traffic.libsyn.com/securitypodcast/6234.mp3 https://isc.sans.edu/podcastdetail/6234 Wed, 31 Oct 2018 00:25:02 GMT https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/
Apple Updates
https://support.apple.com/en-us/HT201222
Telegram Stores Conversations Locally
https://twitter.com/nathanielrsuchy
]]> 4:36 telegram, apple, hancitor, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6232 PowerShell Cloning Maldoc; Unusual Malicious File Types; Crypto Tracker Backdoor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PowerShell Cloning Maldoc; Unusual Malicious File Types; Crypto Tracker Backdoor https://traffic.libsyn.com/securitypodcast/6232.mp3 https://isc.sans.edu/podcastdetail/6232 Tue, 30 Oct 2018 02:40:02 GMT https://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/
New File Types Emerge in Malware Spam Attachments
https://blog.trendmicro.com/trendlabs-security-intelligence/same-old-yet-brand-new-new-file-types-emerge-in-malware-spam-attachments/
Malicious Mac Crypto Currency Tracker Installs Backdoor
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/
Sandbox For Windows Defender
https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/
]]> 6:03 sandbox, windows defender, crypto tracker, backdoor, mac, malspam, powershell, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6230 Office Docs and Linux; Anaylzing Crompressed RTF; DHCPv6 systemd; Docker; Hadoop Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Office Docs and Linux; Anaylzing Crompressed RTF; DHCPv6 systemd; Docker; Hadoop https://traffic.libsyn.com/securitypodcast/6230.mp3 https://isc.sans.edu/podcastdetail/6230 Mon, 29 Oct 2018 01:35:02 GMT https://isc.sans.edu/forums/diary/Dissecting+Malicious+Office+Documents+with+Linux/24248/
Analyzing Compressed RTF Documents
https://isc.sans.edu/forums/diary/Detecting+Compressed+RTF/24250/
SystemD DHCPv6 Remote Code Executing Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-15688
Cryptominers Scan for Docker Engine
https://blog.trendmicro.com/trendlabs-security-intelligence/misconfigured-container-abused-to-deliver-cryptocurrency-mining-malware
DemonBot Targeting Hadoop
https://blog.radware.com/security/2018/10/new-demonbot-discovered/
]]> 4:55 demonbot, hadoop, radware, cryptominers, docker, systemd, dhcpv6, RTF, office, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6228 Scam Calls Targeting Chinese; X.org Priv. Elevation Flaw; MS Office Videos Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Scam Calls Targeting Chinese; X.org Priv. Elevation Flaw; MS Office Videos https://traffic.libsyn.com/securitypodcast/6228.mp3 https://isc.sans.edu/podcastdetail/6228 Fri, 26 Oct 2018 02:30:03 GMT https://isc.sans.edu/forums/diary/Fake+BankPost+Office+Phone+Calls+Targeting+Chinese+Immigrants/24244/
X.org Privilege Elevation Flaw
https://lists.x.org/archives/xorg-announce/2018-October/002927.html
Remote Videos in Office Documents
https://blog.cymulate.com/abusing-microsoft-office-online-video
Mac Malware Injects Ads
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/
]]> 5:13 mac, malware, adware, videos, office, x.org, chinese, scam, phone, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6226 Reversing AutoIT; Arcserve Vulnerabilities; WebEx Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reversing AutoIT; Arcserve Vulnerabilities; WebEx Vuln; https://traffic.libsyn.com/securitypodcast/6226.mp3 https://isc.sans.edu/podcastdetail/6226 Thu, 25 Oct 2018 02:55:03 GMT https://isc.sans.edu/forums/diary/Diving+into+Malicious+AutoIT+Code/24238/
Arcserve Vulnerabilities
https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/
WebExec Vulnerability
https://webexec.org/
More ALPC Flaws from Sandbox Escaper
https://twitter.com/SandboxEscaper/status/1054744201244692485
https://twitter.com/mkolsek/status/1054794984908562432
]]> 5:24 ALPC, sandboxescaper, webexec, arcserve, autoit, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6224 Malware Uses Decoy Picture; DoH Push Back; Signal Encryption Bug; Firefox 63 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Uses Decoy Picture; DoH Push Back; Signal Encryption Bug; Firefox 63 https://traffic.libsyn.com/securitypodcast/6224.mp3 https://isc.sans.edu/podcastdetail/6224 Wed, 24 Oct 2018 02:35:01 GMT https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Picture/24234/
DNS over HTTPS Pushback
https://twitter.com/paulvixie/status/1053765281917661184
Signal Desktop Leaves Encryption Key Exposed
https://twitter.com/nathanielrsuchy
Firefox 63 Allows Less Tracking
https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/
]]> 5:56 powershell, pictures, decoy, dns over https, doh, dot, signal, encryption, firefox, vpn, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6222 Compressed RTF in MSG File; FreeRTOS TCP/IP Vuln; VLC Vulns; Yammer Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Compressed RTF in MSG File; FreeRTOS TCP/IP Vuln; VLC Vulns; Yammer Update https://traffic.libsyn.com/securitypodcast/6222.mp3 https://isc.sans.edu/podcastdetail/6222 Tue, 23 Oct 2018 01:00:04 GMT https://isc.sans.edu/forums/diary/MSG+Files+Compressed+RTF/24228/
FreeRTOS TCP/IP Stack Vulnerabilities
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/
VLC/Live555 RTSP Server Vulnerability
https://www.talosintelligence.com/reports/TALOS-2018-0684
Microsoft Yammer Update
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8569#ID0EGB
]]> 5:18 yammer, live555, vlc, mplayer, freertos, msg, rtf, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6220 MacOS LaunchAgent; TLS Sessions; jQuery File Upload Plugin; Drupal Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MacOS LaunchAgent; TLS Sessions; jQuery File Upload Plugin; Drupal https://traffic.libsyn.com/securitypodcast/6220.mp3 https://isc.sans.edu/podcastdetail/6220 Mon, 22 Oct 2018 02:20:02 GMT https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+0/24230/
TLS Session Tracking
https://arxiv.org/pdf/1810.07304.pdf
jQuery File Upload Plugin
https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html
Drupal Update
https://www.drupal.org/sa-core-2018-006
]]> 5:02 drupal, tls, tracking, jquery, macos, launchagent, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6218 Cisco Patches; 51% Crypto Currency Attack; VMWare Patch; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cisco Patches; 51% Crypto Currency Attack; VMWare Patch; https://traffic.libsyn.com/securitypodcast/6218.mp3 https://isc.sans.edu/podcastdetail/6218 Fri, 19 Oct 2018 00:40:03 GMT https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2018%2F10%2F17&firstPublishedEndDate=2018%2F10%2F17&lastPublishedStartDate=2018%2F10%2F17&lastPublishedEndDate=2018%2F10%2F17
51% Attack Against Crypto Currencies
https://old.reddit.com/r/CryptoCurrency/comments/9m1uuj/if_i_livestreamed_the_setup_and_execution_of/
VMWare Patch
https://www.vmware.com/au/security/advisories/VMSA-2018-0026.html
]]> 4:27 vmware, crypto coins, 51%, btcp, cisco, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6216 NewShareCount Abuse; D-Link Vulns; RID Hacking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NewShareCount Abuse; D-Link Vulns; RID Hacking https://traffic.libsyn.com/securitypodcast/6216.mp3 https://isc.sans.edu/podcastdetail/6216 Thu, 18 Oct 2018 01:20:02 GMT https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html
Multiple D-Link Vulnerabilities
https://seclists.org/fulldisclosure/2018/Oct/36
RID Hacking in Windows
https://www.romhack.io/slides/RomHack%202018%20-%20Sebastian%20Castro%20-%20Windows%20RID%20Hijacking:%20Maintaining%20Access%20on%20Windows%20Machines.pdf
]]> 5:22 rid, windows, d-link, newsharecount, twitter, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6214 Oracle CPU; libssh vulnerability; Vending Machine Mobile App; TLS1.0/1.1 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Oracle CPU; libssh vulnerability; Vending Machine Mobile App; TLS1.0/1.1 https://traffic.libsyn.com/securitypodcast/6214.mp3 https://isc.sans.edu/podcastdetail/6214 Wed, 17 Oct 2018 01:30:02 GMT https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
libssh vulnerability
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Vending Machine Mobile App Compromise
https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec
Browsers Announce Timeline to Discontinue TLS1.0/1.1 support
https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
]]> 5:42 oracle, cpu, libssh, vending machine, tls, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6212 CVE-2018-8495 PoE Exploit; Fake Mining Appsi; Fake Google Photo App Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CVE-2018-8495 PoE Exploit; Fake Mining Appsi; Fake Google Photo App https://traffic.libsyn.com/securitypodcast/6212.mp3 https://isc.sans.edu/podcastdetail/6212 Tue, 16 Oct 2018 02:25:03 GMT https://leucosite.com/Microsoft-Edge-RCE/
Fake Mining Apps
https://www.fortinet.com/blog/threat-research/fortinet-discovers-new-android-apps-that-mine-the-unminable.html
Fake Google Photo App Turns out to be Ad-Clicker
https://www.geeklatest.com/developer-tricks-microsoft-publishes-app-under-google-llc-name-in-windows-store/
]]> 5:34 google, poto app, windows store, mining, php, edge, vulnerability, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6210 Branch.io Bug Affects Millions; Medtronics; WebLogic; MSFT JET Database Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Branch.io Bug Affects Millions; Medtronics; WebLogic; MSFT JET Database https://traffic.libsyn.com/securitypodcast/6210.mp3 https://isc.sans.edu/podcastdetail/6210 Mon, 15 Oct 2018 00:30:02 GMT https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Medtronics Pacemakers Disable Remote Update
https://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/REV-Medtronic-2090-Security-Bulletin_FNL.pdf
IBM Updates WebSphere Update
https://www-01.ibm.com/support/docview.wss?uid=swg22016254
Incomplete JET Database Patch
https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html
]]> 6:17 branch.io, xss, tinder, medtronics, ibm, weblogic, deserialization, java, jet, microsoft, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6208 Equation Editor is Back; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Equation Editor is Back; https://traffic.libsyn.com/securitypodcast/6208.mp3 https://isc.sans.edu/podcastdetail/6208 Thu, 11 Oct 2018 23:50:02 GMT https://isc.sans.edu/forums/diary/New+Campaign+Using+Old+Equation+Editor+Vulnerability/24196/
Root Access Vulnerability in SONY Smart TVs
https://www.fortinet.com/blog/threat-research/sony-smart-tv-exploit-inside-view-hijacking-your-living-room.html
MicroTik RouterOS Vulnerablities
https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf
Reverse Analysis of WebAssembly
https://www.forcepoint.com/blog/security-labs/manual-reverse-engineering-webassembly-static-code-analysis
Firefox Delays Symantec Certificate Distrust
https://www.theregister.co.uk/2018/10/11/firefox_symantec_certs_delay/
]]> 5:51 equation editor, maldoc, sony, smart tv, bravia, routeros, microtik, webassembly, firefox, symantec, certificates, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6206 Whats App Vuln; SSH Fingerprints; win32k Vuln Details; Juniper Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Whats App Vuln; SSH Fingerprints; win32k Vuln Details; Juniper Patches https://traffic.libsyn.com/securitypodcast/6206.mp3 https://isc.sans.edu/podcastdetail/6206 Thu, 11 Oct 2018 02:25:02 GMT https://bugs.chromium.org/p/project-zero/issues/detail?id=1654
Salesforce Releases hashh Library
https://github.com/salesforce/hassh
CVE-2018-8453 Details from Kaspersky
https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
Juniper Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Experian Vulnerability Could Have Leaked Credit Freeze PINs
https://www.nerdwallet.com/blog/finance/security-flaw-at-experian-allows-easy-access-to-pin-to-unlock-credit-freeze/
]]> 6:24 experian, credit freeze, juniper, patches, salesforce, hassh, ssh, whatsapp, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6204 Microsoft Patch Tuesday; Adobe Updates; Magecart hits Shopper Approved Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Updates; Magecart hits Shopper Approved https://traffic.libsyn.com/securitypodcast/6204.mp3 https://isc.sans.edu/podcastdetail/6204 Wed, 10 Oct 2018 04:20:02 GMT https://isc.sans.edu/forums/diary/October+2018+Microsoft+Patch+Tuesday/24186/
Adobe Updates
https://helpx.adobe.com/security.html
Magecart Infects "Shopper Approved" Plugin
https://www.riskiq.com/blog/labs/magecart-shopper-approved/
]]> 5:31 magecart, shopper approved, adobe, flash, pdf, microsoft, patches, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6202 Apple Updates; Intel 9th Gen CPU; Windows Deletes Files; macOS Code Signing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; Intel 9th Gen CPU; Windows Deletes Files; macOS Code Signing https://traffic.libsyn.com/securitypodcast/6202.mp3 https://isc.sans.edu/podcastdetail/6202 Tue, 09 Oct 2018 01:15:03 GMT https://support.apple.com/en-ca/HT209162
https://support.apple.com/en-ca/HT209141
Intel Adds Spectre/Meltdown Mitigation to 9th Generation CPUs
https://www.bleepingcomputer.com/news/security/spectre-and-meltdown-hardware-protection-added-to-intels-9th-gen-cpus/
Windows October Update File Deleting Issues
https://support.microsoft.com/en-us/help/4464619/windows-10-update-history
https://blogs.technet.microsoft.com/filecab/2018/08/30/9205/
macOS Code Signing Vulnerabilities
https://www.virusbulletin.com/conference/vb2018/abstracts/code-signing-flaw-macos
]]> 4:44 macos, code signing, windows, intel, spectre, meltdown, apple, ios, icloud, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6200 WPA2 Krack Attack Update; Cisco Patches; git Vulnerability; SWATing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WPA2 Krack Attack Update; Cisco Patches; git Vulnerability; SWATing https://traffic.libsyn.com/securitypodcast/6200.mp3 https://isc.sans.edu/podcastdetail/6200 Mon, 08 Oct 2018 01:45:03 GMT https://www.krackattacks.com/followup.html#overview
Cisco Updates
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities
Seattle Police Tries to Stop SWATing
https://www.seattle.gov/police/need-help/swatting
git Vulnerability Fixed
https://github.com/timwr/CVE-2017-1000117
]]> 6:53 git, seattle, police, swatting, cisco, wpa2, krack, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6198 Bloomberg Hardware Implant Story; Cloudflare Phishing; DNSSEC Root KSK Rollover Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Bloomberg Hardware Implant Story; Cloudflare Phishing; DNSSEC Root KSK Rollover https://traffic.libsyn.com/securitypodcast/6198.mp3 https://isc.sans.edu/podcastdetail/6198 Fri, 05 Oct 2018 04:55:02 GMT https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
Cloudflare IPFS Gateway Used For Phishing
https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/
DNSSEC Root Key Signing Key Rollover
https://www.icann.org/resources/pages/ksk-rollover
https://www.icann.org/news/blog/2018-ksk-rollover-operator-preparedness-survey
]]> 7:18 dnssec, root key, ksk, cloudflare, phishing, bloomberg, china, supermicro, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6196 Behind the Phish; Azure Phish; Zoho Phishing and keylogging Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Behind the Phish; Azure Phish; Zoho Phishing and keylogging https://traffic.libsyn.com/securitypodcast/6196.mp3 https://isc.sans.edu/podcastdetail/6196 Thu, 04 Oct 2018 04:10:02 GMT https://isc.sans.edu/forums/diary/Identifying+a+phisher/24164/
Phishing via Azure Blob Storage
https://www.netskope.com/blog/phishing-in-the-public-cloud
Zoho Domains Used for Phishing and Keyloggers
https://cofense.com/staggering-amount-stolen-data-heading-zoho-domains/
Dell iDRAC Exploit
https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/
]]> 6:00 phishing, azure, blog storage, zoho, dell, idrac, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6194 Yara Rules; GhostDNS; Foxit PDF Reader Vulns; Intel ME Manufacturing Mode Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Yara Rules; GhostDNS; Foxit PDF Reader Vulns; Intel ME Manufacturing Mode https://traffic.libsyn.com/securitypodcast/6194.mp3 https://isc.sans.edu/podcastdetail/6194 Wed, 03 Oct 2018 05:30:02 GMT https://isc.sans.edu/forums/diary/Developing+YARA+Rules+a+Practical+Example/24158/
GhostDNS DNS Changer Malware
https://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/
Foxit PDF Reader Vulnerabilities
https://www.foxitsoftware.com/support/security-bulletins.php
Apple Laptops Shipped With CPU in Manufacturing Mode
http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
]]> 5:11 apple, foxit, pdf, ghostdns, yara, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6192 Facebook Update; Adobe Acrobat Update; SMTP MTA Strict Transport Security Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Facebook Update; Adobe Acrobat Update; SMTP MTA Strict Transport Security https://traffic.libsyn.com/securitypodcast/6192.mp3 https://isc.sans.edu/podcastdetail/6192 Tue, 02 Oct 2018 05:30:03 GMT https://newsroom.fb.com/news/2018/09/security-update/
Adobe Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb18-30.html
SMTP MTA Strict Transport Security (MTA-STS)
https://www.rfc-editor.org/rfc/rfc8461.txt
]]> 6:10 faceboo, adobe, acrobat, smtp, mta-sts, rfc8461, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6190 Facebook Leak; Telegram leaks IPs; Browser Notifications; DDE Code Injection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Facebook Leak; Telegram leaks IPs; Browser Notifications; DDE Code Injection https://traffic.libsyn.com/securitypodcast/6190.mp3 https://isc.sans.edu/podcastdetail/6190 Mon, 01 Oct 2018 02:50:01 GMT https://newsroom.fb.com/news/2018/09/security-update/
Telegram Leaks Local IP Address By Default
https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html
Site Tricks Users Into Subscribing to Browser Notifications
https://www.bleepingcomputer.com/news/security/sites-trick-users-into-subscribing-to-browser-notification-spam/
DDE Code Injection
https://isc.sans.edu/forums/diary/More+Excel+DDE+Code+Injection/24150/
]]> 6:11 dde, browser notifications, telegram, facebook, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6188 Enriching Radare2/x64dbg Output; Apple DEP; UEFI Rootkit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Enriching Radare2/x64dbg Output; Apple DEP; UEFI Rootkit https://traffic.libsyn.com/securitypodcast/6188.mp3 https://isc.sans.edu/podcastdetail/6188 Fri, 28 Sep 2018 03:00:03 GMT https://isc.sans.edu/forums/diary/Enriching+Radare2+and+x64dbg+malware+analysis+with+statically+decoded+strings/24146/
Weaknesses in Apple's Mobile Device Management
https://duo.com/labs/research/mdm-me-maybe
LoJax UEFI Rootkit
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
]]> 5:34 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6186 Emotet Update; Fedora Crypto Policies; Android Banking Trojan Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet Update; Fedora Crypto Policies; Android Banking Trojan https://traffic.libsyn.com/securitypodcast/6186.mp3 https://isc.sans.edu/podcastdetail/6186 Thu, 27 Sep 2018 04:30:02 GMT https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
Fedora Crypto Policy Update Causes SSH Issues
https://bugzilla.redhat.com/show_bug.cgi?id=1631970
Android Banking Trojan Impersonates QRecorder
https://lukasstefanko.com/2018/09/banking-trojan-found-on-google-play-stole-10000-euros-from-victims.html
Google Reverts Changes to Chrome
https://www.blog.google/products/chrome/product-updates-based-your-feedback/amp/
]]> 5:02 google, chrome, android, qrecorder, fedora, emotet, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6184 Firefox Monitor; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Firefox Monitor; https://traffic.libsyn.com/securitypodcast/6184.mp3 https://isc.sans.edu/podcastdetail/6184 Wed, 26 Sep 2018 05:30:02 GMT https://blog.mozilla.org/blog/2018/09/25/introducing-firefox-monitor-helping-people-take-control-after-a-data-breach/
Chrome 69 Privacy Issues
https://www.bleepingcomputer.com/news/google/chrome-69-keeps-googles-cookies-after-you-clear-browser-data/
Cisco FragmentSmack Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment
Micorsoft Bitlocker Turns itself Off During Updates
https://social.technet.microsoft.com/Forums/en-US/0e48536f-40ff-4046-bd08-ed4a39b4840f/bitlocker-automatically-suspending-during-updates?forum=win10itprosecurity
]]> 5:04 cisco, fragmentsmack, microsoft, bitlocker, havibeenpwned, firefox, chrome, privacy, google, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6182 MacOS 10.14; More Sextortion; Mojave Privacy Bypass; Cloudflare ESNI Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MacOS 10.14; More Sextortion; Mojave Privacy Bypass; Cloudflare ESNI https://traffic.libsyn.com/securitypodcast/6182.mp3 https://isc.sans.edu/podcastdetail/6182 Tue, 25 Sep 2018 03:20:02 GMT https://isc.sans.edu/forums/diary/Sextortion+Spam+and+the+Infinite+Monkey+Theorem/24136/
MacOS 10.14 (Mojahve) Security Fixes
https://support.apple.com/en-us/HT209139
Mojave Privacy Protection Bypass
https://vimeo.com/291491984
Cloudflare Supporting Encrypted SNI
https://blog.cloudflare.com/esni/
]]> 5:56 cloudflare, esni, mojave, os 10.14, sextortion, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6180 Odd DNS Requests; Securing APIs; Windows Jet DB 0day; Malicious Job Offers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd DNS Requests; Securing APIs; Windows Jet DB 0day; Malicious Job Offers https://traffic.libsyn.com/securitypodcast/6180.mp3 https://isc.sans.edu/podcastdetail/6180 Mon, 24 Sep 2018 03:30:02 GMT https://isc.sans.edu/forums/diary/Suspicious+DNS+Requests+Issued+by+a+Firewall/24128/
Securing API Connections
https://isc.sans.edu/forums/diary/The+danger+of+sending+information+for+API+consumption+without+adequate+security+measures/24130/
Microsoft JET Database 0day
https://www.zerodayinitiative.com/advisories/ZDI-18-1075/
Western Digital Releases Patch for MyCloud Drives
https://support.wdc.com/knowledgebase/answer.aspx?ID=25952&s
Job Offers With Malware Attachment
https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/
]]> 4:30 job offers, microsoft jet, fingerprints, dns, firewalls, western digital, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6178 OSSEC Hunting; NSSLabs; Bitcoin DoS; WebAuthn Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OSSEC Hunting; NSSLabs; Bitcoin DoS; WebAuthn https://traffic.libsyn.com/securitypodcast/6178.mp3 https://isc.sans.edu/podcastdetail/6178 Fri, 21 Sep 2018 00:45:07 GMT https://isc.sans.edu/forums/diary/Hunting+for+Suspicious+Processes+with+OSSEC/24122/
NSSLabs Sues Crowdstrike, Symantec, ESET
https://www.nsslabs.com/blog/company/advancing-transparency-and-accountability-in-the-cybersecurity-industry/
Bitcoin Core Vulnerability
https://motherboard.vice.com/amp/en_us/article/qvakp3/a-major-bug-in-bitcoin-software-could-have-crashed-the-currency?__twitter_impression=true
WebAuthn Standard
https://paragonie.com/blog/2018/08/security-concerns-surrounding-webauthn-don-t-implement-ecdaa-yet
https://fidoalliance.org/
]]> 12:33 hunting, ossec, nsslabs, crowdstrike, symantec, eset, bitcoin, webauthn, u2f, fido, paragon, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6176 Adobe PDF Updates; Credential Stuffing DDoS; Peekaboo; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Adobe PDF Updates; Credential Stuffing DDoS; Peekaboo; https://traffic.libsyn.com/securitypodcast/6176.mp3 https://isc.sans.edu/podcastdetail/6176 Thu, 20 Sep 2018 02:30:02 GMT https://helpx.adobe.com/security/products/acrobat/apsb18-34.html
Akamai State of the Internet Report
https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp
Peekabo DVR Vulnerability
https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder
]]> 5:24 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6174 Certificate Transparency Tools; WD MyCloud; Kodi Malicious Add-Ons; Cloudflare DNSSEC Support Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Certificate Transparency Tools; WD MyCloud; Kodi Malicious Add-Ons; Cloudflare DNSSEC Support https://traffic.libsyn.com/securitypodcast/6174.mp3 https://isc.sans.edu/podcastdetail/6174 Wed, 19 Sep 2018 02:00:03 GMT https://isc.sans.edu/forums/diary/Using+Certificate+Transparency+as+an+Attack+Defense+Tool/24114/
Kodi Malicious Add-Ons
https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/
Cloudflare Making DNSSEC Adoption Easier
https://blog.cloudflare.com/automatically-provision-and-maintain-dnssec/
Western Digital MyCloud Unauthenticated Admin Access
https://www.securify.nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html
]]> 5:27 Western Digital, MyCloud, Cloudflare, DNSSEC, Kodi, Cryptominers, Certificate Transparency, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6172 Analyzing Office Docs; Apple Updates; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing Office Docs; Apple Updates; https://traffic.libsyn.com/securitypodcast/6172.mp3 https://isc.sans.edu/podcastdetail/6172 Tue, 18 Sep 2018 01:05:02 GMT https://isc.sans.edu/forums/diary/Dissecting+Malicious+MS+Office+Docs/24108/
Apple Updates Everything but macOS
https://support.apple.com/en-us/HT201220
FBot Botnet
https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/
Related STI Paper: Botnet Reciliency via Private Blockchain (Jonathan Sweeny)
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
]]> 5:26 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6170 Reversing Shortcuts; Not So Random UA; Safari DoS; Webroot SecureAnywhere; Intel ME Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reversing Shortcuts; Not So Random UA; Safari DoS; Webroot SecureAnywhere; Intel ME https://traffic.libsyn.com/securitypodcast/6170.mp3 https://isc.sans.edu/podcastdetail/6170 Mon, 17 Sep 2018 01:05:02 GMT https://isc.sans.edu/forums/diary/2020+malware+vision/24104/
Not So Random User Agent
https://isc.sans.edu/forums/diary/User+Agent+String+uatoolsrandom/24102/
Safari DoS
https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea
Webroot SecureAnywhere macOS Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-SecureAnywhere-macOS-Kernel-Level-Memory-Corruption/
Intel Patches Management Engine Encryption Vulnerability
http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html
]]> 5:26 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6168 Malicious MHT Files; Improved Coldboot Attacks; Hurricanes/Disasters; SAP Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious MHT Files; Improved Coldboot Attacks; Hurricanes/Disasters; SAP Patches https://traffic.libsyn.com/securitypodcast/6168.mp3 https://isc.sans.edu/podcastdetail/6168 Fri, 14 Sep 2018 01:10:02 GMT https://isc.sans.edu/forums/diary/Malware+Delivered+Through+MHT+Files/24096/
Improved Coldboot Attack
https://blog.f-secure.com/cold-boot-attacks/
SAP Patches
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993
]]> 5:37 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6166 Fragment Update; Magacart Script; Bypassing CSP With Polyglots Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fragment Update; Magacart Script; Bypassing CSP With Polyglots https://traffic.libsyn.com/securitypodcast/6166.mp3 https://isc.sans.edu/podcastdetail/6166 Thu, 13 Sep 2018 00:10:02 GMT https://isc.sans.edu/forums/diary/So+What+is+Going+on+With+IPv4+Fragments+these+Days/24092/
Magacart Javascript Injection Attacks
https://www.bleepingcomputer.com/news/security/feedify-service-compromised-with-magecart-information-stealing-script/
Bypassing CSP using Polyglot JPEGs
https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs
]]> 6:47 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6164 Microsoft Patch Tuesday; Adobe Patches; URL Spooing; Exploit Search Engine Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; Adobe Patches; URL Spooing; Exploit Search Engine https://traffic.libsyn.com/securitypodcast/6164.mp3 https://isc.sans.edu/podcastdetail/6164 Wed, 12 Sep 2018 00:05:02 GMT https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/
Adobe Patches
https://helpx.adobe.com/security.html
Safari/Edge URL Bar Spoofing
https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html
Exploit Search Engine
https://sploitus.com
]]> 4:44 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6162 Malicious LNK File Tricks; Trend Micro Apps Removed from Apple App Store Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious LNK File Tricks; Trend Micro Apps Removed from Apple App Store https://traffic.libsyn.com/securitypodcast/6162.mp3 https://isc.sans.edu/podcastdetail/6162 Mon, 10 Sep 2018 23:35:02 GMT https://isc.sans.edu/forums/diary/What+is+dikona+or+glirote3/24084/
Tor Browser Javascript Vulnerability
https://www.bleepingcomputer.com/news/security/exploit-affecting-tor-browser-burned-in-a-tweet/
Trend Micro App Leaks Data / Removed from Appstore
https://forums.malwarebytes.com/topic/217353-get-rid-of-open-any-files-rar-support/?tab=comments#comment-1194838
Chrome removes Subdomains from URL Bar
https://bugs.chromium.org/p/chromium/issues/detail?id=881410
]]> 4:46 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6160 Headless Browser Cryptocoin Mining; Adware Doctor Privacy; VPN Priv Escalation Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Headless Browser Cryptocoin Mining; Adware Doctor Privacy; VPN Priv Escalation https://traffic.libsyn.com/securitypodcast/6160.mp3 https://isc.sans.edu/podcastdetail/6160 Sun, 09 Sep 2018 18:55:02 GMT https://isc.sans.edu/forums/diary/Crypto+Mining+in+a+Windows+Headless+Browser/24078/
MacOS Adware Doctor Stealing Browser History
https://twitter.com/privacyis1st/status/1031428304543395840
https://objective-see.com/blog/blog_0x37.html
VPN Applications with Privilege Escalation Vulnerabilities
https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html
Keybase Extension Allws Access By Scripts from Any Site
https://palant.de/2018/09/06/keybase-our-browser-extension-subverts-our-encryption-but-why-should-we-care
]]> 6:33 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6158 Powershell Malware C# Code; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Powershell Malware C# Code; https://traffic.libsyn.com/securitypodcast/6158.mp3 https://isc.sans.edu/podcastdetail/6158 Thu, 06 Sep 2018 19:55:02 GMT https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/
Stealing WiFi Credentials in Google Chrome
https://www.surecloud.com/sc-blog/wifi-hijacking
DNS Spoofing and Certificate Authority Domain Validation
https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validation/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=30#~Vulnerabilities
]]> 4:43 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6156 MEGA Chrome Extension Hack; Python Package Installer Code Exec; Win Scheduler Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MEGA Chrome Extension Hack; Python Package Installer Code Exec; Win Scheduler Exploit https://traffic.libsyn.com/securitypodcast/6156.mp3 https://isc.sans.edu/podcastdetail/6156 Wed, 05 Sep 2018 19:45:02 GMT https://serhack.me/articles/mega-chrome-extension-hacked
Python Package Installer May Execute Code
https://github.com/mschwager/0wned
Windows Scheduler Exploit Used in the Wild
https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/
Where Have All My Certificates Gone?
https://isc.sans.edu/forums/diary/Where+have+all+my+Certificates+gone+And+when+do+they+expire/24066/
]]> 5:06 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6154 Microtik Exploits; Exposed git Directories; SSL Certs and Tor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microtik Exploits; Exposed git Directories; SSL Certs and Tor https://traffic.libsyn.com/securitypodcast/6154.mp3 https://isc.sans.edu/podcastdetail/6154 Tue, 04 Sep 2018 21:40:02 GMT https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/
Exposed .git Directories
https://lynt.cz/blog/global-scan-exposed-git
SSL Certificates Expose Tor Servers
https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/
]]> 5:32 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6152 Reversing Medium Mobile App; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reversing Medium Mobile App; https://traffic.libsyn.com/securitypodcast/6152.mp3 https://isc.sans.edu/podcastdetail/6152 Tue, 04 Sep 2018 04:50:02 GMT https://hackernoon.com/dont-publish-yet-reverse-engineering-the-medium-app-and-making-all-stories-in-it-free-48c8f2695687
Active Directory Leaks via Azure
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/
Google Restricts Tech Support Ads
https://www.blog.google/products/ads/restricting-ads-third-party-tech-support-services/?mod=article_inline
]]> 4:42 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6150 OSX/MacOS Custom URL Schemes; Philips e-Alert Vulnerablity Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OSX/MacOS Custom URL Schemes; Philips e-Alert Vulnerablity https://traffic.libsyn.com/securitypodcast/6150.mp3 https://isc.sans.edu/podcastdetail/6150 Sun, 02 Sep 2018 18:45:03 GMT https://objective-see.com/blog/blog_0x38.html
Philips e-Alert Vulnerability
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
]]> 4:45 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6148 Cryptocoin Miners Rule; Android Privacy Weakness; Mimecast EMail Stats Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cryptocoin Miners Rule; Android Privacy Weakness; Mimecast EMail Stats https://traffic.libsyn.com/securitypodcast/6148.mp3 https://isc.sans.edu/podcastdetail/6148 Thu, 30 Aug 2018 20:15:04 GMT https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050/
Cryptocoin Miners Deployed via Struts Vulnerability
https://www.volexity.com/blog/2018/08/27/active-exploitation-of-new-apache-struts-vulnerability-cve-2018-11776-deploys-cryptocurrency-miner/
Mimecast Identifies Weaknesses in Existing EMail Filters
https://www.mimecast.com/resources/ebooks/dates/2018/7/the-state-of-email-security-2018-report/
Android Leaks Information to Processes
https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/
]]> 5:59 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6146 More Octoprint Details #3dprint flaws; Packagist PHP Repo; More OpenSSH; TPM Flaws; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Octoprint Details #3dprint flaws; Packagist PHP Repo; More OpenSSH; TPM Flaws; https://traffic.libsyn.com/securitypodcast/6146.mp3 https://isc.sans.edu/podcastdetail/6146 Wed, 29 Aug 2018 20:40:02 GMT https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/
Packagist Remote Code Injection Vulnerability
https://justi.cz/security/2018/08/28/packagist-org-rce.html
More OpenSSH User Enumeration Issues
http://seclists.org/oss-sec/2018/q3/180
Two new TPM Vulnerabilities
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-han.pdf
]]> 6:12 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6144 Windows Priv. Escalation 0 Day; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows Priv. Escalation 0 Day; https://traffic.libsyn.com/securitypodcast/6144.mp3 https://isc.sans.edu/podcastdetail/6144 Tue, 28 Aug 2018 20:35:02 GMT https://www.kb.cert.org/vuls/id/906424
3D Printers Exposed to Internet
https://isc.sans.edu/forums/diary/OctoPrint+3D+Web+Interfaces+EXPOSED+Port+5000+default/24038/
Firefox Nightly Built Removes Trust From Symantec Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1460062
https://bugzilla.mozilla.org/show_bug.cgi?id=1484006
]]> 5:21 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6142 HWorm Infection Date; Gnome "Bubblewrap"; Fortnite Android Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HWorm Infection Date; Gnome "Bubblewrap"; Fortnite Android Vuln https://traffic.libsyn.com/securitypodcast/6142.mp3 https://isc.sans.edu/podcastdetail/6142 Mon, 27 Aug 2018 20:45:03 GMT https://isc.sans.edu/forums/diary/When+was+this+machine+infected/24032/
CentOS / Ubuntu Turn Off Gnome "Bubblewrap" Sandbox
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
Fortnite Android Arbitrary Code Install Vulnerability
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
]]> 4:27 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6140 Struts CVE-2018-11776 Exploit Public; Publisher Malware; AT Commands; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Struts CVE-2018-11776 Exploit Public; Publisher Malware; AT Commands; https://traffic.libsyn.com/securitypodcast/6140.mp3 https://isc.sans.edu/podcastdetail/6140 Sun, 26 Aug 2018 19:40:02 GMT https://github.com/mazen160/struts-pwn_CVE-2018-11776
https://github.com/jiguang7/CVE-2018-11776
Publisher Malware
https://isc.sans.edu/forums/diary/Microsoft+Publisher+Files+Delivering+Malware/24024/
https://isc.sans.edu/forums/diary/Microsoft+Publisher+malware+static+analysis/24026/
AT Commands
https://atcommands.org/atdb/vendors
Using a Microphone to Read Screen Content
https://www.cs.tau.ac.il/~tromer/synesthesia/synesthesia.pdf
]]> 6:02 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6138 Formcrafts Phishing; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Formcrafts Phishing; https://traffic.libsyn.com/securitypodcast/6138.mp3 https://isc.sans.edu/podcastdetail/6138 Thu, 23 Aug 2018 21:40:02 GMT https://isc.sans.edu/forums/diary/Simple+Phishing+Through+formcraftscom/24020/
Facebook's Onavo VPN removed from Apple AppStore
https://www.wsj.com/articles/facebook-to-remove-data-security-app-from-apple-store-1534975340?mod=e2tw (paywall)
https://medium.com/@chronic_9612/notes-on-analytics-and-tracking-in-onavo-protect-for-ios-904bdff346c0
Phishing False Alarm
https://www.cnn.com/2018/08/23/politics/dnc-hack-false-alarm/index.html
Fake Crypto Trading App Stealing Crypot Currency From Mac Users
https://www.businesswire.com/news/home/20180823005093/en/AppleJeus-Lazarus-Group-Hunts-Cryptocurrency-Exchanges-macOS
Intel Simplifies Microcode License
https://twitter.com/imadsousou/status/1032680311753072640
]]> 6:09 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6136 New Critical Apache Struts Vulnerability; Ghostscript Vuln; Photoshop CC Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New Critical Apache Struts Vulnerability; Ghostscript Vuln; Photoshop CC Vuln https://traffic.libsyn.com/securitypodcast/6136.mp3 https://isc.sans.edu/podcastdetail/6136 Wed, 22 Aug 2018 21:30:02 GMT https://semmle.com/news/apache-struts-CVE-2018-11776
https://cwiki.apache.org/confluence/display/WW/S2-057
Hardening Apache Struts With SELinux
https://doublepulsar.com/hardening-apache-struts-with-selinux-db3a9cd1a10c?gi=f23fc884264a
Ghostscript Code Execution Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1640
Photoshop CC Patch
https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
]]> 5:18 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6134 Malicious DLL Loaded with AutoIT; Critical Traefik Bug; Debian L1TF Patch Problem Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious DLL Loaded with AutoIT; Critical Traefik Bug; Debian L1TF Patch Problem https://traffic.libsyn.com/securitypodcast/6134.mp3 https://isc.sans.edu/podcastdetail/6134 Tue, 21 Aug 2018 21:05:03 GMT https://isc.sans.edu/forums/diary/Malicious+DLL+Loaded+Through+AutoIT/24008/
Traefik Fixes TLS Private Key Exposure
https://github.com/containous/traefik/issues/3651
TLS Certificates Survive Domain Ownership
https://insecure.design
Intel Microcode License Update Causes Problems for Debian Linux
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158#14
]]> 5:19 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6132 Javascript ReDOS; OpenSSH User Enum Update; Turning (Page) Tables Exploit Technique Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Javascript ReDOS; OpenSSH User Enum Update; Turning (Page) Tables Exploit Technique https://traffic.libsyn.com/securitypodcast/6132.mp3 https://isc.sans.edu/podcastdetail/6132 Mon, 20 Aug 2018 21:40:02 GMT http://mp.binaervarianz.de/ReDoS_TR_Dec2017.pdf
OpenSSH User Enumeration Update
https://isc.sans.edu/forums/diary/OpenSSH+user+enumeration+CVE201815473/24004
Turning (Page) Tables Exploit Technique
https://cdn2.hubspot.net/hubfs/487909/Turning%20(Page)%20Tables_Slides.pdf
]]> 5:17 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6130 CVE-2018-8373 (VBScript Vulnerability); PHP Deserialization Vuln; HP Fax Patches Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CVE-2018-8373 (VBScript Vulnerability); PHP Deserialization Vuln; HP Fax Patches https://traffic.libsyn.com/securitypodcast/6130.mp3 https://isc.sans.edu/podcastdetail/6130 Sun, 19 Aug 2018 20:05:02 GMT Fragmentsmack Summary
https://isc.sans.edu/forums/diary/Back+to+the+90s+FragmentSmack/23998/
HP Does Not Release Patches for Non-Windows Users
https://www.intego.com/mac-security-blog/exclusive-hp-leaves-mac-users-vulnerable-to-fax-hacks/
More about VB Script 0-Day Vulnerability and "Dark Hotel" (chinese only)
https://ti.360.net/blog/articles/analyzing-attack-of-cve-2018-8373-and-darkhotel/
https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/
PHP Deserialization Vulnerability Code Execution
https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf?
]]> 5:53 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6128 Anonymize pcaps; OpenSSH User Enum Vuln; VoiceXML #XXE; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Anonymize pcaps; OpenSSH User Enum Vuln; VoiceXML #XXE; https://traffic.libsyn.com/securitypodcast/6128.mp3 https://isc.sans.edu/podcastdetail/6128 Fri, 17 Aug 2018 00:10:02 GMT https://isc.sans.edu/forums/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990/
OpenSSH User Enumeration Vulnerability
http://seclists.org/oss-sec/2018/q3/124
VoiceXML XML External Entity Vulnerability
https://hackerone.com/reports/395296
Skimreaper Credit Card Skimmer Detector
http://skimreaper.com
]]> 6:34 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6126 Maldoc Ransomware; Linux IP Frag DoS; macOS Scripting Mouse Clicks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Maldoc Ransomware; Linux IP Frag DoS; macOS Scripting Mouse Clicks https://traffic.libsyn.com/securitypodcast/6126.mp3 https://isc.sans.edu/podcastdetail/6126 Thu, 16 Aug 2018 01:05:02 GMT Password Protected Word Documents Push AZORult and Hermes Ransomware
https://isc.sans.edu/forums/diary/More+malspam+pushing+passwordprotected+Word+docs+for+AZORult+and+Hermes+Ransomware/23992/
Linux IP Fragmentation DoS
https://www.kb.cert.org/vuls/id/641765
Scripting Mouse Clicks to Bypass macOS Security
https://speakerdeck.com/patrickwardle/the-mouse-is-mightier-than-the-sword
Concentration of Coinhive Miners
https://arxiv.org/pdf/1808.00811.pdf
]]> 5:45 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6124 #MSFT Patch Tuesday; Oracle Patch; Intel Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #MSFT Patch Tuesday; Oracle Patch; Intel Patch https://traffic.libsyn.com/securitypodcast/6124.mp3 https://isc.sans.edu/podcastdetail/6124 Wed, 15 Aug 2018 11:41:56 GMT https://isc.sans.edu/forums/diary/Microsoft+August+2018+Patch+Tuesday/23986/
Oracle Database Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
Intel Fixes Three More CPU Flaws
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
]]> 6:11 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6122 New Sextortion Wave; Intel Puma; btlejack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New Sextortion Wave; Intel Puma; btlejack https://traffic.libsyn.com/securitypodcast/6122.mp3 https://isc.sans.edu/podcastdetail/6122 Tue, 14 Aug 2018 02:10:02 GMT New Extortion Tricks: Now Including Your (Partial) Phone Number!
Intel Releases Patch for Puma Modem Chips
https://www.dslreports.com/forum/r32071020-Internet-Rogers-modem-router-rebooting-on-wan-scans-by-design
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-000097.html
Bluetooth Low Energy Attack Tool
https://github.com/virtualabs/btlejack
Tesla Will Fix Cars if Researcher Breaks it While Hacking
https://twitter.com/bitquark/status/1028373178421309440
]]> 5:03 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6120 VIA C3 "God Mode"; Apple MDM Vulnerability; Peeking into MSG Files; JA3 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VIA C3 "God Mode"; Apple MDM Vulnerability; Peeking into MSG Files; JA3 https://traffic.libsyn.com/securitypodcast/6120.mp3 https://isc.sans.edu/podcastdetail/6120 Mon, 13 Aug 2018 01:50:02 GMT https://github.com/xoreaxeaxeax/rosenbridge
Apple MDM Vulnerablity
https://www.wired.com/story/mac-remote-hack-wifi-enterprise/
Peeking into MSG Files
https://isc.sans.edu/forums/diary/Peeking+into+msg+files+revisited/23974/
Hunting SSL/TLS Clients Using JA3
https://isc.sans.edu/forums/diary/Hunting+SSLTLS+clients+using+JA3/23972/
Mobile Payment Terminal Vulnerabilities
https://www.blackhat.com/us-18/briefings.html#for-the-love-of-money-finding-and-exploiting-vulnerabilities-in-mobile-point-of-sales-systems
]]> 6:07 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6118 Pacemaker/Insulin Pump Vuln; Panic Attacks; Process Doppleganging Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Pacemaker/Insulin Pump Vuln; Panic Attacks; Process Doppleganging https://traffic.libsyn.com/securitypodcast/6118.mp3 https://isc.sans.edu/podcastdetail/6118 Fri, 10 Aug 2018 01:30:03 GMT https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/
"Panic Attacks" Against City Infrastructure
https://www.bbc.com/news/technology-45128053
Kaspersky VPN Leaks DNS Traffic
https://www.inputzero.io/2018/08/kaspersky-vpn-leaks-dns-address.html
Osiris Dropper Uses Process Dopplegaenging
https://blog.malwarebytes.com/threat-analysis/2018/08/osiris-using-process-doppelganging/
]]> 5:13 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6116 Homebrew Exposed Github Creds; WhatsApp Vuln.; Netflix AWS Methodology Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Homebrew Exposed Github Creds; WhatsApp Vuln.; Netflix AWS Methodology https://traffic.libsyn.com/securitypodcast/6116.mp3 https://isc.sans.edu/podcastdetail/6116 Thu, 09 Aug 2018 02:30:02 GMT https://brew.sh/2018/08/05/security-incident-disclosure/
WhatsApp Vulnerability
https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/
Netflix Releases Tool To Detected Cloud Credential Compromise
https://medium.com/netflix-techblog/netflix-cloud-security-detecting-credential-compromise-in-aws-9493d6fd373a
]]> 5:07 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6114 Linux TCP DoS; Android August Updates; Lets Encrypt Trusted; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Linux TCP DoS; Android August Updates; Lets Encrypt Trusted; https://traffic.libsyn.com/securitypodcast/6114.mp3 https://isc.sans.edu/podcastdetail/6114 Wed, 08 Aug 2018 03:30:04 GMT https://www.kb.cert.org/vuls/id/962459
Let's Encrypt Now Trusted By All Major Root CA Programs
https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html
Android Updates
https://source.android.com/security/bulletin/2018-08-01
OpenEMR Vulnerabilities
https://insecurity.sh/assets/reports/openemr.pdf
]]> 5:34 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6112 Numeric Obfuscation; Crestron Touchscreen Vulnerability; Facbook TLS 1.3; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Numeric Obfuscation; Crestron Touchscreen Vulnerability; Facbook TLS 1.3; https://traffic.libsyn.com/securitypodcast/6112.mp3 https://isc.sans.edu/podcastdetail/6112 Tue, 07 Aug 2018 01:45:06 GMT https://isc.sans.edu/forums/diary/Numeric+obfuscation+another+example/23960/
Crestron Touchscreen Vulnerability
https://blog.securitycompass.com/security-advisory-regarding-crestron-tsw-xx60-touch-panel-devices-9f1a71a926a5
Facebook Releases "Fizz" TLS 1.3 Library
https://github.com/facebookincubator/fizz
]]> 5:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6110 New WPA Attack; Fake Techsupport Better Targeting; HP Printer Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New WPA Attack; Fake Techsupport Better Targeting; HP Printer Updates https://traffic.libsyn.com/securitypodcast/6110.mp3 https://isc.sans.edu/podcastdetail/6110 Mon, 06 Aug 2018 01:55:02 GMT https://hashcat.net/forum/thread-7717.html
Fake Techsupport Uses More Intelligent Call Routing
https://www.symantec.com/blogs/threat-intelligence/tech-support-scam-call-optimization
HP Printer Updates
https://support.hp.com/us-en/document/c06097712
]]> 5:30 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6108 Malware in Animated GIF files; MicroTik Miner Botnet; MSFT Edge Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware in Animated GIF files; MicroTik Miner Botnet; MSFT Edge Vulnerability https://traffic.libsyn.com/securitypodcast/6108.mp3 https://isc.sans.edu/podcastdetail/6108 Fri, 03 Aug 2018 02:15:07 GMT https://isc.sans.edu/forums/diary/DHLthemed+malspam+reveals+embedded+malware+in+animated+gif/23944/
MikroTik Miner Botnet
https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-%E2%80%93-First-we-cryptojack-Brazil,-then-we-take-the-World-/
Microsoft Edge Vulnerability
https://www.netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file/
]]> 6:30 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6106 Facebook #smishing; Port 52869 UPNP Attacks; Google/Microsoft Improve Security Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Facebook #smishing; Port 52869 UPNP Attacks; Google/Microsoft Improve Security https://traffic.libsyn.com/securitypodcast/6106.mp3 https://isc.sans.edu/podcastdetail/6106 Thu, 02 Aug 2018 01:05:02 GMT https://isc.sans.edu/forums/diary/Facebook+Phishing+via+SMS/23940/
Port 52869 UPNP Attacks
https://isc.sans.edu/forums/diary/When+Cameras+and+Routers+attack+Phones+Spike+in+CVE20148361+Exploits+Against+Port+52869/23942/
Microsoft Improves Account Security for Midterm Elections
https://www.bleepingcomputer.com/news/microsoft/microsoft-accountguard-service-offers-protection-for-political-and-election-orgs/
Google Improves "Government Sponsored Attacks" Alert for GSuite
https://9to5google.com/2018/08/01/g-suite-admins-government-based-attackers/
]]> 6:26 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6104 Powershell Inside Certificates; TEMPEST is Back; Big Star Labs Spyware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Powershell Inside Certificates; TEMPEST is Back; Big Star Labs Spyware https://traffic.libsyn.com/securitypodcast/6104.mp3 https://isc.sans.edu/podcastdetail/6104 Wed, 01 Aug 2018 01:55:04 GMT https://blog.nviso.be/2018/07/31/powershell-inside-a-certificate-part-1/
TEMPEST is Back
http://youtu.be/BpNP9b3aIfY?a
Big Star Labs Spyware
https://adguard.com/en/blog/big-star-labs-spyware/
]]> 6:24 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6102 DOSFuscation; Lets Encrypt Outage; Malvertising Campaign; Keepass Correction Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DOSFuscation; Lets Encrypt Outage; Malvertising Campaign; Keepass Correction https://traffic.libsyn.com/securitypodcast/6102.mp3 https://isc.sans.edu/podcastdetail/6102 Tue, 31 Jul 2018 01:45:05 GMT https://isc.sans.edu/forums/diary/Malicious+Word+documents+using+DOSfuscation/23932/
Let's Encrypt Outage
https://letsencrypt.status.io
Malvertising Campaign Insides
https://research.checkpoint.com/malvertising-campaign-based-secrets-lies/
]]> 6:56 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6100 Sextortion BTC Earnings; Adware Laced Downloads; PDF Editor Supply Chain Attack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sextortion BTC Earnings; Adware Laced Downloads; PDF Editor Supply Chain Attack https://traffic.libsyn.com/securitypodcast/6100.mp3 https://isc.sans.edu/podcastdetail/6100 Mon, 30 Jul 2018 00:25:03 GMT https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money/23922/
Adware Distributed with Legitimate Applications
https://www.bleepingcomputer.com/news/security/fake-websites-for-keepass-7zip-audacity-others-found-pushing-adware/
https://twitter.com/JusticeRage
PDF Editor Supply Chain Exploit
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/
]]> 7:10 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6098 NetSpectre; Google Play Outlaws Miners; Japanese Calendar Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NetSpectre; Google Play Outlaws Miners; Japanese Calendar https://traffic.libsyn.com/securitypodcast/6098.mp3 https://isc.sans.edu/podcastdetail/6098 Fri, 27 Jul 2018 00:35:05 GMT https://misc0110.net/web/files/netspectre.pdf
Google Play Store Bans Crypto Miners
https://play.google.com/about/developer-content-policy-print/
Japanese Calendar Issues
https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/
Multiple Vulnerabilities in Samsung SmartThings Hub
https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html?m=1
Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers. Ryan O'Grady
https://www.sans.org/reading-room/whitepapers/artificialintelligence/times-change-training-data-too-effect-training-data-recency-twitter-classifiers-38500]]> 15:52 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6096 Etherscan.io XSS; Tomcast Patch; DNS over HTTPs: Centralized or not?; ERP Systems Targeted Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Etherscan.io XSS; Tomcast Patch; DNS over HTTPs: Centralized or not?; ERP Systems Targeted https://traffic.libsyn.com/securitypodcast/6096.mp3 https://isc.sans.edu/podcastdetail/6096 Thu, 26 Jul 2018 01:40:04 GMT https://scotthelme.co.uk/xss-on-etherscan-io/
Tomcat Vulnerabilities Patched
https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat
DNS over HTTPS Standard Finalized
https://datatracker.ietf.org/wg/doh/about/
ERP Systems Targeted in Recent Attacks
https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
]]> 5:19 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6094 Emotet Update; Clear Text Phone Tracking; Bluetooth Bug; Apache OpenWhisk Bug Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet Update; Clear Text Phone Tracking; Bluetooth Bug; Apache OpenWhisk Bug https://traffic.libsyn.com/securitypodcast/6094.mp3 https://isc.sans.edu/podcastdetail/6094 Wed, 25 Jul 2018 03:05:02 GMT https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/
Clear Text Phone Tracking
https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/
Bluetooth Bug
https://www.kb.cert.org/vuls/id/304725
Apache OpenWhisk Vulnerability
https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702
]]> 5:13 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6092 More Spectre; IE 0Day Patch Patched; HTTP Insecure; DNS Rebinding Again; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Spectre; IE 0Day Patch Patched; HTTP Insecure; DNS Rebinding Again; https://traffic.libsyn.com/securitypodcast/6092.mp3 https://isc.sans.edu/podcastdetail/6092 Tue, 24 Jul 2018 02:00:25 GMT https://arxiv.org/pdf/1807.07940.pdf
July IE Patch Fixed older Remote Code Exec. Bug
http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/
Google Chrome 68 Released Today. HTTP sites marked as "insecure"
https://support.google.com/chrome/a/answer/7679408?hl=en
DNS Rebinding Vulnerablity Common in IoT
https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/
]]> 6:21 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6090 New WebLogic Vuln Exploited; MSFt Edge XSS Protection Issue; Intel ME Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New WebLogic Vuln Exploited; MSFt Edge XSS Protection Issue; Intel ME https://traffic.libsyn.com/securitypodcast/6090.mp3 https://isc.sans.edu/podcastdetail/6090 Mon, 23 Jul 2018 00:30:16 GMT https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/
Microsoft Edge Turns off XSS Protection
https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge
Intel Management Engine Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
User Tracking With TLS 1.2 Certificates
http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf
]]> 5:15 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6088 Cisco Patches; Smart Vacuum Bugs; Instagram 2FA Update; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cisco Patches; Smart Vacuum Bugs; Instagram 2FA Update; https://traffic.libsyn.com/securitypodcast/6088.mp3 https://isc.sans.edu/podcastdetail/6088 Fri, 20 Jul 2018 02:50:03 GMT https://tools.cisco.com/security/center/publicationListing.x
Diqee Smart Vacuum Vulnerabilities
http://en.diqee.com/goods/1994.html
Instagram About To Release 2FA Update
https://techcrunch.com/2018/07/17/instagram-2-factor/
Reporting Malicious Websites
https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/
]]> 5:14 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6086 Port 15454; Oracle CPU; Venmo Public API rediscovered; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Port 15454; Oracle CPU; Venmo Public API rediscovered; https://traffic.libsyn.com/securitypodcast/6086.mp3 https://isc.sans.edu/podcastdetail/6086 Thu, 19 Jul 2018 01:55:02 GMT https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Venmo Public Transaction API
https://publicbydefault.fyi
Credential Stuffing Responsible for Majority of Login Attempts
http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security
]]> 5:20 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6084 Geolocating Login Attempts; Typo3 Update; Money Laundry Scheme Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Geolocating Login Attempts; Typo3 Update; Money Laundry Scheme https://traffic.libsyn.com/securitypodcast/6084.mp3 https://isc.sans.edu/podcastdetail/6084 Wed, 18 Jul 2018 02:00:06 GMT https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/
Typo3 CMS Update
https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/
GitHub Expands Security Scanner to Python
https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/
Money Laundry Scheme Exposed by Open Mongo database.
https://kromtech.com/blog/security-center/digital-laundry
]]> 5:25 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6082 Encrypted SNI in TLS 1.3; Microsoft Will Retire "Delta Updates"; GPS Spoofing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Encrypted SNI in TLS 1.3; Microsoft Will Retire "Delta Updates"; GPS Spoofing https://traffic.libsyn.com/securitypodcast/6082.mp3 https://isc.sans.edu/podcastdetail/6082 Tue, 17 Jul 2018 03:10:04 GMT https://tools.ietf.org/html/draft-rescorla-tls-esni-00
Microsoft to Retire "Delta Updates"
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426

Practical GPS Spoofing of Navigation Devices
https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf
]]> 7:54 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6080 Cryptominer Attached to JS; Dahua Vuln Exploited by Search Engine; iPhone MDM Spy Campaign Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cryptominer Attached to JS; Dahua Vuln Exploited by Search Engine; iPhone MDM Spy Campaign https://traffic.libsyn.com/securitypodcast/6080.mp3 https://isc.sans.edu/podcastdetail/6080 Mon, 16 Jul 2018 04:25:02 GMT https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/
Cryptocoin Mining Javascript (yet again)
https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/
Dahua Passwords Leaked/Cached by Search Engine
https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/
MDM Used in Targeted Attack Against iPhone Users
https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html
]]> 7:12 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6078 Extortion With Password; npm Package Malware; CIRCL IMAP Proxy; Banking Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Extortion With Password; npm Package Malware; CIRCL IMAP Proxy; Banking Malware https://traffic.libsyn.com/securitypodcast/6078.mp3 https://isc.sans.edu/podcastdetail/6078 Fri, 13 Jul 2018 02:05:02 GMT https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/
npm Package Compromised and Used To Steal Credentials
https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026
CIRCL IMAP Proxy
https://github.com/CIRCL/IMAP-Proxy
Checkpoint Names "Dorkbot" As A Top Threat (Signup required)
https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/
]]> 5:54 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6076 Hello Peppa Followup; Spectre 1.1/2; Site Isolation in Chrome Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hello Peppa Followup; Spectre 1.1/2; Site Isolation in Chrome https://traffic.libsyn.com/securitypodcast/6076.mp3 https://isc.sans.edu/podcastdetail/6076 Thu, 12 Jul 2018 01:55:03 GMT https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/
Spectre 1.1 and 1.2
https://people.csail.mit.edu/vlk/spectre11.pdf
Internet Exchanges Band Together against BGP Hijacking
https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/
Google Enabled Site Isolation in Chrome
https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/
]]> 5:46 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6074 MSFT Patch Tueday; SettingContent-ms Files Blacklisted; Adobe Patches; Stolen DLINK Certificate; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Tueday; SettingContent-ms Files Blacklisted; Adobe Patches; Stolen DLINK Certificate; https://traffic.libsyn.com/securitypodcast/6074.mp3 https://isc.sans.edu/podcastdetail/6074 Wed, 11 Jul 2018 01:30:11 GMT https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+July+2018+now+with+Dashboard/23858/
https://patchtuesdaydashboard.com/
SettingContent-ms Files Blacklisted
https://support.office.com/en-us/article/packager-activation-in-office-365-desktop-applications-52808039-4a7c-4550-be3a-869dd338d834?ui=en-US&rs=en-US&ad=US
Adobe Patches
https://helpx.adobe.com/security.html
Stolen DLINK Certificate
https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/
]]> 6:04 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6072 Reverse Shell via Weblogic; Apple Patchesi; Hardening Azure AD Password Selection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reverse Shell via Weblogic; Apple Patchesi; Hardening Azure AD Password Selection https://traffic.libsyn.com/securitypodcast/6072.mp3 https://isc.sans.edu/podcastdetail/6072 Tue, 10 Jul 2018 01:40:02 GMT https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/
Apple Patches Everything Again
https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/
Microsoft Offers Better Azure AD Password Protection
http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/
]]> 5:43 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6070 HP iLO 4 Exploit; Miner/Ransomware; Online Gas Station Heist; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HP iLO 4 Exploit; Miner/Ransomware; Online Gas Station Heist; https://traffic.libsyn.com/securitypodcast/6070.mp3 https://isc.sans.edu/podcastdetail/6070 Mon, 09 Jul 2018 02:10:02 GMT https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf
Flexible Miner/Ransomware
https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/
Hacker Steals Gas From Gas Station
https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411
]]> 4:22 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6068 Gentoo GitHub Breach PM; World Cup Used to Trap Israeli Soldiers Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Gentoo GitHub Breach PM; World Cup Used to Trap Israeli Soldiers https://traffic.libsyn.com/securitypodcast/6068.mp3 https://isc.sans.edu/podcastdetail/6068 Fri, 06 Jul 2018 00:45:04 GMT https://wiki.gentoo.org/wiki/Github/2018-06-28
Hamas Sets World Cup Trap for Israeli Soldiers
https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX
]]> 5:06 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6066 Watching Progress For Windows Scripts; Sylish Extension Steals History Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Watching Progress For Windows Scripts; Sylish Extension Steals History https://traffic.libsyn.com/securitypodcast/6066.mp3 https://isc.sans.edu/podcastdetail/6066 Thu, 05 Jul 2018 03:25:02 GMT https://isc.sans.edu/forums/diary/Progress+indication+for+scripts+on+Windows/23830/
Stylish Extension Steals History
https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/
Data Leaks From Android Apps
https://recon.meddle.mobi/panoptispy/
]]> 3:13 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6064 Odd PHP Exploit Attempt; Diameter Security; Attack Against Trezor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd PHP Exploit Attempt; Diameter Security; Attack Against Trezor https://traffic.libsyn.com/securitypodcast/6064.mp3 https://isc.sans.edu/podcastdetail/6064 Mon, 02 Jul 2018 22:25:03 GMT https://isc.sans.edu/forums/diary/Hello+Peppa+PHP+Scans/23826/
Diameter Security Report
https://www.ptsecurity.com/ww-en/premium/diameter-2018/
Attack Against Trezor via DNS or BGP
https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced
Symantec Offers VPNFilter Check
http://www.symantec.com/filtercheck/
]]> 5:22 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6062 MacOS Malware; LTE Attacks; Rowhammer Exploit For Android (and counter measure) Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MacOS Malware; LTE Attacks; Rowhammer Exploit For Android (and counter measure) https://traffic.libsyn.com/securitypodcast/6062.mp3 https://isc.sans.edu/podcastdetail/6062 Mon, 02 Jul 2018 01:30:05 GMT https://isc.sans.edu/forums/diary/Crypto+community+target+of+MacOS+malware/23816/
New LTE Attacks Made Public
https://alter-attack.net
Rowhammer Attacks Against Android
https://rampageattack.com
]]> 6:29 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6060 Nice Miners; Disassembling Webassembly; Spectre Browser Bypass; Gentoo Github Repo Takeover Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Nice Miners; Disassembling Webassembly; Spectre Browser Bypass; Gentoo Github Repo Takeover https://traffic.libsyn.com/securitypodcast/6060.mp3 https://isc.sans.edu/podcastdetail/6060 Fri, 29 Jun 2018 03:40:03 GMT https://isc.sans.edu/forums/diary/New+and+Improved+Cryptominers+Now+with+50+less+Greed/23812/
Disassemling Webassembly
https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries
Spectre Browser Mitigation Bypass
https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/
Gentoo Github Repository Compromise
https://archives.gentoo.org/gentoo-announce/message/dc23d48d2258e1ed91599a8091167002
]]> 6:01 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6058 Magic Unicorn O365 API; Anonymizing Printers; Malware Analysis Opsec; CVE-2018-0296 (Cisco) Exploite Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Magic Unicorn O365 API; Anonymizing Printers; Malware Analysis Opsec; CVE-2018-0296 (Cisco) Exploite https://traffic.libsyn.com/securitypodcast/6058.mp3 https://isc.sans.edu/podcastdetail/6058 Wed, 27 Jun 2018 23:25:03 GMT http://lmgsecurity.com/exposing-the-secret-office-365-forensics-tool/
Anonymizing Printers
https://tu-dresden.de/ing/informatik/sya/ps/die-professur/news/geheime-daten-auf-dem-druckpapier-diplominformatiker-der-tu-dresden-entwickeln-verfahren-gegen-druckerueberwachung
Silently Profiling Unknown Malware Samples
https://isc.sans.edu/forums/diary/Silently+Profiling+Unknown+Malware+Samples/23808/
Cisco CVE-2018-0296 Exploited
https://www.bleepingcomputer.com/news/security/cisco-asa-flaw-exploited-in-the-wild-after-publication-of-two-pocs/
]]> 7:25 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6056 Analyzing XPS Files; WPA3 Finalized Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing XPS Files; WPA3 Finalized https://traffic.libsyn.com/securitypodcast/6056.mp3 https://isc.sans.edu/podcastdetail/6056 Wed, 27 Jun 2018 07:00:59 GMT https://isc.sans.edu/forums/diary/Analyzing+XPS+files/23804/
WPA3 Standard Finalized
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security
Executing Code with SettingContent-ms Files
https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39
EFF Analysis of STARTTLS
https://www.eff.org/deeplinks/2018/06/technical-deep-dive-starttls-everywhere
]]> 7:14 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6054 Guilty by Association; Filezila; iOS Pin Brute Forcing; Azure AD to Enforce 2FA Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Guilty by Association; Filezila; iOS Pin Brute Forcing; Azure AD to Enforce 2FA https://traffic.libsyn.com/securitypodcast/6054.mp3 https://isc.sans.edu/podcastdetail/6054 Tue, 26 Jun 2018 02:00:05 GMT https://isc.sans.edu/forums/diary/Guilty+by+association/23800/
Filezila and Adware
https://forum.filezilla-project.org/viewtopic.php?t=48441
iOS Pin Brute Forcing Confusion
https://twitter.com/hackerfantastic/status/1010631766087032832
https://twitter.com/hackerfantastic/status/1010240042990596096
Azure Baseline Security Policy
https://cloudblogs.microsoft.com/enterprisemobility/2018/06/22/baseline-security-policy-for-azure-ad-admin-accounts-in-public-preview/
Phone Battery Usage as Keystroke Logger
https://sites.google.com/site/silbersteinmark/Home/popets18power.pdf?attredirects=1
]]> 7:19 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6052 XPS Spam; Exploit Kit Trends; IETF Works To Deprecate TLS 1.0/1, Firebase Leaks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. XPS Spam; Exploit Kit Trends; IETF Works To Deprecate TLS 1.0/1, Firebase Leaks https://traffic.libsyn.com/securitypodcast/6052.mp3 https://isc.sans.edu/podcastdetail/6052 Mon, 25 Jun 2018 00:40:02 GMT https://isc.sans.edu/forums/diary/XPS+Attachment+Used+for+Phishing/23794/
New Exploit Kit Trends
https://researchcenter.paloaltonetworks.com/2018/06/unit42-the-old-and-new-current-trends-in-web-based-threats/
https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-review/
Deprecating TLSv1.0 and TLSv1.1
https://datatracker.ietf.org/doc/draft-moriarty-tls-oldversions-diediedie/
Leaky Firebase Installs
http://info.appthority.com/-q2-2018-mtr-download-Firebase-vulnerability
]]> 5:40 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6050 Fake Android Fortnite; Fake Wannacry E-Mails; Cisco Bulletins; SamSam Ransomware; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake Android Fortnite; Fake Wannacry E-Mails; Cisco Bulletins; SamSam Ransomware; https://traffic.libsyn.com/securitypodcast/6050.mp3 https://isc.sans.edu/podcastdetail/6050 Fri, 22 Jun 2018 03:15:02 GMT https://blog.malwarebytes.com/cybercrime/2018/06/fake-fortnite-android-links-found-youtube/
Fake Wannacry E-Mails
https://twitter.com/actionfrauduk/status/1009803967705092096
Ransomware Installs In Internet Cafes
http://hznews.hangzhou.com.cn/shehui/content/2018-06/16/content_7020998.htm
OpenVPN Malicious Configuration Files
https://medium.com/tenable-techblog/reverse-shell-from-an-openvpn-configuration-file-73fd8b1d38da

Cisco Advisories
https://tools.cisco.com/security/center/publicationListing.x
]]> 5:50 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6048 TLS Phishing; OpenBSD Disables Hyperthreading; Bithumb Breach; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TLS Phishing; OpenBSD Disables Hyperthreading; Bithumb Breach; https://traffic.libsyn.com/securitypodcast/6048.mp3 https://isc.sans.edu/podcastdetail/6048 Thu, 21 Jun 2018 03:30:02 GMT https://isc.sans.edu/forums/diary/Secure+Phishing+Netflix+Phishing+Goes+TLS/23786/
OpenBSD Disables Hyperthreading By Default
https://www.mail-archive.com/source-changes@openbsd.org/msg99141.html
Bithumb Cyrpto Currency Exchnage Breached Again
https://www.bleepingcomputer.com/news/security/bithumb-hacked-second-time-in-a-year-hackers-steal-31-million/
Microsoft Edge CORS Bypass via Audio Files
https://jakearchibald.com/2018/i-discovered-a-browser-bug/
Microsoft Releases a Special Patch for Oracle Outside-In Libraries
https://support.microsoft.com/en-us/help/4092041/description-of-the-security-update-for-microsoft-exchange-server-2013
]]> 6:50 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6046 Malicious PS Script Disables Logging; Virustotal Monitor Service; Exposed Cloud Environments; Google Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious PS Script Disables Logging; Virustotal Monitor Service; Exposed Cloud Environments; Google https://traffic.libsyn.com/securitypodcast/6046.mp3 https://isc.sans.edu/podcastdetail/6046 Tue, 19 Jun 2018 23:55:02 GMT https://isc.sans.edu/forums/diary/PowerShell+ScriptBlock+Logging+Or+Not/23782/
Virustotal "False Positive" Alert
http://blog.virustotal.com/2018/06/vtmonitor-to-mitigate-false-positives.html
Cloud Environments Explosed to the Internet
https://info.lacework.com/hubfs/Containers%20At-Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf
Google Home DNS Rebinding Attack Reveals Geolocation
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
]]> 5:31 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6044 Obfuscated JavaScript Targeting Mobile Devices; Axis Camera Vulnerabilities; Old Apple Cache Leak; A Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Obfuscated JavaScript Targeting Mobile Devices; Axis Camera Vulnerabilities; Old Apple Cache Leak; A https://traffic.libsyn.com/securitypodcast/6044.mp3 https://isc.sans.edu/podcastdetail/6044 Tue, 19 Jun 2018 01:35:03 GMT https://isc.sans.edu/forums/diary/Malicious+JavaScript+Targeting+Mobile+Browsers/23778/
Axis Camera Vulnerabilities
https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/
Apple Caches Confidential Data on Unencrypted Drives
https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/
Andy Emulator Infected With CryptoMiner
https://www.reddit.com/r/emulators/comments/8rj8g5/warning_andy_android_emulator_andyos_andyroid/
]]> 5:53 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6042 SMTP Exfil Puzzle; Encrypted Office Documents; Recent Port 8000 Scans; WebUSB Issues Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SMTP Exfil Puzzle; Encrypted Office Documents; Recent Port 8000 Scans; WebUSB Issues https://traffic.libsyn.com/securitypodcast/6042.mp3 https://isc.sans.edu/podcastdetail/6042 Mon, 18 Jun 2018 00:20:02 GMT https://isc.sans.edu/forums/diary/SMTP+Strangeness+Possible+C2/23770/
Encrypted Office Documents
https://isc.sans.edu/forums/diary/Encrypted+Office+Documents/23774/
Recent Port 8000 Scans
https://www.bleepingcomputer.com/news/security/all-that-port-8000-traffic-this-week-yeah-thats-satori-looking-for-new-bots/
New Clipboard Cryptocoin Stealing Bot
https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/
WebUSB Weakness
https://pwnaccelerator.github.io/2018/webusb-yubico-disclosure.html
]]> 6:32 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6040 A WordPress Compromise; Not-So-Smart Padlock; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. A WordPress Compromise; Not-So-Smart Padlock; https://traffic.libsyn.com/securitypodcast/6040.mp3 https://isc.sans.edu/podcastdetail/6040 Fri, 15 Jun 2018 01:30:03 GMT https://isc.sans.edu/forums/diary/A+Bunch+of+Compromized+Wordpress+Sites/23764/
Breacking Bluetooth Low Energy Smart Padlock
https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-smart-lock/
WIM Disk Image Vulnerability
https://blog.talosintelligence.com/2018/06/vulnerability-spotlight-talos-2018-0545.html
Extracting Timely Sign-In Data from Office 365 Logs
https://www.sans.org/reading-room/whitepapers/logging/extracting-timely-sign-in-data-office-365-logs-38435
]]> 12:14 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6038 Yet Another Router Botnet? Cortana FTW; Compromised #docker Images; Lazy FPU Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Yet Another Router Botnet? Cortana FTW; Compromised #docker Images; Lazy FPU https://traffic.libsyn.com/securitypodcast/6038.mp3 https://isc.sans.edu/podcastdetail/6038 Thu, 14 Jun 2018 00:45:04 GMT https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/
Using Cortana To Compromise Windows 10
https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140/
Compromised Docker Images
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers
Lazy FPU Save/Restore Allows Malware Access to FPU
https://access.redhat.com/solutions/3485131
]]> 5:53 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6036 #MSFT Patch Tuesday; OS X Security Tools Code Verification Fail; Google Chrome Restricts Extension I Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #MSFT Patch Tuesday; OS X Security Tools Code Verification Fail; Google Chrome Restricts Extension I https://traffic.libsyn.com/securitypodcast/6036.mp3 https://isc.sans.edu/podcastdetail/6036 Wed, 13 Jun 2018 00:55:03 GMT https://isc.sans.edu/forums/diary/Microsoft+June+2018+Patch+Tuesday/23758/
Apple Code Signing Verification Vulnerability
https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/
Google Chrome Restricting Inline Extension Install
https://blog.chromium.org/2018/06/improving-extension-transparency-for.html
]]> 5:50 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6034 Lokibot Update; ETH JSON RPC Theft; Cryto Currency Miners Hiding; FBI BEC Arrest Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Lokibot Update; ETH JSON RPC Theft; Cryto Currency Miners Hiding; FBI BEC Arrest https://traffic.libsyn.com/securitypodcast/6034.mp3 https://isc.sans.edu/podcastdetail/6034 Tue, 12 Jun 2018 00:25:02 GMT https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/
Ethereum JSON RPC Theft
https://twitter.com/360Netlab/status/1006065566728085504
CryptoCurrency Miner Plays hide-and-seek
https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/
Apple Outlaws Crypto Currency Miners in App Store
https://developer.apple.com/app-store/review/guidelines/#hardware-compatibility
FBI Arrests Suspect in BEC Investigation
https://www.fbi.gov/news/stories/international-bec-takedown-061118
]]> 4:46 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6032 Microsoft Paper: Device Security; Finding Deserialization Bugs With Freddy; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Paper: Device Security; Finding Deserialization Bugs With Freddy; https://traffic.libsyn.com/securitypodcast/6032.mp3 https://isc.sans.edu/podcastdetail/6032 Mon, 11 Jun 2018 00:40:18 GMT https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
Finding Deserialisation Issues With Burp
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/finding-deserialisation-issues-has-never-been-easier-freddy-the-serialisation-killer/
FTC Starts Looking Into Cryptojacking
https://www.consumer.ftc.gov/blog/2018/06/protecting-your-devices-cryptojacking
Drupal Disputes Number of Vulnerable Sites
https://groups.drupal.org/node/520149
]]> 5:30 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6031 Critical Adobe Flash Update; Supermicro Firmware Bug; Twitter Loot Collection; Sofacy Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Critical Adobe Flash Update; Supermicro Firmware Bug; Twitter Loot Collection; Sofacy Update https://traffic.libsyn.com/securitypodcast/6031.mp3 https://isc.sans.edu/podcastdetail/6031 Fri, 08 Jun 2018 02:00:06 GMT https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
SuperMicro Firmware Vulnerability
https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/
FOSCAM Video Camera Vulnerabilities
https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/
Sofacy Update
https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/
Automated Twitter Loot Collection
https://isc.sans.edu/forums/diary/Automated+twitter+loot+collection/23743/
]]> 5:36 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6029 VPNFilter Update; Prowli Botnet; Cisco Security Bulletings; F-Secure Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VPNFilter Update; Prowli Botnet; Cisco Security Bulletings; F-Secure Vulnerability https://traffic.libsyn.com/securitypodcast/6029.mp3 https://isc.sans.edu/podcastdetail/6029 Thu, 07 Jun 2018 02:50:04 GMT https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
Prowli Botnet
https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining/
Cisco Security Bulletins
https://tools.cisco.com/security/center/publicationListing.x
F-Secure RAR Vulnerability
https://www.f-secure.com/en/web/labs_global/fsc-2018-2
PCAP to Weblogs
https://isc.sans.edu/forums/diary/Converting+PCAP+Web+Traffic+to+Apache+Log/23739/
]]> 5:05 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6027 Post Exploit Script; Zip Slip Vulnerability; Redis Exploits; Drupalgeddon 2 Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Post Exploit Script; Zip Slip Vulnerability; Redis Exploits; Drupalgeddon 2 Update https://traffic.libsyn.com/securitypodcast/6027.mp3 https://isc.sans.edu/podcastdetail/6027 Wed, 06 Jun 2018 01:30:04 GMT Malicious Post-Exploitation Batch File
Zip Slip Vulnerability
https://snyk.io/research/zip-slip-vulnerability
Redis Exploits
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html
Drupalgeddon 2 Update
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
]]> 5:41 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6025 Authenticode Challenges; Miconfigured G-Suite Lists; PQCrypto VPN #quantumcomputing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Authenticode Challenges; Miconfigured G-Suite Lists; PQCrypto VPN #quantumcomputing https://traffic.libsyn.com/securitypodcast/6025.mp3 https://isc.sans.edu/podcastdetail/6025 Tue, 05 Jun 2018 01:25:03 GMT https://isc.sans.edu/forums/diary/Digging+into+Authenticode+Certificates/23731/
Misconfigured G-Suite Mailing Lists
https://www.kennasecurity.com/widespread-google-groups-misconfiguration-exposes-sensitive-information/
Microsoft Releases Open Source Post Quantum VPN
https://github.com/Microsoft/PQCrypto-VPN
]]> 6:02 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6023 Apple Patches Everything; VPNFilter Compeback; Reversing with Radare2 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Patches Everything; VPNFilter Compeback; Reversing with Radare2 https://traffic.libsyn.com/securitypodcast/6023.mp3 https://isc.sans.edu/podcastdetail/6023 Mon, 04 Jun 2018 00:35:03 GMT https://isc.sans.edu/forums/diary/Apple+Security+Updates/23727/
VPNFilter Makes a Comeback
https://jask.com/from-russia-with-love/
Reverse Analysis with Radare2
https://isc.sans.edu/forums/diary/Binary+analysis+with+Radare2/23723/
Pet Location Tracker Vulnerabilities
https://threatpost.com/pet-trackers-open-to-mitm-attacks-interception/132291/
]]> 5:29 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6021 Safely Resetting Routers (#VPNFilter); CSS3 Mix-Blend-Mode Leak; Apple iMessage Security Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Safely Resetting Routers (#VPNFilter); CSS3 Mix-Blend-Mode Leak; Apple iMessage Security https://traffic.libsyn.com/securitypodcast/6021.mp3 https://isc.sans.edu/podcastdetail/6021 Fri, 01 Jun 2018 01:05:03 GMT https://isc.sans.edu/forums/diary/Resetting+Your+Router+the+Paranoid+Right+Way/23719/
CSS mix-blend-mode Side Channel Attack
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/
New ActiveX Exploit Seen in the Wild
https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27263
Apple iMessage Security
https://support.apple.com/en-us/HT202303
10 Year Old Vulnerability in Steam Discovered
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
]]> 5:45 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6019 Windows JScript Vulnerability; Git Vulnerablity; SpamCannibal Blacklist; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows JScript Vulnerability; Git Vulnerablity; SpamCannibal Blacklist; https://traffic.libsyn.com/securitypodcast/6019.mp3 https://isc.sans.edu/podcastdetail/6019 Thu, 31 May 2018 03:10:03 GMT https://www.zerodayinitiative.com/advisories/ZDI-18-534/
Two Git Vulnerabilities Patched
https://marc.info/?l=git&m=152761328506724&w=2
https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/
SpamCannibal Blacklist Temporarily Marks All IPs as "Spam"
https://twitter.com/GossiTheDog/status/1001778042400854016
QRadar Remote Code Execution
https://blogs.securiteam.com/index.php/archives/3689
]]> 4:45 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6017 New DNS Features; Apple Updates; EOS Scans; NPM isn't a Teapot; SQL As Covert Channel Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New DNS Features; Apple Updates; EOS Scans; NPM isn't a Teapot; SQL As Covert Channel https://traffic.libsyn.com/securitypodcast/6017.mp3 https://isc.sans.edu/podcastdetail/6017 Tue, 29 May 2018 23:15:03 GMT https://isc.sans.edu/forums/diary/DNS+is+Changing+Are+you+Ready/23711/
Apple Updates
https://support.apple.com/en-us/HT201222
Scans For Misconfigured EOS Blockchain Nodes
https://www.bleepingcomputer.com/news/security/misconfigured-eos-blockchain-nodes-under-attack/
NPM Bug Causes Update Failures / Application Crashes
https://github.com/npm/npm/issues/20791#issuecomment-392648459
MnuBot Exfiltrates Data Via MSSQL
https://securityintelligence.com/new-banking-trojan-mnubot-discovered-by-ibm-x-force-research/
]]> 6:06 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6015 Ultrasound Mobile Location Tracking; NSIS and Malware; Z-Wave Attacks; Electron Issues Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ultrasound Mobile Location Tracking; NSIS and Malware; Z-Wave Attacks; Electron Issues https://traffic.libsyn.com/securitypodcast/6015.mp3 https://isc.sans.edu/podcastdetail/6015 Tue, 29 May 2018 01:35:03 GMT https://isc.sans.edu/forums/diary/Do+you+hear+Laurel+or+Yanny+or+is+it+OnOff+Keying/23707/
Analyzing Malware Created with NSIS
https://isc.sans.edu/forums/diary/Quick+analysis+of+malware+created+with+NSIS/23703/
Obfuscated Word Macro
https://isc.sans.edu/forums/diary/Antivirus+Evasion+Easy+as+123/23701/
Z-Wave Attacks
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/
https://www.silabs.com/community/blog.entry.html/2018/05/23/tl_dr_your_door_is-g1zC
Electron Framework Protocol Handler Patch Bypass
https://blog.doyensec.com/2018/05/24/electron-win-protocol-handler-bug-bypass.html
]]> 5:56 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6013 GDPR Day; Bitcoin Gold Double Spent Attack; Amazon Alexa Spy Bug; Verge Cryptocoin Attacked Again Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GDPR Day; Bitcoin Gold Double Spent Attack; Amazon Alexa Spy Bug; Verge Cryptocoin Attacked Again https://traffic.libsyn.com/securitypodcast/6013.mp3 https://isc.sans.edu/podcastdetail/6013 Fri, 25 May 2018 01:35:02 GMT https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Bitcoin Gold Double Spent Attack
https://forum.bitcoingold.org/t/double-spend-attack-on-exchanges/1362
Amazon Alexa Forwards Random Conversations
https://www.kiro7.com/news/local/woman-says-her-amazon-device-recorded-private-conversation-sent-it-out-to-random-contact/755507974
Verge Crypto Coin Attacked Again
https://www.bleepingcomputer.com/news/security/verge-cryptocurrency-network-falls-victim-to-same-attack-even-after-hard-fork/
]]> 4:39 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6011 VPNFilter; #DLink Vulnerabilities; #Firefox disables ambient light API Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VPNFilter; #DLink Vulnerabilities; #Firefox disables ambient light API https://traffic.libsyn.com/securitypodcast/6011.mp3 https://isc.sans.edu/podcastdetail/6011 Thu, 24 May 2018 01:40:03 GMT https://blog.talosintelligence.com/2018/05/VPNFilter.html
DLink Vulnerabilities
https://securelist.com/backdoors-in-d-links-backyard/85530/
Firefox Disabling "Spy APIs" and enabling 2FA
https://www.fxsitecompat.com/en-CA/docs/2018/ambient-light-and-proximity-sensor-apis-have-been-disabled/
]]> 5:35 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6009 Malicious SYLK Files; Patches for BMW; Mac Crypto Miners; VMWare Spectre Updates; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious SYLK Files; Patches for BMW; Mac Crypto Miners; VMWare Spectre Updates; https://traffic.libsyn.com/securitypodcast/6009.mp3 https://isc.sans.edu/podcastdetail/6009 Wed, 23 May 2018 01:30:02 GMT https://isc.sans.edu/forums/diary/Malware+Distributed+via+slk+Files/23687/
BMW Releases Patches for Several Cars
https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf
Mac Crypto Miners
https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2018/05/new-mac-cryptominer-uses-xmrig/
VMWare Spectre Updates
https://www.vmware.com/security/advisories/VMSA-2018-0012.html
]]> 4:50 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6007 Spectre NG Patches; New TheMoon(Mirai?) Variants; Extracing Keys from ssh-agent in Windows Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Spectre NG Patches; New TheMoon(Mirai?) Variants; Extracing Keys from ssh-agent in Windows https://traffic.libsyn.com/securitypodcast/6007.mp3 https://isc.sans.edu/podcastdetail/6007 Tue, 22 May 2018 01:55:02 GMT https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
New "Moon" Variant
http://blog.netlab.360.com/gpon-exploit-in-the-wild-iv-themoon-botnet-join-in-with-a-0day/
https://isc.sans.edu/forums/diary/Something+Wicked+this+way+comes/23681/
Extracting Keys From Windows ssh-agent
https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/
]]> 5:27 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6005 Redis Cryptocoin Mining Worm; Rowhammer over the Network; DrayTek CSRF Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Redis Cryptocoin Mining Worm; Rowhammer over the Network; DrayTek CSRF Exploit https://traffic.libsyn.com/securitypodcast/6005.mp3 https://isc.sans.edu/podcastdetail/6005 Mon, 21 May 2018 01:00:03 GMT https://isc.sans.edu/forums/diary/Anatomy+of+a+Redis+mining+worm/23673/
Evolving Chrome's Security Indicator
https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html
DrayTek CSRF 0-Day Exploited to Change DNS Servers
https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks
Rowhammer Remote Exploit
https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf
https://arxiv.org/abs/1805.04956
]]> 5:46 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6003 Claymore Miner Attack; PCI 3.2.1 Released; Keeper Update; Cisco Security Fixes Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Claymore Miner Attack; PCI 3.2.1 Released; Keeper Update; Cisco Security Fixes https://traffic.libsyn.com/securitypodcast/6003.mp3 https://isc.sans.edu/podcastdetail/6003 Fri, 18 May 2018 01:05:02 GMT https://isc.sans.edu/diary/Insecure+Claymore+Miner+Management+API+Exploited+in+the+Wild/23665/
PCI DSS Version 3.2.1. Released
https://isc.sans.edu/forums/diary/PCI+DSS+version+321+is+out/23667/
Keeper Releases Update
https://keepersecurity.com/blog/2018/05/15/response-may-15-seclists-report/
Cisco Security Update
https://tools.cisco.com/security/center/publicationListing.x]]> 5:42 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 6001 Critical DHCP Client Vuln (RedHat ES); Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Critical DHCP Client Vuln (RedHat ES); https://traffic.libsyn.com/securitypodcast/6001.mp3 https://isc.sans.edu/podcastdetail/6001 Wed, 16 May 2018 23:25:01 GMT https://access.redhat.com/security/vulnerabilities/3442151
UPnP Misconfiguration DDoS Attack
https://www.theregister.co.uk/2018/05/16/upnp_amplifies_ddos_attacks/
Ubuntu Snap Store Miner Incident Followup
https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store
iOS / Android "Zipper Down" Vulnerability
https://zipperdown.org/
]]> 6:27 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5999 PDF Exploit Live; Possible Keeper Password Manager Vuln; myetherwallet Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PDF Exploit Live; Possible Keeper Password Manager Vuln; myetherwallet Phishing https://traffic.libsyn.com/securitypodcast/5999.mp3 https://isc.sans.edu/podcastdetail/5999 Wed, 16 May 2018 00:30:02 GMT https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/
Possible Vulnerability in Keeper Password Manager
http://seclists.org/fulldisclosure/2018/May/41
MyEtherWallet Phishing
https://isc.sans.edu/forums/diary/Phishing+emails+for+fake+MyEtherWallet+login+page/23655/
]]> 6:56 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5997 PGP/SMIME #efail Vulnerability; Adobe PDF Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PGP/SMIME #efail Vulnerability; Adobe PDF Patches; https://traffic.libsyn.com/securitypodcast/5997.mp3 https://isc.sans.edu/podcastdetail/5997 Tue, 15 May 2018 01:10:01 GMT https://efail.de
Adobe PDF Reader / Acrobat Bulletins
https://helpx.adobe.com/security/products/acrobat/apsb18-09.html
]]> 6:31 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5995 Odd njRat Like Scans; Signal (Electron?) vulnerability; Electron Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd njRat Like Scans; Signal (Electron?) vulnerability; Electron Vulnerability https://traffic.libsyn.com/securitypodcast/5995.mp3 https://isc.sans.edu/podcastdetail/5995 Mon, 14 May 2018 00:10:01 GMT Reversed C2 traffic from China
Signal Vulnerability (Possibly in Electron, which affects Skype/Slack/others)
https://twitter.com/ortegaalfredo/status/995017143002509313
Electron Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/
Cryptocoin Miner Found in Ubuntu Snap Store
https://github.com/canonical-websites/snapcraft.io/issues/651
]]> 5:53 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5993 DNS Exfil in Windows; Fake Electrum Wallet; PoS Malware Source Code; Malicious Chrome Extensions Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DNS Exfil in Windows; Fake Electrum Wallet; PoS Malware Source Code; Malicious Chrome Extensions https://traffic.libsyn.com/securitypodcast/5993.mp3 https://isc.sans.edu/podcastdetail/5993 Fri, 11 May 2018 00:30:01 GMT https://isc.sans.edu/forums/diary/Exfiltrating+data+from+very+isolated+environments/23645/
Fake Electrun Wallet
https://github.com/spesmilo/electrum-docs/blob/master/decompiling_guide.md
Treasure Hunter PoS Malware Source Code Leaked
https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/
More Malicious Chrome Extensions Spreading via Facebook
https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/
]]> 5:14 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5991 Loyds Bank Phishing; Firefox Group Policy; OS Vendors Fix Intel Debug Flaw Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Loyds Bank Phishing; Firefox Group Policy; OS Vendors Fix Intel Debug Flaw https://traffic.libsyn.com/securitypodcast/5991.mp3 https://isc.sans.edu/podcastdetail/5991 Thu, 10 May 2018 01:40:04 GMT https://isc.sans.edu/forums/diary/Nice+Phishing+Sample+Delivering+Trickbot/23641/
Firefox Group Policy Engine
https://www.bleepingcomputer.com/news/software/group-policy-support-coming-to-firefox-60/
OS Vendors Fix Intel Debug Flaw
https://www.kb.cert.org/vuls/id/631579
Cryptocoin Miner in Excel
https://charles.dardaman.com/js_coinhive_in_excel
]]> 4:01 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5989 #MSFT Patch Tuesday; Office 365 Basestriker Vulnerability; wget cookie injection Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #MSFT Patch Tuesday; Office 365 Basestriker Vulnerability; wget cookie injection https://traffic.libsyn.com/securitypodcast/5989.mp3 https://isc.sans.edu/podcastdetail/5989 Wed, 09 May 2018 02:19:12 GMT Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2018+Patch+Tuesday/23637/
Basestriker Vulnerability Hitting Office 365
https://www.avanan.com/resources/basestriker-vulnerability-office-365
wget Cookie Injection Vulnerability
http://seclists.org/fulldisclosure/2018/May/20
]]> 6:21 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5987 Parsing Windows Job Files; SYN-ACK Dopplegangs; Drupal/Coinhive; Russia vs. Telegram Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Parsing Windows Job Files; SYN-ACK Dopplegangs; Drupal/Coinhive; Russia vs. Telegram https://traffic.libsyn.com/securitypodcast/5987.mp3 https://isc.sans.edu/podcastdetail/5987 Tue, 08 May 2018 01:40:02 GMT https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/
SYN-ACK Ransomware Uses Dobbleganging Technique
https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/
More Drupal Compromises
https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/
Russia vs. Telegram
https://twitter.com/instasegv/status/993521755192020992
https://www.bleepingcomputer.com/news/government/russia-blocks-50-vpns-and-proxy-services-providing-access-to-telegram/
]]> 4:51 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5985 NPM Security; Popular GDPR Shield; More Spectre Flaws; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NPM Security; Popular GDPR Shield; More Spectre Flaws; https://traffic.libsyn.com/securitypodcast/5985.mp3 https://isc.sans.edu/podcastdetail/5985 Mon, 07 May 2018 01:50:02 GMT https://blog.npmjs.org/post/173526807575/reported-malicious-module-getcookies
Popular GDPR Shield
http://gdpr-shield.io (currently down)
More Spectre Flaws
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
]]> 5:20 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5983 More WebLogic xploits; Ouch! GDPR ; GitHub/Twitter pw loggin; #sans_edu Disrupting PowerShell Empire Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More WebLogic xploits; Ouch! GDPR ; GitHub/Twitter pw loggin; #sans_edu Disrupting PowerShell Empire https://traffic.libsyn.com/securitypodcast/5983.mp3 https://isc.sans.edu/podcastdetail/5983 Fri, 04 May 2018 01:30:02 GMT https://isc.sans.edu/forums/diary/WebLogic+Exploited+in+the+Wild+Again/23617/
Ouch! GDPR Newsletter
https://www.sans.org/security-awareness-training/ouch-newsletter
GitHub / Twitter Password Storage Issues
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
https://www.zdnet.com/article/github-says-bug-exposed-account-passwords/
Facebook adds Homegraph Alert to Certificate Transparency log monitoring
https://www.facebook.com/notes/protect-the-graph/phishing-domain-detection/2037453483161459/
Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity
https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
]]> 14:48 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5981 GPS Jamming More Common; Windows Command Line Reference; LoJack "Phone Home"; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GPS Jamming More Common; Windows Command Line Reference; LoJack "Phone Home"; https://traffic.libsyn.com/securitypodcast/5981.mp3 https://isc.sans.edu/podcastdetail/5981 Thu, 03 May 2018 01:25:02 GMT https://www.avweb.com/avwebflash/news/GPS-Jamming-Major-Threat-to-Drone-230749-1.html
https://www.heise.de/newsticker/meldung/GPS-unter-Beschuss-Jamming-und-Spoofing-nehmen-zu-4038137.html
Windows Command Line References
https://isc.sans.edu/forums/diary/Windows+Commands+Reference+An+InfoSec+Must+Have/23613/
LoJack Laptop Anti-Theft Software "Phones Home" to Russia
https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
Google Maps Can Be Used as a URL Shortener
https://nakedsecurity.sophos.com/2018/05/01/google-maps-open-redirect-flaw-abused-by-spammers/
Retrieving DVR Credentials via "Admin Cookie"
https://github.com/ezelf/CVE-2018-9995_dvr_credentials
]]> 6:02 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5979 Creating #MalDocs ; Google/Amazon vs. Domain Fronting; Google Chrome CT Enforcement Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Creating #MalDocs ; Google/Amazon vs. Domain Fronting; Google Chrome CT Enforcement https://traffic.libsyn.com/securitypodcast/5979.mp3 https://isc.sans.edu/podcastdetail/5979 Wed, 02 May 2018 02:10:02 GMT https://isc.sans.edu/forums/diary/Diving+into+a+Simple+Maldoc+Generator/23609/
Google (and Amazon) Disable Domain Fronting
https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/
Google Chrome To Enforce Certificate Transparency
https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ
]]> 5:34 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5977 More Real Bad #WebLogic News; Facebook Messages Spread Malicious Chrome Extensions Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Real Bad #WebLogic News; Facebook Messages Spread Malicious Chrome Extensions https://traffic.libsyn.com/securitypodcast/5977.mp3 https://isc.sans.edu/podcastdetail/5977 Tue, 01 May 2018 02:05:02 GMT https://www.bleepingcomputer.com/news/security/hackers-scan-the-web-for-vulnerable-weblogic-servers-after-oracle-botches-patch/
Facex Worm Spreads Malicious Chrome Extensions via Facebook
https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targets-cryptocurrency-trading-platforms-abuses-facebook-messenger-for-propagation/
$15 DTV Transmitter as a SDR
https://hackernoon.com/osmo-fl2k-a-15-dtv-transmitter-fm-radio-hijack-and-gps-spoofing-device-68ac08ba7d76
]]> 5:40 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5975 Sample #Drupal Exploits; Triggering SMB Connections from PDFs; Win7/10 NTFS Crash DoS; Azucar Azure Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sample #Drupal Exploits; Triggering SMB Connections from PDFs; Win7/10 NTFS Crash DoS; Azucar Azure https://traffic.libsyn.com/securitypodcast/5975.mp3 https://isc.sans.edu/podcastdetail/5975 Mon, 30 Apr 2018 03:00:08 GMT https://isc.sans.edu/forums/diary/More+Threat+Hunting+with+User+Agent+and+Drupal+Exploits/23597/
Triggering SMB Connections to Steal NTLM Credentials via PDFs
https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/
NTFS Crash DoS Exploit Published for Windwos 10 and 7
https://github.com/mtivadar/windows10_ntfs_crash_dos
Apple HomeKit / Secure Element Problems
https://www.youtube.com/watch?v=1CNAMgctAp0
Azucar Assessing Azure Security
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/introducing-azucar/
]]> 6:33 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5973 New Drupal RCE Used In The Wild; HP iLO Ransomware; ZTE/Hypteroptic Default Password Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New Drupal RCE Used In The Wild; HP iLO Ransomware; ZTE/Hypteroptic Default Password https://traffic.libsyn.com/securitypodcast/5973.mp3 https://isc.sans.edu/podcastdetail/5973 Fri, 27 Apr 2018 02:35:02 GMT https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/
Total Meltdown Exploit Available
https://blog.xpnsec.com/total-meltdown-cve-2018-1038/
WD My Cloud EX2 Access Control Bypass
https://www.trustwave.com/Resources/SpiderLabs-Blog/WD-My-Cloud-EX2-Serves-Your-Files-to-Anyone/
Hyperoptic ZTE Home Router Hardcoded Account
https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers
]]> 7:12 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5971 New Drupal RCE Vuln; Bash IRC Bot; Insecure Hotel Locks; Alexa Allowed Malicous Apps to Evesdrop Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New Drupal RCE Vuln; Bash IRC Bot; Insecure Hotel Locks; Alexa Allowed Malicous Apps to Evesdrop https://traffic.libsyn.com/securitypodcast/5971.mp3 https://isc.sans.edu/podcastdetail/5971 Thu, 26 Apr 2018 03:05:01 GMT https://www.drupal.org/sa-core-2018-004
Malicious Network Traffic From /bin/bash
https://isc.sans.edu/forums/diary/Malicious+Network+Traffic+From+binbash/23591/
Insecure Hotel Locks
https://safeandsavvy.f-secure.com/2018/04/25/researchers-find-way-to-generate-master-keys-to-hotels/
Amazon Echo As Evesdropping Device (signin required)
https://info.checkmarx.com/wp-alexa
]]> 5:21 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5905 Don't Pay Ransomware; Microtik Malware; CNNVD Manipulated; Keeper S3 Blunder Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Don't Pay Ransomware; Microtik Malware; CNNVD Manipulated; Keeper S3 Blunder https://traffic.libsyn.com/securitypodcast/5905.mp3 https://isc.sans.edu/podcastdetail/5905 Mon, 12 Mar 2018 02:35:07 GMT https://cyber-edge.com/cdr/#about-this-report
Microtik Router Malware Infects Sysadmin PCs
https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf
CNNVD Held Back Vulnerabilities
https://www.recordedfuture.com/chinese-mss-vulnerability-influence/
Keeper Exposes S3 Bucket
http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/
https://keepersecurity.com/blog/2018/03/10/keepers-response-zdnets-article-regarding-s3-bucket-configuration-issue/
Chip and Pin Clones
https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
]]> 7:34 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5903 Apache #Solr Vulnerability and #XMRig; CIRMEB4NK #IRC Bot; #Cisco Patches; Any.Run Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apache #Solr Vulnerability and #XMRig; CIRMEB4NK #IRC Bot; #Cisco Patches; Any.Run https://traffic.libsyn.com/securitypodcast/5903.mp3 https://isc.sans.edu/podcastdetail/5903 Fri, 09 Mar 2018 03:40:08 GMT https://isc.sans.edu/forums/diary/Apache+SOLR+the+new+target+for+cryptominers/23425/
CRIMEB4NK IRC Bot
https://isc.sans.edu/forums/diary/CRIMEB4NK+IRC+Bot/23423/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
Any.Run Malware Analysis Tool
https://any.run
]]> 6:05 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5901 Ransomware Update; How To Break Encryption; Android Mail Apps Leak Passwords; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ransomware Update; How To Break Encryption; Android Mail Apps Leak Passwords; https://traffic.libsyn.com/securitypodcast/5901.mp3 https://isc.sans.edu/podcastdetail/5901 Thu, 08 Mar 2018 04:10:08 GMT https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/
How to Break Encryption
https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/
Bypassing Adobe Flash Security Protections
https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/
Hundreds of Bitcoin Mining Servers Stolen in Iceland
https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland
Several Android Mail Apps Send Password To Developer (article in German)
https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/
]]> 5:49 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5899 #Exim RCE Exploit for CVE-2018-6789; #MSFT Releases USB Fix; 123 Reg Loses Backups Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #Exim RCE Exploit for CVE-2018-6789; #MSFT Releases USB Fix; 123 Reg Loses Backups https://traffic.libsyn.com/securitypodcast/5899.mp3 https://isc.sans.edu/podcastdetail/5899 Wed, 07 Mar 2018 03:30:11 GMT https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
Microsoft Fixes USB Issues Introduced By February Patches
https://support.microsoft.com/en-us/help/4090913/march5-2018kb4090913osbuild16299-251
123 Reg Looses Backups
https://www.bleepingcomputer.com/news/business/123-reg-backup-snafu-causes-clients-to-lose-files-since-august-2017/
Android March Security Bulletin
https://source.android.com/security/bulletin/2018-03-01#media-framework
]]> 5:49 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5897 Multifacetted Bash Script; More/Larger Memcached DDOS; Spring Data REST Vuln Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Multifacetted Bash Script; More/Larger Memcached DDOS; Spring Data REST Vuln https://traffic.libsyn.com/securitypodcast/5897.mp3 https://isc.sans.edu/podcastdetail/5897 Tue, 06 Mar 2018 01:30:12 GMT https://isc.sans.edu/forums/diary/Malicious+Bash+Script+with+Multiple+Features/23411/
More Memcached DDoS Attacks
https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/
Spring Framework Vulnerability
https://lgtm.com/blog/spring_data_rest_CVE-2017-8046
LTE Vulnerabilities
http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE_NDSS18_paper.pdf

]]> 6:49 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5895 Protective Malicious Monero Miners; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Protective Malicious Monero Miners; https://traffic.libsyn.com/securitypodcast/5895.mp3 https://isc.sans.edu/podcastdetail/5895 Mon, 05 Mar 2018 02:55:06 GMT https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/
memcached DDoS Attacks Ask For Ransom
https://blogs.akamai.com/2018/03/memcached-now-with-extortion.html
Cheap Android Trojans Come PreInstalled With Banking Malware
https://news.drweb.com/show/?lng=en&i=11749&c=5
RedDrop Android Malware Installed via 3rd Party App Stores
https://www.wandera.com/blog/reddrop-malware/
]]> 5:30 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5893 Censoring Images At Scale in #WeChat; Trustico/Memcached Update; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Censoring Images At Scale in #WeChat; Trustico/Memcached Update; https://traffic.libsyn.com/securitypodcast/5893.mp3 https://isc.sans.edu/podcastdetail/5893 Fri, 02 Mar 2018 03:10:08 GMT https://isc.sans.edu/forums/diary/Why+Does+Emperor+Xi+Dislike+Winnie+the+Pooh+and+Scrambled+Eggs/23395/
Trustico Update: Certificate Revocation List Monitor
https://isc.sans.edu/crls.html
Memcached Update: Github Attack
https://githubengineering.com/ddos-incident-report/
http://powerofcommunity.net/poc2017/shengbao.pdf
Microsoft Releases Intel Spectre Microcode Updates
https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates
]]> 8:01 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5891 More Memcache; Trustico TLS Issues; Flash is Out But So is DNSSEC? Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Memcache; Trustico TLS Issues; Flash is Out But So is DNSSEC? https://traffic.libsyn.com/securitypodcast/5891.mp3 https://isc.sans.edu/podcastdetail/5891 Thu, 01 Mar 2018 03:40:07 GMT https://isc.sans.edu/forums/diary/How+did+this+Memcache+thing+happen/23391/
Trustico TLS Certificate Revocation
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wxX4Yv0E3Mk/QZt8UPhKAwAJ
Flash on Its Way Out
https://www.bleepingcomputer.com/news/security/google-chrome-flash-usage-declines-from-80-percent-in-2014-to-under-8-percent-today/
DNSSEC Is Getting Better But Still Struggeling
http://www.theregister.co.uk/2018/02/28/dutch_name_authority_dnssec_validation_errors_can_be_eliminated/
Smart TV Firmware Flaws
https://www.av-comparatives.org/wp-content/uploads/2018/02/avc_sigma_medion_201802.pdf
]]> 6:08 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5889 memcached reflective DDoS; Formbook Info Stealer News; Critical SAML Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. memcached reflective DDoS; Formbook Info Stealer News; Critical SAML Vulnerability https://traffic.libsyn.com/securitypodcast/5889.mp3 https://isc.sans.edu/podcastdetail/5889 Wed, 28 Feb 2018 03:30:10 GMT https://isc.sans.edu/forums/diary/Why+we+Dont+Deserve+the+Internet+Memcached+Reflected+DDoS+Attacks/23389/
Malspam Pushing Formbook Info Stealer
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/
Various SAML Parsers Affected by Comment Parsing Vulnerability
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
]]> 5:48 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5887 Cloud Tools: AWSBucketDump, Cloudmapper; Selling Mac and "Find my Mac"; iTunes Store Support end for Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cloud Tools: AWSBucketDump, Cloudmapper; Selling Mac and "Find my Mac"; iTunes Store Support end for https://traffic.libsyn.com/securitypodcast/5887.mp3 https://isc.sans.edu/podcastdetail/5887 Tue, 27 Feb 2018 02:40:03 GMT https://github.com/jordanpotti/AWSBucketDump
Creating AWS Network Diagrams
https://github.com/duo-labs/cloudmapper
Selling Macs and "Find my Mac" Feature
https://medium.com/@mulligan/how-i-sold-an-old-mac-and-unknowingly-tracked-its-location-for-over-3-years-9a35cd3ca4cf
Apple Stopping Support for 1st Gen Apple TV and iTunes on Windows XP / Vista
https://support.apple.com/en-us/HT208104
]]> 4:44 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5885 Taxslavyer vs. FTC: Fix Credential Stuffing Now; OMG Bot; Blackholing Advertising with Pi-Hole Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Taxslavyer vs. FTC: Fix Credential Stuffing Now; OMG Bot; Blackholing Advertising with Pi-Hole https://traffic.libsyn.com/securitypodcast/5885.mp3 https://isc.sans.edu/podcastdetail/5885 Mon, 26 Feb 2018 02:10:07 GMT https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor+on+Windows/23379/
Blackholing Advertising Sites with Pi-Hole
https://isc.sans.edu/forums/diary/Blackhole+Advertising+Sites+with+Pihole/23377/
Taxslayer Consent Degree with FTC
https://biglawbusiness.com/cybersecurity-enforcers-wake-up-to-unauthorized-computer-access-via-credential-stuffing/
Fortinet (OMG) Mirai
https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy-servers.html
]]> 5:33 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5853 Adobe Flash 0-Day; Adaptive Phishing Kit; Crypto Miners Replace Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Adobe Flash 0-Day; Adaptive Phishing Kit; Crypto Miners Replace Ransomware https://traffic.libsyn.com/securitypodcast/5853.mp3 https://isc.sans.edu/podcastdetail/5853 Fri, 02 Feb 2018 02:25:05 GMT https://isc.sans.edu/forums/diary/Adobe+Flash+0Day+Used+Against+South+Korean+Targets/23301/
Adaptive Phishing Kit
https://isc.sans.edu/forums/diary/Adaptive+Phishing+Kit/23299/
Crypto Miners "Payload of Choice"
http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html
Autosploit Links Shodan to Metasploit
https://github.com/NullArray/AutoSploit
]]> 5:31 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5851 Tax Phishing Season; Hunting Miners with IR; MICROS POS Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Tax Phishing Season; Hunting Miners with IR; MICROS POS Vulnerability https://traffic.libsyn.com/securitypodcast/5851.mp3 https://isc.sans.edu/podcastdetail/5851 Thu, 01 Feb 2018 04:05:05 GMT https://isc.sans.edu/forums/diary/Tax+Phishing+Time/23295/
Using FLIR In Incident Response
https://isc.sans.edu/forums/diary/Using+FLIR+in+Incident+Response/23291/
Oracle MICROS POS Vulnerability
https://erpscan.com/press-center/blog/oracle-micros-pos-breached/
]]> 6:50 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5849 DCShadow Attack; Cisco WebVPN Vulnerability Update; Bypassing DDE Protection via OneNote Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DCShadow Attack; Cisco WebVPN Vulnerability Update; Bypassing DDE Protection via OneNote https://traffic.libsyn.com/securitypodcast/5849.mp3 https://isc.sans.edu/podcastdetail/5849 Tue, 30 Jan 2018 22:45:06 GMT https://www.dropbox.com/s/baypdb6glmvp0j9/Buehat%20IL%20v2.3.pdf
https://blog.alsid.eu/dcshadow-explained-4510f52fc19d
Cisco WebVPN Update
https://isc.sans.edu/forums/diary/Cisco+ASA+WebVPN+Vulnerability/23289/
Reviving DDE Code Execution via OneNote
https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
]]> 6:56 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5847 Insecure Security: Lenovo Fingerprints; ClamAV; Malware Bytes; Cisco Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Insecure Security: Lenovo Fingerprints; ClamAV; Malware Bytes; Cisco https://traffic.libsyn.com/securitypodcast/5847.mp3 https://isc.sans.edu/podcastdetail/5847 Tue, 30 Jan 2018 02:50:06 GMT https://support.lenovo.com/us/en/product_security/len-15999
ClamAV Vulnerablities
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
https://blog.malwarebytes.com/malwarebytes-news/2018/01/important-web-blocking-ram-usage/
Malwarebytes Corrupted Update
https://www.malwarebytes.com/pdf/WebProtectionFP.pdf
Cisco Adaptive Security Appliance Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Web2Top Proxy onion.tor Appears to Steal Ransomware Payments
https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransomware-bitcoin-payments-onion-domains
]]> 6:11 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5845 Pentests and Maldocs; Invetigating BITS; YouTube Hit By CryptoJacking; Coincheck Hack; PHPBB Malicio Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Pentests and Maldocs; Invetigating BITS; YouTube Hit By CryptoJacking; Coincheck Hack; PHPBB Malicio https://traffic.libsyn.com/securitypodcast/5845.mp3 https://isc.sans.edu/podcastdetail/5845 Mon, 29 Jan 2018 02:35:05 GMT https://isc.sans.edu/forums/diary/Is+this+a+pentest/23283/
Analyzing BITS Activity
https://isc.sans.edu/forums/diary/Investigating+Microsoft+BITS+Activity/23281/
CryptoJacking on YouTube due to Malicious Ads
https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/
Coincheck Hack Nets 400M USD
https://coincheck.com/en/blog/4673
PHPBB Mirror Compromissed
https://www.phpbb.com/community/viewtopic.php?f=14&t=2456896
Microsoft Disables Sepctre Variant 2 Patches
https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
]]> 6:10 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5843 Ransomware As A Service; libcurl Vulnerability; Hide 'N Seek Botnet Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ransomware As A Service; libcurl Vulnerability; Hide 'N Seek Botnet https://traffic.libsyn.com/securitypodcast/5843.mp3 https://isc.sans.edu/podcastdetail/5843 Thu, 25 Jan 2018 23:25:06 GMT https://isc.sans.edu/forums/diary/Ransomware+as+a+Service/23277/
libcurl Vulnerability
http://seclists.org/oss-sec/2018/q1/94
Hide 'N Seek IoT Botnet
https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/
Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments
https://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245
]]> 17:42 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5841 RTF Files With Hancitor; Electron Dev Tool Creates Vulnerable Windows Apps; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RTF Files With Hancitor; Electron Dev Tool Creates Vulnerable Windows Apps; https://traffic.libsyn.com/securitypodcast/5841.mp3 https://isc.sans.edu/podcastdetail/5841 Thu, 25 Jan 2018 02:45:06 GMT https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/
Electron Fixes Protocol Handlers Flaw
https://electronjs.org/blog/protocol-handler-fix
Xerox Workcenters Fudge Numbers
http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning?
Tracking Users Using CSS
https://github.com/jbtronics/CrookedStyleSheets
]]> 5:36 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5839 Apple Patches; OpenSSL Patch Tuesday; Rapid Ransomware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Patches; OpenSSL Patch Tuesday; Rapid Ransomware https://traffic.libsyn.com/securitypodcast/5839.mp3 https://isc.sans.edu/podcastdetail/5839 Wed, 24 Jan 2018 03:05:05 GMT https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23269/
OpenSSL Introduces its Version of a "Patch Tuesday"
https://www.openssl.org/blog/blog/2018/01/18/f2f-london/
"Rapid" Ransomware
https://id-ransomware.blogspot.ru/2018/01/rapid-ransomware.html (Russian)
https://www.bleepingcomputer.com/forums/t/667032/rapid-ransomware-rapid-paymeme-how-recovery-filestxt-support-topic/page-2
]]> 5:30 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5837 HTTPs on Every Port? Curl over TOR; Spectre/Meltdown Microcode Update Woes; Quantum Cryptography Vid Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HTTPs on Every Port? Curl over TOR; Spectre/Meltdown Microcode Update Woes; Quantum Cryptography Vid https://traffic.libsyn.com/securitypodcast/5837.mp3 https://isc.sans.edu/podcastdetail/5837 Tue, 23 Jan 2018 02:40:05 GMT https://isc.sans.edu/forums/diary/HTTPS+on+every+port/23261/
Curl over TOR
https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor/23257/
Spectre/Meltdown Microcode Patch Problems
https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/
https://lkml.org/lkml/2018/1/21/192
DNS Rebinding Attacks Against Geth
https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
Chinese Quantum Cryptography Satellite Link Transmits Intercontinental Videolink
https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.120.030501
]]> 5:04 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5835 RTF Phish; Claymore Miner Attacks; Evrial Modifies Clipboard; Bug Bounty Legal Challenges Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RTF Phish; Claymore Miner Attacks; Evrial Modifies Clipboard; Bug Bounty Legal Challenges https://traffic.libsyn.com/securitypodcast/5835.mp3 https://isc.sans.edu/podcastdetail/5835 Mon, 22 Jan 2018 02:30:07 GMT https://isc.sans.edu/forums/diary/An+RTF+phish/23255/
Satori Variant Steals ETH from Miners
http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by-replacing-wallet-address-en/
Evrial Trojan Modifies Copy / Pasted Bitcoin Addresses
https://twitter.com/malwrhunterteam/status/953313514629853184
Legal Challenges of Bug Bounties
https://www.heise.de/security/meldung/US-Bug-Bountys-lassen-gute-Hacker-in-die-Falle-tappen-3946508.html
]]> 5:16 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5833 Oracle EBS Vulnerable via WebLogic; MSFT Resumes AMD Patches; Infusion Pump Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Oracle EBS Vulnerable via WebLogic; MSFT Resumes AMD Patches; Infusion Pump Vulnerabilities https://traffic.libsyn.com/securitypodcast/5833.mp3 https://isc.sans.edu/podcastdetail/5833 Fri, 19 Jan 2018 02:55:05 GMT https://www.onapsis.com/blog/oracle-january-cpu-analysis-64-patches-affect-business-critical-applications
Microsoft Resumes Patches for AMD Systems
https://www.amd.com/en/corporate/speculative-execution
Speculations About Yet Another CPU Attack
https://skyfallattack.com
Smiths Medfusion 4000 Vulnerabilities
https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md#summary
]]> 5:09 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5831 Fresh From the Spam Filter; Auditing Secure USB Keys; iMessage DoS; BIND fixes DoS Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fresh From the Spam Filter; Auditing Secure USB Keys; iMessage DoS; BIND fixes DoS Vulnerability https://traffic.libsyn.com/securitypodcast/5831.mp3 https://isc.sans.edu/podcastdetail/5831 Thu, 18 Jan 2018 02:30:06 GMT https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245/
Auditing Secure USB Keys
https://www.j-michel.org/blog/2018/01/16/attacking-secure-usb-keys-behind-the-scene
Malicious Open Graph title Tag Crashes iMessage
https://www.macrumors.com/2018/01/16/malicious-link-ios-mac-freezes/
BIND Fixes DoS Vulnerablity
https://kb.isc.org/article/AA-01542
]]> 5:13 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5817 WebLogic Flaw Used To Install Crypto Miner; Fake AV Is Back Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WebLogic Flaw Used To Install Crypto Miner; Fake AV Is Back https://traffic.libsyn.com/securitypodcast/5817.mp3 https://isc.sans.edu/podcastdetail/5817 Tue, 09 Jan 2018 00:10:05 GMT https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Fake Anti-Virus Pages Poppding Up Like Weeds
https://isc.sans.edu/forums/diary/Fake+antivirus+pages+popping+up+like+weeds/23207/
Apple Spectre/Meltdown Patches
https://support.apple.com/en-us/HT201222
Meltdown Patch Fallout
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43600/?l=en_US&fs=Search&pn=1&atype=
https://forums.sandboxie.com/phpBB3/viewtopic.php?t=25114
https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software
WPA3 Announced
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements
]]> 5:27 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5815 Weblogic Flaw Exploited by Cryptominer; More Spectre and Meltdown news; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Weblogic Flaw Exploited by Cryptominer; More Spectre and Meltdown news; https://traffic.libsyn.com/securitypodcast/5815.mp3 https://isc.sans.edu/podcastdetail/5815 Mon, 08 Jan 2018 00:45:04 GMT https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Misc News about Meltdown and Spectre
https://www.qualcomm.com/company/product-security/bulletins
AMD Processor Flaw
http://seclists.org/fulldisclosure/2018/Jan/12
Western Digital MyCloud Backdoor
http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125
]]> 5:14 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5813 SPECTRE and MELTDOWN Vulnerabilities (and MSFT emergency patch) Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SPECTRE and MELTDOWN Vulnerabilities (and MSFT emergency patch) https://traffic.libsyn.com/securitypodcast/5813.mp3 https://isc.sans.edu/podcastdetail/5813 Fri, 05 Jan 2018 00:30:07 GMT https://www.sans.org/webcast/recording/citrix/106815/138095
ISC Diary with Links to Patches
https://isc.sans.edu/forums/diary/Spectre+and+Meltdown+What+You+Need+to+Know+Right+Now/23193/
]]> 7:44 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5811 Upcoming Intel CPU Vulnerability Patch; Crypto Miner Pool IP Feed; #Peoplesoft #Weblogic Exploits; B Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Upcoming Intel CPU Vulnerability Patch; Crypto Miner Pool IP Feed; #Peoplesoft #Weblogic Exploits; B https://traffic.libsyn.com/securitypodcast/5811.mp3 https://isc.sans.edu/podcastdetail/5811 Thu, 04 Jan 2018 01:20:04 GMT https://meltdownattack.com
Crypto Coin Mining Pool IP List
https://isc.sans.edu/api/threatlist/miner
Phishing to Rural America Leads to Six-figure Wire Fraud Losses
https://isc.sans.edu/forums/diary/Phishing+to+Rural+America+Leads+to+Sixfigure+Wire+Fraud+Losses/23185/
]]> 7:33 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5809 Extracting URLs From PDFs; Local PE in macOS; 34C3 Videos; GPS Website Vulnerabilities Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Extracting URLs From PDFs; Local PE in macOS; 34C3 Videos; GPS Website Vulnerabilities https://traffic.libsyn.com/securitypodcast/5809.mp3 https://isc.sans.edu/podcastdetail/5809 Wed, 03 Jan 2018 01:55:04 GMT https://isc.sans.edu/forums/diary/PDF+documents+URLs+update/23167/
Priviledge Escalation Exploit for macOS
https://siguza.github.io/IOHIDeous/
34C3: Chaos Communications Congress
https://media.ccc.de/c/34c3
Vulnerabilities in Online Geolocation Services
https://0x0.li/trackmageddon/
]]> 6:46 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5807 Analyzing Obuscated #RTF and #TNEF files; Record Number of CVEs; Sonos/Bose Vuln; More Backdoored Wo Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing Obuscated #RTF and #TNEF files; Record Number of CVEs; Sonos/Bose Vuln; More Backdoored Wo https://traffic.libsyn.com/securitypodcast/5807.mp3 https://isc.sans.edu/podcastdetail/5807 Mon, 01 Jan 2018 23:55:04 GMT https://isc.sans.edu/forums/diary/Analyzing+TNEF+files/23175/
Obfuscated RTF Files
https://isc.sans.edu/forums/diary/Dealing+with+obfuscated+RTF+files/23169/
2017 Flood of CVEs
https://isc.sans.edu/forums/diary/2017+The+Flood+of+CVEs/23173/
Sonos/Bose Smart Speaker Flaws
https://documents.trendmicro.com/assets/pdf/The-Sound-of-a-Targeted-Attack.pdf
Web Trackers Exploit Login Managers
https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/
Backdoored Wordpress Plugins
https://www.bleepingcomputer.com/news/security/three-more-wordpress-plugins-found-hiding-a-backdoor/
]]> 7:21 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5805 Critical EMC SMB1 Flaw; EtherDelta DNS Hack; Engimail Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Critical EMC SMB1 Flaw; EtherDelta DNS Hack; Engimail Vulnerability https://traffic.libsyn.com/securitypodcast/5805.mp3 https://isc.sans.edu/podcastdetail/5805 Fri, 22 Dec 2017 03:15:05 GMT http://seclists.org/fulldisclosure/2017/Dec/79
Facebook Enables Feature To Review All E-Mails Sent By Facebook
https://www.facebook.com/notes/facebook-security/new-security-feature-reveals-if-facebook-mails-are-legit/10154983636230766/
EtherDelta DNS Attack
https://twitter.com/etherdelta
Enigmail Vulnerability
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
]]> 6:16 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5803 Kernel Hooking; Intel Memory Encryption / Linux Support for AMD's Encryption Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Kernel Hooking; Intel Memory Encryption / Linux Support for AMD's Encryption https://traffic.libsyn.com/securitypodcast/5803.mp3 https://isc.sans.edu/podcastdetail/5803 Thu, 21 Dec 2017 01:40:04 GMT https://isc.sans.edu/forums/diary/Guest+Diary+Etay+Nir+Kernel+Hooking+Basics/23155/
Intel Memory Encryption
https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=33e63acc119d15c2fac3e3775f32d1ce7a01021b

WordPress Sites Infected with Monero Miners
https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-attack/
]]> 4:51 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5801 Dangers of Mouseover; Update on Adups; Comparing DNS Filters Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dangers of Mouseover; Update on Adups; Comparing DNS Filters https://traffic.libsyn.com/securitypodcast/5801.mp3 https://isc.sans.edu/podcastdetail/5801 Wed, 20 Dec 2017 00:00:10 GMT https://isc.sans.edu/forums/diary/Example+of+MouseOver+Link+in+a+Powerpoint+File/23149/
Adups Malware Still Haunting Android Phones
https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/
Popular Wordpress Captcha Included Backdoor
https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/
Comparing DNS Filters
https://medium.com/@nykolas.z/dns-security-filters-compared-quad9-x-opendns-x-comodo-secure-x-norton-connectsafe-x-yandex-safe-a00ace3bf21f
]]> 5:29 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5799 Not So Malicious Word Doc; AMF Deserializer Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Not So Malicious Word Doc; AMF Deserializer Vulnerability https://traffic.libsyn.com/securitypodcast/5799.mp3 https://isc.sans.edu/podcastdetail/5799 Tue, 19 Dec 2017 02:20:03 GMT https://isc.sans.edu/forums/diary/Phish+or+scam+Part+1/23141/
https://isc.sans.edu/forums/diary/Phish+or+scam+Part+2/23145/
AMF Descerializer Vulnerability
http://codewhitesec.blogspot.com/2017/04/amf.html?m=1
Windows "Keeper" Password Manager Vulnerable
https://bugs.chromium.org/p/project-zero/issues/detail?id=1481&desc=3
Android Malware Destroys Device
https://securelist.com/jack-of-all-trades/83470/
]]> 5:16 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5797 VBA Macro Obfuscation; Large Scale BGP Attack; HSTS/key pinning weakness Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. VBA Macro Obfuscation; Large Scale BGP Attack; HSTS/key pinning weakness https://traffic.libsyn.com/securitypodcast/5797.mp3 https://isc.sans.edu/podcastdetail/5797 Mon, 18 Dec 2017 01:45:03 GMT https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/
Large Scale BGP Attack
https://bgpmon.net/popular-destinations-rerouted-to-russia/
HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome
http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
]]> 5:44 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5795 Citizen Lab Security Planner; Minor Apple Updates; Fortinet Shared Key Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Citizen Lab Security Planner; Minor Apple Updates; Fortinet Shared Key https://traffic.libsyn.com/securitypodcast/5795.mp3 https://isc.sans.edu/podcastdetail/5795 Fri, 15 Dec 2017 02:05:03 GMT https://securityplanner.org/
Apple Update to iOS/tvOS/iCloud (Windows)
https://support.apple.com/en-us/HT201222
Fortinet Client Credentials Shared Key
https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html
Fox-It Victim of a Man-in-the-Middle Attack
https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/
]]> 5:24 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5793 Tracking New Domains; PAN-OS RCE As root; Hiding Changes from git-diff Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Tracking New Domains; PAN-OS RCE As root; Hiding Changes from git-diff https://traffic.libsyn.com/securitypodcast/5793.mp3 https://isc.sans.edu/podcastdetail/5793 Thu, 14 Dec 2017 03:20:03 GMT https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/
Critical Palo Alto Firewall Flaws Allow RCE as root
http://seclists.org/fulldisclosure/2017/Dec/38
Hiding Changes from git-diff
https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/
Apple Airport Update
https://support.apple.com/en-us/HT208354
]]> 5:14 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5791 MSFT Patch Tuesday; Obtaining Misleading EV Certs; Robot TLS Attack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Tuesday; Obtaining Misleading EV Certs; Robot TLS Attack https://traffic.libsyn.com/securitypodcast/5791.mp3 https://isc.sans.edu/podcastdetail/5791 Wed, 13 Dec 2017 03:20:03 GMT https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/
EV Certificate Model Broken?
https://stripe.ian.sh
ROBOT Attack Against TLS
https://robotattack.org
]]> 6:31 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5789 Porn Spam Pushing Coin Miner; Recover Edited Windows Logs; Proxy Botnet News Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Porn Spam Pushing Coin Miner; Recover Edited Windows Logs; Proxy Botnet News https://traffic.libsyn.com/securitypodcast/5789.mp3 https://isc.sans.edu/podcastdetail/5789 Tue, 12 Dec 2017 01:30:03 GMT https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/
Microsoft Leaks Secret SSL Key For Dynamics 365
https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648
Proxy Botnet Used to Launch Variety of Web Application Attacks
https://news.drweb.com/show/?i=11627&lng=en
FoxIT Releases Utility to Recover Manipulated Windows Logs
https://github.com/fox-it/danderspritz-evtx
]]> 6:31 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5787 HP Keyboard Drivers Key Stroke Logger; Android App Signature Bypass Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HP Keyboard Drivers Key Stroke Logger; Android App Signature Bypass https://traffic.libsyn.com/securitypodcast/5787.mp3 https://isc.sans.edu/podcastdetail/5787 Mon, 11 Dec 2017 01:45:03 GMT https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/
HP Keyboard Drivers Can Log Keystrokes
https://support.hp.com/us-en/document/c05827409
https://zwclose.github.io/HP-keylogger/
Android App Signature Bypass
https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures
MSFT Patches Antimalware Engine
https://portal.msrc.microsoft.com/en-US/eula
]]> 6:13 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5785 Intel ME xploit demoed at BH Europe; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Intel ME xploit demoed at BH Europe; https://traffic.libsyn.com/securitypodcast/5785.mp3 https://isc.sans.edu/podcastdetail/5785 Fri, 08 Dec 2017 02:15:03 GMT https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf
Tracking Users Without GPS
http://ieeexplore.ieee.org/document/8038870/
Process Doppelgaenger Anti-Malware Bypass
https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
Friday Webcast About Recent OWASP Top 10 Update
https://www.sans.org/webcasts/owasp-top-10-2017-106560
]]> 7:07 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5783 Apple Updates Everything; Reverse DNS; Another Crytocoin Exchange Hacked Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates Everything; Reverse DNS; Another Crytocoin Exchange Hacked https://traffic.libsyn.com/securitypodcast/5783.mp3 https://isc.sans.edu/podcastdetail/5783 Wed, 06 Dec 2017 23:50:02 GMT https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23107/
Do Not Trust Reverse DNS. And here is an example why
https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/
NiceHash Hacked
https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/
]]> 6:08 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5781 AI.Type Data Exposed; Mailsploit From Spoofing Tool; StorageCrypt; Android Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AI.Type Data Exposed; Mailsploit From Spoofing Tool; StorageCrypt; Android Update https://traffic.libsyn.com/securitypodcast/5781.mp3 https://isc.sans.edu/podcastdetail/5781 Wed, 06 Dec 2017 03:40:03 GMT https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records
Mailsploit Makes it Easier to Spoof From Headers in E-Mails
https://www.mailsploit.com
StorageCrypt Ransomware Encrypts NAS Devices
https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/
Android December Update
https://source.android.com/security/bulletin/2017-12-01
]]> 5:03 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5779 SOC Automation and TheHive; SSL/TLS for Scapy; TouchID ssh login Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SOC Automation and TheHive; SSL/TLS for Scapy; TouchID ssh login https://traffic.libsyn.com/securitypodcast/5779.mp3 https://isc.sans.edu/podcastdetail/5779 Tue, 05 Dec 2017 03:10:02 GMT https://isc.sans.edu/forums/diary/IR+using+the+Hive+Project/23099/
SSL/TLS For Scapy
https://github.com/tintinweb/scapy-ssl_tls
tvOS 11.2 Released (but no details about security content yet)
https://support.apple.com/en-us/HT201222
System Vendors Ship Laptops With Intel ME Disabled
https://www.reddit.com/r/linuxhardware/comments/7grglm/how_to_buy_a_dell_laptop_with_the_intel_me/
http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan

Hacker Falsified Jail Records To Free Friend
https://www.justice.gov/usao-edmi/pr/ann-arbor-man-pleads-guilty-computer-intrusion-case
SeKey: Touch ID Control for ssh-agent
https://github.com/ntrippar/sekey
]]> 6:35 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5777 Banking Malware Uses Old Tricks To Avoid Detection; JotForm Phishing; iOS 11.2 Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Banking Malware Uses Old Tricks To Avoid Detection; JotForm Phishing; iOS 11.2 https://traffic.libsyn.com/securitypodcast/5777.mp3 https://isc.sans.edu/podcastdetail/5777 Mon, 04 Dec 2017 00:55:03 GMT https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/
Phishing Abuse of JotForm
https://isc.sans.edu/forums/diary/Phishing+Kit+AbUsing+Cloud+Services/23089/
Apple Releases iOS 11.2
https://support.apple.com/en-us/HT201222
(no details live yet)
Critical Patch For RSA Authentication Agent
http://seclists.org/fulldisclosure/2017/Nov/46
https://community.rsa.com/community/products/securid/authentication-agent-web-apache
Slurp S3 Bucket Enumerator
https://github.com/bbb31/slurp.git
]]> 5:40 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5775 What is Emotet Up To; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. What is Emotet Up To; https://traffic.libsyn.com/securitypodcast/5775.mp3 https://isc.sans.edu/podcastdetail/5775 Fri, 01 Dec 2017 03:50:03 GMT https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/
Google Chrome To Block Some Third Party Software Mid-2018
https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html
European Union Funds VLC Bug Bounty
https://joinup.ec.europa.eu/news/hackerone-vlc
STI Student Scott Perry: Virtual System Forensics
http://www.sans.org/reading-room/whitepapers/bestprac/exploring-effectiveness-approaches-discovering-acquiring-virtualized-servers-esxi-38155
]]> 14:35 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5773 Apple Fixes Root Login Flaw; Insecure Crypto Wallets; Persistent Cryptojacking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Fixes Root Login Flaw; Insecure Crypto Wallets; Persistent Cryptojacking https://traffic.libsyn.com/securitypodcast/5773.mp3 https://isc.sans.edu/podcastdetail/5773 Thu, 30 Nov 2017 01:05:02 GMT https://support.apple.com/en-us/HT208315
Insecure Android Crypto Currency Wallets
https://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html
Coinhive Miner Now As Pop-Under
https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/
Fileless Malicious PowerShell Sample
https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/
.dev TLD Now Requires HTTPS in Chrome
http://www.theregister.co.uk/2017/11/29/google_dev_network/
]]> 5:22 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5771 High Sierra Passwordless Root Account; Defeating Facial Recognition Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. High Sierra Passwordless Root Account; Defeating Facial Recognition https://traffic.libsyn.com/securitypodcast/5771.mp3 https://isc.sans.edu/podcastdetail/5771 Wed, 29 Nov 2017 01:20:02 GMT https://twitter.com/lemiorhan/status/935578694541770752
https://support.apple.com/en-us/HT204012
Defeating Facial Recognition
https://arxiv.org/abs/1711.09001
Bitcoin Gold Wallet App Compromise
https://bitcoingold.org/critical-warning-nov-26/
Project Exodus Identified Trackers in Android Apps
https://reports.exodus-privacy.eu.org/reports/apps/
]]> 6:21 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5769 Golden SAML Ticket; Facebook Poll Image Leak; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Golden SAML Ticket; Facebook Poll Image Leak; https://traffic.libsyn.com/securitypodcast/5769.mp3 https://isc.sans.edu/podcastdetail/5769 Tue, 28 Nov 2017 02:10:02 GMT https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/
Facebook Poll Image Vulnerability
https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html
]]> 6:34 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5767 Critical #Exim Vuln; CoinPouch Loses Verge Coins; Bitcoin Routing Attacks; #ETH #BTC #CoinPouch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Critical #Exim Vuln; CoinPouch Loses Verge Coins; Bitcoin Routing Attacks; #ETH #BTC #CoinPouch https://traffic.libsyn.com/securitypodcast/5767.mp3 https://isc.sans.edu/podcastdetail/5767 Mon, 27 Nov 2017 02:30:03 GMT https://bugs.exim.org/show_bug.cgi?id=2199
CoinPouch "Verge" Token Loss
http://www.documentcloud.org/documents/4309909-StatementonVerge-11-21-17.html
Bitcoin Routing Attacks
https://btc-hijack.ethz.ch
Scanning Ethereum Smart Contracts For Vulnerabilities
https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df
Fortiweb Manager Vulnerability
https://fortiguard.com/psirt/FG-IR-17-248
]]> 5:52 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5765 Ethereum JSON-RPC Scans; Updated OWASP Top 10 Released; TPLink Firmware Fail Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ethereum JSON-RPC Scans; Updated OWASP Top 10 Released; TPLink Firmware Fail https://traffic.libsyn.com/securitypodcast/5765.mp3 https://isc.sans.edu/podcastdetail/5765 Wed, 22 Nov 2017 00:50:01 GMT https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/
Updated OWASP Top 10 Released
https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
TPLink Often Provides Outdated Firmware Version For Download
https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads
]]> 6:49 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5763 Intel ME Update; Fuzzing x86 CPUs; Android MediaProjection API Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Intel ME Update; Fuzzing x86 CPUs; Android MediaProjection API Vulnerability https://traffic.libsyn.com/securitypodcast/5763.mp3 https://isc.sans.edu/podcastdetail/5763 Tue, 21 Nov 2017 03:37:03 GMT https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Sandsifter CPU Fuzzer
https://github.com/xoreaxeaxeax/sandsifter/
Android MediaProjection API Allows For Screen Capture / Audio Recording Without User Consent
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-MediaProjection-tapjacking-advisory-2017-11-13.pdf
BusyBox Autocompletion Vulnerability
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
]]> 5:42 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5762 Scanning For BTC Wallets; Fake Resume Banking Malware; BigIp TLS Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Scanning For BTC Wallets; Fake Resume Banking Malware; BigIp TLS Vulnerability https://traffic.libsyn.com/securitypodcast/5762.mp3 https://isc.sans.edu/podcastdetail/5762 Mon, 20 Nov 2017 03:00:06 GMT https://isc.sans.edu/forums/diary/BTC+Pickpockets/23052/
Resume-themed Malspam Pushing Smoker Loader
https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/
F5-BigIP TLS Vulnerability
https://support.f5.com/csp/article/K21905460
Microsoft Updates Patches / May Have Lost Sourcecode
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
http://borncity.com/win/2017/11/17/microsoft-confirms-epson-dot-matrix-printer-issue-after-november-2017-patchday-here-are-fixes/
Windows 8 And Later Fail To Apply ASLR Correctly
https://www.kb.cert.org/vuls/id/817544
StartCom TLS Certificate Authority Shutting Down
http://www.zdnet.com/article/startcom-to-shut-down-all-certificates-revoked-in-2020/
]]> 7:08 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5760 Oracle Critical PeopleSoft Patch; Exposing IPs for Hidden Services Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Oracle Critical PeopleSoft Patch; Exposing IPs for Hidden Services https://traffic.libsyn.com/securitypodcast/5760.mp3 https://isc.sans.edu/podcastdetail/5760 Fri, 17 Nov 2017 02:15:05 GMT https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/
Oracle Critical PeopleSoft Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW
GitHub Introducing Security Alerts for Dependencies
https://github.com/blog/2470-introducing-security-alerts-on-github
Exposing IP Addresses For Hidden Services
http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001
]]> 6:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5758 Malicious Document Turns Off Word Protections; Google Play Store "flooded" with Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious Document Turns Off Word Protections; Google Play Store "flooded" with Malware https://traffic.libsyn.com/securitypodcast/5758.mp3 https://isc.sans.edu/podcastdetail/5758 Thu, 16 Nov 2017 02:00:13 GMT https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/
Blueborne Affects Amazon Echo and Google Home Devices (now patched)
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
More Malicious Apps In Google's Play Store
https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/
OnePlus Phones Found With Preinstalled Debug App
https://twitter.com/fs0c131y
https://twitter.com/__Tux/status/754085708843786240
]]> 6:13 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5756 MSFT and Adobe Updates; AV Quarantine Priv. Escalation; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT and Adobe Updates; AV Quarantine Priv. Escalation; https://traffic.libsyn.com/securitypodcast/5756.mp3 https://isc.sans.edu/podcastdetail/5756 Wed, 15 Nov 2017 03:35:03 GMT https://helpx.adobe.com/security.html
Adobe Patches
https://helpx.adobe.com/security.html
Abusing Anti-Virus Quarantine Folders for Priv. Escalation
https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
]]> 5:45 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5754 FaceID Beaten By Mask; Using Heart Movement as Biometric ID; URL Validation Libraries allow SSRF Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. FaceID Beaten By Mask; Using Heart Movement as Biometric ID; URL Validation Libraries allow SSRF https://traffic.libsyn.com/securitypodcast/5754.mp3 https://isc.sans.edu/podcastdetail/5754 Tue, 14 Nov 2017 04:00:15 GMT http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure
Various URL Validation and HTTP Request Libraries Allow SSRF
https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
Using Heart Rythm As Biometric ID
http://www.buffalo.edu/news/releases/2017/09/034.html
]]> 7:55 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5752 Auditing TLS Root Certs; How Google Accounts Are Hijacked; Battling E-Mail Phishing; Hacking Airplan Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Auditing TLS Root Certs; How Google Accounts Are Hijacked; Battling E-Mail Phishing; Hacking Airplan https://traffic.libsyn.com/securitypodcast/5752.mp3 https://isc.sans.edu/podcastdetail/5752 Mon, 13 Nov 2017 01:20:02 GMT https://isc.sans.edu/forums/diary/Keep+An+Eye+on+your+Root+Certificates/23030/
How Google Accounts Are Hijacked
https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html
Battling E-Mail Phishing
https://isc.sans.edu/forums/diary/Battling+email+phishing/23028/
Hacking Airplanes
http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/
]]> 6:41 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5750 Twilio Credentials Found in Mobile Apps; Drive By Crypto Currency; Intel ME Decode via USB Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Twilio Credentials Found in Mobile Apps; Drive By Crypto Currency; Intel ME Decode via USB https://traffic.libsyn.com/securitypodcast/5750.mp3 https://isc.sans.edu/podcastdetail/5750 Fri, 10 Nov 2017 02:10:02 GMT http://info.appthority.com/-q4-2017-mtr-download-eavesdropper
Drive By Cryto Currency Mining Keeps Increasing
https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf

Intel's Management Engine Firmware Decoded
https://twitter.com/h0t_max
https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/
]]> 7:09 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5748 Gaming Keyboard Exfiltrates Data; Logitech Will Brick Harmony Link; Amazon Introduces Addtl Security Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Gaming Keyboard Exfiltrates Data; Logitech Will Brick Harmony Link; Amazon Introduces Addtl Security https://traffic.libsyn.com/securitypodcast/5748.mp3 https://isc.sans.edu/podcastdetail/5748 Thu, 09 Nov 2017 00:50:03 GMT https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html
Logitech Will Discontinue Harmony Link Device and Brick it via Firmware Update in March 2018
https://www.theverge.com/circuitbreaker/2017/11/8/16623076/logitech-harmony-link-discontinued-bricked
Amazon Is Introducing Additional Security Features for S3
https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/
]]> 6:26 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5746 Interesting RTF Maldoc; Multiple Linux USB Flaws; Android Updates; Ethereum Bug Locks $280 Million Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Interesting RTF Maldoc; Multiple Linux USB Flaws; Android Updates; Ethereum Bug Locks $280 Million https://traffic.libsyn.com/securitypodcast/5746.mp3 https://isc.sans.edu/podcastdetail/5746 Wed, 08 Nov 2017 01:21:55 GMT https://isc.sans.edu/forums/diary/Interesting+VBA+Dropper/23016/
Multiple Linux USB Flaws Made Public
http://www.openwall.com/lists/oss-security/2017/11/06/8
Google Android November Patches
https://source.android.com/security/bulletin/2017-11-01#media-framework
Ethereum Multi Signature Wallet Bug Cause Loss of $280 Million
https://paritytech.io/blog/security-alert.html
https://github.com/paritytech/parity/issues/6995
]]> 6:31 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5744 Fake WhatsApp App in Google Play Store; Crunchyroll redirect; Recovering iOS Backups Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake WhatsApp App in Google Play Store; Crunchyroll redirect; Recovering iOS Backups https://traffic.libsyn.com/securitypodcast/5744.mp3 https://isc.sans.edu/podcastdetail/5744 Tue, 07 Nov 2017 02:10:02 GMT https://www.reddit.com/r/Android/comments/7ahujw/psa_two_different_developers_under_the_same_name/
Crunchyroll.com Redirect Leads to Malware
https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155
https://bartblaze.blogspot.com.au/2017/11/crunchyroll-hack-delivers-malware.html
Recovering Previously Encrypted iOS Backups
https://www.gillware.com/forensics/blog/digital-forensics-case-study/new-solution-encrypted-backups/
]]> 6:17 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5742 PDF Parser; Pwn20wn; OpenSSL Patch; IEEE P1735 Encryption Standard Broken Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PDF Parser; Pwn20wn; OpenSSL Patch; IEEE P1735 Encryption Standard Broken https://traffic.libsyn.com/securitypodcast/5742.mp3 https://isc.sans.edu/podcastdetail/5742 Mon, 06 Nov 2017 01:35:02 GMT https://isc.sans.edu/forums/diary/Extracting+the+text+from+PDF+documents/23008/ https://isc.sans.edu/forums/diary/PDF+documents+URLs/23006/

Mobile Pwn2Own Contest 2017
https://www.zerodayinitiative.com/blog
OpenSSL Patch
https://www.openssl.org/news/secadv/20171102.txt
IEEE P1735 Standard Leads to Weak Crypto
https://eprint.iacr.org/2017/828.pdf
]]> 5:15 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5740 Leaked Code-Signing Keys; Popular iOS Apps Do Not Use TLS Correctly; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Leaked Code-Signing Keys; Popular iOS Apps Do Not Use TLS Correctly; https://traffic.libsyn.com/securitypodcast/5740.mp3 https://isc.sans.edu/podcastdetail/5740 Thu, 02 Nov 2017 21:15:04 GMT http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf
Half of Most Popular Free iOS Apps do not use TLS correctly
http://www.zeit.de/digital/datenschutz/2017-10/iphone-ios-apps-hacker-verschluesselung/komplettansicht#comments
Image Downloader Chrome Extension Includes Adware
https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/
Employees Pay Up Ransomware
https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/
]]> 7:13 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5738 Proper SSH Configuration on Cisco IOS; Ethereum Miner Hijacks; Copy/Past Bitcoin Wallet Theft; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Proper SSH Configuration on Cisco IOS; Ethereum Miner Hijacks; Copy/Past Bitcoin Wallet Theft; https://traffic.libsyn.com/securitypodcast/5738.mp3 https://isc.sans.edu/podcastdetail/5738 Wed, 01 Nov 2017 22:10:03 GMT https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/
Ethereum Miners Hijacked via Default SSH Credentials
https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/
Crypto Shuffler Steals Bitcoin From Clipboard
https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/
Google Calender Event Injection Added To Mail Snipper
https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/
November Ouch! Newsletter released: Shopping Security Online
https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017
]]> 5:37 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5736 Malicious Powershell Code; Apple Updates Everything Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious Powershell Code; Apple Updates Everything https://traffic.libsyn.com/securitypodcast/5736.mp3 https://isc.sans.edu/podcastdetail/5736 Tue, 31 Oct 2017 21:15:04 GMT https://isc.sans.edu/forums/diary/Some+Powershell+Malicious+Code/22988/
Apple Updates Everything
https://support.apple.com/en-gb/HT201222
Internet Draft To Update IoT Devices
https://tools.ietf.org/html/draft-moran-suit-architecture-00
]]> 5:21 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5734 Google Moving Away From Key Pinning; New Dutch Law May Affect CAs; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Google Moving Away From Key Pinning; New Dutch Law May Affect CAs; https://traffic.libsyn.com/securitypodcast/5734.mp3 https://isc.sans.edu/podcastdetail/5734 Mon, 30 Oct 2017 22:40:03 GMT https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ
Effort To Remove Trust From Dutch CA Over New Intercept Law
https://bugzilla.mozilla.org/show_bug.cgi?id=1408647
Crypto Coin Mining Feature Found in Google App Store Downloads
http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
]]> 6:08 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5732 Critical New #Oracle IM Patch; "CatchAll" Chrome Plugin; ACE Malware; FEMA Fraud Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Critical New #Oracle IM Patch; "CatchAll" Chrome Plugin; ACE Malware; FEMA Fraud https://traffic.libsyn.com/securitypodcast/5732.mp3 https://isc.sans.edu/podcastdetail/5732 Sun, 29 Oct 2017 19:06:05 GMT http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html
CatchAll Google Chrome Plugins
https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/
ACE Files Used For Malware
https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/

]]> 5:06 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5730 Kaspersky Publishes Investigation Results; Inineon Bug Test; Micropath DDE; Finding Miners Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Kaspersky Publishes Investigation Results; Inineon Bug Test; Micropath DDE; Finding Miners https://traffic.libsyn.com/securitypodcast/5730.mp3 https://isc.sans.edu/podcastdetail/5730 Thu, 26 Oct 2017 20:10:02 GMT https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/
Infineon Bug Testing Tool
https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py
https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc
Micropatch Available for "DDE Vulnerability"
https://0patch.blogspot.com/2017/10/0patching-office-dde-ddeauto.html
Finding Cryptocurrency Miners
https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157
]]> 5:58 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5728 Coinhive Domain Compromise; Dell Loses Control of Domain; "Uncaptcha" breaks Recaptcha Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Coinhive Domain Compromise; Dell Loses Control of Domain; "Uncaptcha" breaks Recaptcha https://traffic.libsyn.com/securitypodcast/5728.mp3 https://isc.sans.edu/podcastdetail/5728 Wed, 25 Oct 2017 21:00:24 GMT https://coinhive.com/blog/dns-breach
Dell Loses Control of Backup and Recovery Cloud Storage Domain
https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267
Google ReCaptcha Broken
https://github.com/ecthros/uncaptcha
Users in Iran Targeted by Cryptoransomware Masquerading as VPN
https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/
Crypto Currency Phishing
https://www.dearbytes.com/blog/cryptocurrency-phishing/
]]> 6:25 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5726 Don't trust Extensions; Petya Variant #BadRabbit; More TLS Traffic; Static PRNG Seeds Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Don't trust Extensions; Petya Variant #BadRabbit; More TLS Traffic; Static PRNG Seeds https://traffic.libsyn.com/securitypodcast/5726.mp3 https://isc.sans.edu/podcastdetail/5726 Tue, 24 Oct 2017 19:40:02 GMT https://isc.sans.edu/forums/diary/Stop+relying+on+file+extensions/22962/
BadRabbit New Ransomware Wave Hitting Russia and Ukraine
https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/
https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/
Over 70% Of Web Traffic Now via TLS
https://transparencyreport.google.com/https/overview?hl=en
Static RNG Seeds in Fortinet Devices
https://duhkattack.com
]]> 5:04 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5724 SOCKS Proxies; DNS over TLS Coming to Android; Fake Crypt Currency Trading App Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SOCKS Proxies; DNS over TLS Coming to Android; Fake Crypt Currency Trading App https://traffic.libsyn.com/securitypodcast/5724.mp3 https://isc.sans.edu/podcastdetail/5724 Mon, 23 Oct 2017 21:27:11 GMT https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/
Android May Be Adding DNS Over TLS
https://www.xda-developers.com
https://tools.ietf.org/html/rfc7858
Fake Crypto Currency Trading Applications
https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
]]> 6:03 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5722 IoT "Reaper" Botnet; Mac Malware in Media Player; Expanded Google App Bug Bounty Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. IoT "Reaper" Botnet; Mac Malware in Media Player; Expanded Google App Bug Bounty https://traffic.libsyn.com/securitypodcast/5722.mp3 https://isc.sans.edu/podcastdetail/5722 Sun, 22 Oct 2017 16:15:04 GMT http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/
https://research.checkpoint.com/new-iot-botnet-storm-coming/
Elmedia Player and Folx Infected with Proton Malware
https://www.eltima.com/blog/2017/10/elmedia-player-and-folx-malware-threat-neutralized.html
Google Expands Bug Bounty To Popular Android Apps
https://www.google.com/about/appsecurity/play-rewards/index.html
Increased Use of Last Week's Flash Vulnerability
https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
]]> 5:38 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5720 Loky Ransomware Updates; Authedmine vs. Coinhive; SSH Key Scans; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Loky Ransomware Updates; Authedmine vs. Coinhive; SSH Key Scans; https://traffic.libsyn.com/securitypodcast/5720.mp3 https://isc.sans.edu/podcastdetail/5720 Fri, 20 Oct 2017 00:40:03 GMT https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/
https://isc.sans.edu/forums/diary/HSBCthemed+malspam+uses+ISO+attachments+to+push+Loki+Bot+malware/22942/
Authedmine To Replace Coinhive
https://coinhive.com/blog/authedmine
Attackers Scan for SSH Keys via Webexploits
https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/
Attacking Colocated Virtual Machines with Rowhammer
https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/
]]> 5:52 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5718 Baselining Servers; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Baselining Servers; https://traffic.libsyn.com/securitypodcast/5718.mp3 https://isc.sans.edu/podcastdetail/5718 Thu, 19 Oct 2017 07:20:03 GMT https://isc.sans.edu/forums/diary/Baselining+Servers+to+Detect+Outliers/22940/
Test Script Available for KRACK Vulnerability
https://github.com/vanhoefm/krackattacks-test-ap-ft
WaterMiner Distributed With Gaming Mods
https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner
Microsoft Releases Fall Creators Update
https://blogs.windows.com/windowsexperience/2017/10/17/whats-new-windows-10-fall-creators-update/#76CQXoUYxT81RLJi.97
]]> 5:13 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5716 Hancitor Uses DDE Attack; Ifinieon RSA Weakness; Chrome Improvements Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hancitor Uses DDE Attack; Ifinieon RSA Weakness; Chrome Improvements https://traffic.libsyn.com/securitypodcast/5716.mp3 https://isc.sans.edu/podcastdetail/5716 Wed, 18 Oct 2017 04:05:02 GMT https://isc.sans.edu/forums/diary/Hancitor+malspam+uses+DDE+attack/22936/
Infineon RSA Key Generation Weakness
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
Chrome Improving Security
https://www.blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/
]]> 5:20 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5714 WPA2 "Krack" Attack; Adobe Flash Update; Identical Binaries but Different Hash Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WPA2 "Krack" Attack; Adobe Flash Update; Identical Binaries but Different Hash https://traffic.libsyn.com/securitypodcast/5714.mp3 https://isc.sans.edu/podcastdetail/5714 Mon, 16 Oct 2017 22:40:03 GMT https://www.krackattacks.com/
https://securingthehuman.sans.org/blog/2017/10/16/28748/
Adobe Flash Player Update
https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
Two (identical) uTorrent Binaries With Different Hashes
https://isc.sans.edu/forums/diary/Its+in+the+signature/22928/ ]]> 8:40 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5712 .MSG Files; Danger of Abandoned Domains; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. .MSG Files; Danger of Abandoned Domains; https://traffic.libsyn.com/securitypodcast/5712.mp3 https://isc.sans.edu/podcastdetail/5712 Sun, 15 Oct 2017 22:58:38 GMT https://isc.sans.edu/forums/diary/Peeking+into+msg+files/22926/
Abandoned Domains / Equifax/Transunion Lead to Fake Falsh Update
https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/
Microsoft Patch Causes Corrupted Systems
https://support.microsoft.com/en-us/help/4049094
DoubleLocker Android Ransomware
https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/
Chrome Extension Mines Crypto Currency
https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/
]]> 5:29 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5710 Configuration Version Control; Using HDD as Microphone; More JS Crypto Currency Miners Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Configuration Version Control; Using HDD as Microphone; More JS Crypto Currency Miners https://traffic.libsyn.com/securitypodcast/5710.mp3 https://isc.sans.edu/podcastdetail/5710 Thu, 12 Oct 2017 22:30:05 GMT https://isc.sans.edu/forums/diary/Version+control+tools+arent+only+for+Developers/22922/
Coin Hive Javascript Crypto Currency Miner Found on Piratebay
https://twitter.com/esterling_/status/918240914623090695
https://crypto-loot.com
Macro-less Code Exec in MSWord Rediscovered
https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/
Hard Disks Can Be Used As Microphones
https://github.com/ortegaalfredo/kscope/blob/master/doc/HDD-microphones.pdf
]]> 5:54 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5708 Outlook S/MIME Flaw; #RubyGems Vuln; #Google Home Mini Recording Flaw; #Camaradar Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Outlook S/MIME Flaw; #RubyGems Vuln; #Google Home Mini Recording Flaw; #Camaradar https://traffic.libsyn.com/securitypodcast/5708.mp3 https://isc.sans.edu/podcastdetail/5708 Wed, 11 Oct 2017 22:40:02 GMT https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html
RubyGems Remote Code Execution Vulnerability
http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
Google Home Mini Recorded Everything
http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/
Cameradar Finds Open RTSP Streams
https://github.com/EtixLabs/cameradar
]]> 6:36 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5706 #MSFT Monthly Updates Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #MSFT Monthly Updates https://traffic.libsyn.com/securitypodcast/5706.mp3 https://isc.sans.edu/podcastdetail/5706 Wed, 11 Oct 2017 00:30:06 GMT https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/
Spoofed iOS iCloud Login
https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking
]]> 5:53 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5704 Base64 Encoded Word Documents Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Base64 Encoded Word Documents https://traffic.libsyn.com/securitypodcast/5704.mp3 https://isc.sans.edu/podcastdetail/5704 Mon, 09 Oct 2017 23:15:05 GMT https://isc.sans.edu/forums/diary/Base64+All+The+Things/22912/
Skimmer Scanner Helps Find Credit Card Skimmers
https://github.com/sparkfunX/Skimmer_Scanner
TLS 1.3 Remains "On Hold"
https://www.ietf.org/mail-archive/web/tls/current/msg24517.html
FIDO U2F Key Review / Test
https://www.imperialviolet.org/2017/10/08/securitykeytest.html
]]> 6:33 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5702 Payment Handler API; OpenSSH Version 7.6 Released; Microsoft Unanounced Patches; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Payment Handler API; OpenSSH Version 7.6 Released; Microsoft Unanounced Patches; https://traffic.libsyn.com/securitypodcast/5702.mp3 https://isc.sans.edu/podcastdetail/5702 Sun, 08 Oct 2017 13:39:15 GMT https://w3c.github.io/payment-handler/
https://blog.lukaszolejnik.com/privacy-of-web-request-api/
OpenSSH Version 7.6 Released
http://www.openssh.com/txt/release-7.6
Microsoft Delaying Some Patches for Earlier Windows Versions
https://googleprojectzero.blogspot.sg/2017/10/using-binary-diffing-to-discover.html
The Dangers of Cables
https://isc.sans.edu/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/
]]> 8:11 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5700 New Tool: pcap2curl; MacOS High Sierra Patch; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New Tool: pcap2curl; MacOS High Sierra Patch; https://traffic.libsyn.com/securitypodcast/5700.mp3 https://isc.sans.edu/podcastdetail/5700 Fri, 06 Oct 2017 01:45:06 GMT https://isc.sans.edu/forums/diary/pcap2curl+Turning+a+pcap+file+into+a+set+of+cURL+commands+for+replay/22900/
Apple Patches Embarrasing MacOS High Sierra Flaw
https://www.appleworld.today/blog/2017/10/5/macos-high-sierra-flaw-exposes-passwords-of-encrypted-apfs-volumes
Another Tomcat PUT Vulnerability
https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E
Dallas Haselhorst: HL7 Healthcare Protocol
https://www.sans.org/reading-room/whitepapers/hipaa/hl7-data-interfaces-medical-environments-understanding-fundamental-flaw-healthcare-38005
https://www.sans.org/reading-room/whitepapers/vpns/hl7-data-interfaces-medical-environments-attacking-defending-achilles-heel-healthcare-38010
https://www.tripwire.com/state-of-security/security-data-protection/hl7-data-interfaces-in-medical-environments/
]]> 15:40 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5698 #CSAM; Improved Rowhammer Attacks; VMWare Escape Metasploit Modules Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #CSAM; Improved Rowhammer Attacks; VMWare Escape Metasploit Modules https://traffic.libsyn.com/securitypodcast/5698.mp3 https://isc.sans.edu/podcastdetail/5698 Wed, 04 Oct 2017 23:31:48 GMT https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201710_en.pdf
Modified Rowhammer Attack Bypasses Current Defenses
https://arxiv.org/pdf/1710.00551.pdf
Metasploit Modules For VMWare Escape
https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor
]]> 5:39 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5696 Fedex Malspam Pushes Formbook; Fake and Vulnerable Wordpress Plugins Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fedex Malspam Pushes Formbook; Fake and Vulnerable Wordpress Plugins https://traffic.libsyn.com/securitypodcast/5696.mp3 https://isc.sans.edu/podcastdetail/5696 Wed, 04 Oct 2017 00:00:16 GMT https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/22888/
Wordpress Plugins Heavily Abused For Site Defacements
https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/
Fake WordPress Security Plugin Being Advertised
https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html
Proof Of Concept Information Disclosure for Internet Explorer
https://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/
Nzyme Wifi Frame Recording and Forensics
https://wtf.horse/2017/10/02/introducing-nzyme-wifi-802-11-frame-recording-and-forensics/
Cyber Security Interviews
https://twitter.com/CSI_Podcast/status/915026734801489921
]]> 6:01 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5694 Passive DNS; Bypassing Domain Authentication; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Passive DNS; Bypassing Domain Authentication; https://traffic.libsyn.com/securitypodcast/5694.mp3 https://isc.sans.edu/podcastdetail/5694 Tue, 03 Oct 2017 01:30:04 GMT Investigating Security Incidents with Passive DNS
Bypassing Domain Authentication
https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c
DNSMasq Vulnerabilities
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
]]> 5:52 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5692 More Javascript Monero Miners; OS X Patches JS Quarantine Bypass; Mac EFI Patch Status Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Javascript Monero Miners; OS X Patches JS Quarantine Bypass; Mac EFI Patch Status https://traffic.libsyn.com/securitypodcast/5692.mp3 https://isc.sans.edu/podcastdetail/5692 Mon, 02 Oct 2017 00:17:39 GMT https://isc.sans.edu/forums/diary/Whos+Borrowing+your+Resources/22882/
OS X Silently Patches Javascript Quarantine Bypass
https://www.wearesegment.com/research/Mac-OS-X-Local-Javascript-Quarantine-Bypass.html
Apple EFI Updates Often Not Applied
https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research
]]> 5:22 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5690 Dealing With Massive PCAPs; Illusion Gap AV Bypass; DNSSEC KSK Update Delayed Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dealing With Massive PCAPs; Illusion Gap AV Bypass; DNSSEC KSK Update Delayed https://traffic.libsyn.com/securitypodcast/5690.mp3 https://isc.sans.edu/podcastdetail/5690 Fri, 29 Sep 2017 00:20:02 GMT https://isc.sans.edu/forums/diary/The+easy+way+to+analyze+huge+amounts+of+PCAP+data/22876/
Illusion Gap Anti-Virus Bypass
https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/
DNSSEC KSK Update Delayed
https://www.icann.org/news/announcement-2017-09-27-en
Linux PIE/Stack Corruption
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
]]> 5:48 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5688 Everything About JPEGs; Linux 4.14; CLKSCREW; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Everything About JPEGs; Linux 4.14; CLKSCREW; https://traffic.libsyn.com/securitypodcast/5688.mp3 https://isc.sans.edu/podcastdetail/5688 Thu, 28 Sep 2017 01:15:05 GMT https://isc.sans.edu/forums/diary/It+is+a+resume+Part+3/22808/
Linux 4.14 Memory Encryption
https://lwn.net/Articles/686808/
CLKSCREW: Exposing Secure Enclaves via Energy Management
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf
~
~
~
~
]]> 5:14 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5686 XPCTRA Malware; Mobile Invetment Vulns; iOS Wifi Exploit PoC; "Dirty Cow" used in Android Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. XPCTRA Malware; Mobile Invetment Vulns; iOS Wifi Exploit PoC; "Dirty Cow" used in Android Malware https://traffic.libsyn.com/securitypodcast/5686.mp3 https://isc.sans.edu/podcastdetail/5686 Wed, 27 Sep 2017 02:30:05 GMT https://isc.sans.edu/forums/diary/XPCTRA+Malware+Steals+Banking+and+Digital+Wallet+Users+Credentials/22868/
Vulnerable Mobile Investment Applications
http://blog.ioactive.com/2017/09/are-you-trading-securely-insights-into.html
iOS WiFi Exploit PoC Code Published
https://bugs.chromium.org/p/project-zero/issues/detail?id=1289
Android Malware Exploiting "Dirty Cow"
http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/]]> 5:18 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5684 macOS High Sierra; Possible macOS Keychain Leak; Showtime Making You Mine Monero Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. macOS High Sierra; Possible macOS Keychain Leak; Showtime Making You Mine Monero https://traffic.libsyn.com/securitypodcast/5684.mp3 https://isc.sans.edu/podcastdetail/5684 Tue, 26 Sep 2017 02:20:03 GMT https://support.apple.com/en-us/HT201222
Possible macOS Keychain Leak
https://twitter.com/patrickwardle/status/912254053849079808
Monero Cryptocoin Miner Found on Showtime Website
https://badpackets.net/coinhive-miner-found-on-official-showtime-network-websites-in-latest-case-of-cryptojacking/
]]> 5:39 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5682 Forensics and "mount --bind"; Adobe PGP Error; AVAST Update; Go Keyboard Spyware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Forensics and "mount --bind"; Adobe PGP Error; AVAST Update; Go Keyboard Spyware https://traffic.libsyn.com/securitypodcast/5682.mp3 https://isc.sans.edu/podcastdetail/5682 Mon, 25 Sep 2017 00:45:04 GMT https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/
Adobe Publishes Secret PGP Key By Mistake
https://twitter.com/jupenur/status/911286403434246144
AVAST Publishes CCleaner Update
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
Compromised Android Keyboard App
https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/
]]> 6:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5680 More DDoS Extortion; .Net ex-0-day Moves from APT to Crimeware; CCleaner Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More DDoS Extortion; .Net ex-0-day Moves from APT to Crimeware; CCleaner Update https://traffic.libsyn.com/securitypodcast/5680.mp3 https://isc.sans.edu/podcastdetail/5680 Fri, 22 Sep 2017 01:50:03 GMT https://isc.sans.edu/forums/diary/Emails+threatening+DDoS+allegedly+from+Phantom+Squad/22856/
CVE-2017-8759 Used in Cyber Crime Attacks
https://isc.sans.edu/forums/diary/Email+attachment+using+CVE20178759+exploit+targets+Argentina/22850/
CCleaner Command and Control Server
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html?m=1
Vulnerability in Intel Managment Engine Can Lead to Execution of Unsigned Code
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
]]> 5:37 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5678 Locky Again; Viacom S3 Leak; iOS 11 Outlook.com Bug; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Locky Again; Viacom S3 Leak; iOS 11 Outlook.com Bug; https://traffic.libsyn.com/securitypodcast/5678.mp3 https://isc.sans.edu/podcastdetail/5678 Thu, 21 Sep 2017 00:25:02 GMT https://isc.sans.edu/forums/diary/Ongoing+Ykcol+Locky+campaign/22848/
Viacom S3 Bucket Leak
https://www.upguard.com/breaches/cloud-leak-viacom
iOS 11 Outlook.com Bug
https://support.apple.com/en-us/HT208136
]]> 5:37 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5676 mac-robber; iOS Update; #Tomcat RCE Vulnerability; iTerm DNS Data Leak; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. mac-robber; iOS Update; #Tomcat RCE Vulnerability; iTerm DNS Data Leak; https://traffic.libsyn.com/securitypodcast/5676.mp3 https://isc.sans.edu/podcastdetail/5676 Wed, 20 Sep 2017 01:55:03 GMT https://isc.sans.edu/forums/diary/New+tool+macrobberpy/22844/
Apache Tomcat Patch
https://www.us-cert.gov/ncas/current-activity/2017/09/19/Apache-Releases-Security-Updates-Apache-Tomcat
Apple Updates For iOS, Xcode, tvOS, watchOS and Safari
https://support.apple.com/en-us/HT201222
]]> 6:01 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5674 #CCleaner Compromise; Word #INCLUDEPICTURE; security.txt file Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #CCleaner Compromise; Word #INCLUDEPICTURE; security.txt file https://traffic.libsyn.com/securitypodcast/5674.mp3 https://isc.sans.edu/podcastdetail/5674 Tue, 19 Sep 2017 04:50:03 GMT http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users
Word INCLUDEPICTURE Feature Abuse
https://securelist.com/an-undocumented-word-feature-abused-by-attackers/81899/
security.txt file
https://www.ietf.org/id/draft-foudil-securitytxt-00.txt
https://www.ietf.org/rfc/rfc2142.txt
]]> 8:08 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5672 WSL #Bashware; Javascript Crypto Currency Miner; #NodeJS DoS; #HTTPS Interception Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WSL #Bashware; Javascript Crypto Currency Miner; #NodeJS DoS; #HTTPS Interception https://traffic.libsyn.com/securitypodcast/5672.mp3 https://isc.sans.edu/podcastdetail/5672 Mon, 18 Sep 2017 00:50:02 GMT https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/
Javascript Rogue Crypto Currency Miner
https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/
NodeJS Hash Table DoS
https://medium.com/@ahmadbamieh/nodejs-constant-hashtables-seeds-vulnerability-f03bf70e3593
HTTPS Interception
https://blog.cloudflare.com/understanding-the-prevalence-of-web-traffic-interception/
]]> 5:54 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5670 Webshells and Backdoors; D-Link Patch; Google Play Store Malware; Elasticsearch Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Webshells and Backdoors; D-Link Patch; Google Play Store Malware; Elasticsearch Malware https://traffic.libsyn.com/securitypodcast/5670.mp3 https://isc.sans.edu/podcastdetail/5670 Fri, 15 Sep 2017 03:55:03 GMT https://isc.sans.edu/forums/diary/Another+webshell+another+backdoor/22826/
D-Link Vulnerability
https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html
Chrome To Label FTP As Insecure
https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ
More Google Play Store Malware
https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/
Elasticsearch Botnet
https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet
]]> 5:27 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5668 "Rogue" IPv6; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. "Rogue" IPv6; https://traffic.libsyn.com/securitypodcast/5668.mp3 https://isc.sans.edu/podcastdetail/5668 Thu, 14 Sep 2017 03:25:03 GMT https://isc.sans.edu/forums/diary/No+IPv6+Challenge+Accepted+Part+1/22820/
Exploiting CVE-2017-8759
https://www.mdsec.co.uk/2017/09/exploiting-cve-2017-8759-soap-wsdl-parser-code-injection/
Wordpress Plugin Found With Backdoor
https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/
]]> 5:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5666 #MSFT Patch Tuesday; BlueBorne Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #MSFT Patch Tuesday; BlueBorne Vulnerability https://traffic.libsyn.com/securitypodcast/5666.mp3 https://isc.sans.edu/podcastdetail/5666 Wed, 13 Sep 2017 04:15:07 GMT https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
https://technet.microsoft.com/security/advisories
BlueBorne Bluetooth Vulnerability
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
]]> 5:39 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5664 Cisco Struts Updates; Comodo Violating CAA; Identifying malware TLS connections Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Cisco Struts Updates; Comodo Violating CAA; Identifying malware TLS connections https://traffic.libsyn.com/securitypodcast/5664.mp3 https://isc.sans.edu/podcastdetail/5664 Tue, 12 Sep 2017 03:30:06 GMT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
Google Chrome Warning Users of Anti-Malware SSL Interception
https://twitter.com/sashaperigo/status/906263091624591360
Machinelearning To Identify Malicious TLS Connections
https://arxiv.org/pdf/1607.01639.pdf
Comodo Breaking CAA Standard
https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg08027.html
]]> 6:37 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5662 Analyzing JPEGs; WINspect; PSSetLoadImageNotifyRoutine; IOTA Cryto Currency Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing JPEGs; WINspect; PSSetLoadImageNotifyRoutine; IOTA Cryto Currency https://traffic.libsyn.com/securitypodcast/5662.mp3 https://isc.sans.edu/podcastdetail/5662 Mon, 11 Sep 2017 04:20:02 GMT https://isc.sans.edu/forums/diary/Analyzing+JPEG+files/22806/
Auditing Windows With WINspect
https://isc.sans.edu/forums/diary/Windows+Auditing+with+WINspect/22810/
Windows PSSetLoadImageNotifyRoutine Vulnerability
https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/
IOTA Cryptocurrency Vulnerable Hash Function
https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367
]]> 5:49 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5660 More Struts Issues; Equifax Compromise; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Struts Issues; Equifax Compromise; https://traffic.libsyn.com/securitypodcast/5660.mp3 https://isc.sans.edu/podcastdetail/5660 Fri, 08 Sep 2017 01:25:03 GMT https://struts.apache.org/docs/s2-053.html
Equifax Compromise
https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack
Hash Extension Flaws
https://isc.sans.edu/forums/diary/Modern+Web+Application+Penetration+Testing+Hash+Length+Extension+Attacks/22792/
Matt Hosburgh: Offensive Intrusion Analysis: Uncovering Insiders with Threat Hunting and Active Defense
]]> 15:37 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5658 Struts2 Exploit Public; More MongoDB Ransom Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Struts2 Exploit Public; More MongoDB Ransom https://traffic.libsyn.com/securitypodcast/5658.mp3 https://isc.sans.edu/podcastdetail/5658 Thu, 07 Sep 2017 02:10:03 GMT https://github.com/rapid7/metasploit-framework/pull/8924/commits/5ea83fee5ee8c23ad95608b7e2022db5b48340ef
Google Docs Table With Hacked MongoDB Databases
https://docs.google.com/spreadsheets/d/1QonE9oeMOQHVh8heFIyeqrjfKEViL0poLnY8mAakKhM/edit#gid=1781677175
Bypassing Cloudflare
https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/
]]> 5:16 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5656 #Mirai Decay; #Struts Vulnerability; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #Mirai Decay; #Struts Vulnerability; https://traffic.libsyn.com/securitypodcast/5656.mp3 https://isc.sans.edu/podcastdetail/5656 Wed, 06 Sep 2017 00:35:02 GMT https://isc.sans.edu/forums/diary/The+Mirai+Botnet+A+Look+Back+and+Ahead+At+Whats+Next/22786/
New Struts Vulnerability and Patch
https://isc.sans.edu/forums/diary/Struts+vulnerability+patch+released+by+apache+patch+now/22788
Mastercard Internet Gateway Service Flaw
http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/
Mac OS X High Sierra Insecure Kernel Module Loading
https://objective-see.com/blog/blog_0x21.html
]]> 6:47 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5654 Locky Back Via Fake Fonts; Asterisk RTPBleed; Arris AT&T Backdoor Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Locky Back Via Fake Fonts; Asterisk RTPBleed; Arris AT&T Backdoor https://traffic.libsyn.com/securitypodcast/5654.mp3 https://isc.sans.edu/podcastdetail/5654 Tue, 05 Sep 2017 00:05:02 GMT https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/
When is a PDF Just a PDF?
https://isc.sans.edu/forums/diary/It+is+a+resume+Part+1/22780/
Asterisk Vulnerable to RTPBleed
https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleed
Arris AT&T Modems With Backdoor
https://www.nomotion.net/blog/sharknatto/
]]> 6:18 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5652 Remote Work in a SOC; Linux RNG Reviewed; Turning Speaker into Microphones Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Remote Work in a SOC; Linux RNG Reviewed; Turning Speaker into Microphones https://traffic.libsyn.com/securitypodcast/5652.mp3 https://isc.sans.edu/podcastdetail/5652 Fri, 01 Sep 2017 02:45:05 GMT https://isc.sans.edu/forums/diary/Remote+SOC+Workers+Concerns/22772/
Linux Random Number Generator Reviewed
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5
Adobe Acrobat and Reader Security Patch
https://blogs.adobe.com/psirt/?p=1484
Turning Speakers into Microphones
https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf
]]> 14:25 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5650 ConnManDo Vulnerablity; Trickbot Goes After Coinbase; Pacemaker Patch; Inaudible Audio Commands Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. ConnManDo Vulnerablity; Trickbot Goes After Coinbase; Pacemaker Patch; Inaudible Audio Commands https://traffic.libsyn.com/securitypodcast/5650.mp3 https://isc.sans.edu/podcastdetail/5650 Wed, 30 Aug 2017 23:05:03 GMT http://connmando.nri-secure.co.jp/index.html
Trickbot Going After Coinbase
https://blogs.forcepoint.com/security-labs/trickbot-goes-after-cryptocurrency
Pacemakers Need Patch
https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm
Inaudible Voice Commands
https://arxiv.org/pdf/1708.07238.pdf
]]> 6:28 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5648 More Chrome Extension Banking Malware; Ransomware Spreading via RDP; More Leaked Passwords Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More Chrome Extension Banking Malware; Ransomware Spreading via RDP; More Leaked Passwords https://traffic.libsyn.com/securitypodcast/5648.mp3 https://isc.sans.edu/podcastdetail/5648 Wed, 30 Aug 2017 00:25:03 GMT https://isc.sans.edu/forums/diary/Second+Google+Chrome+Extension+Banker+Malware+in+Two+Weeks/22766/
Vulnerable Docker VM
https://www.notsosecure.com/vulnerable-docker-vm/
Large Spam E-Mail and Password List Discovered
https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
]]> 6:06 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5646 DVRs Again; Disabling Intel ME; Wire-X Android DDoS Bot Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DVRs Again; Disabling Intel ME; Wire-X Android DDoS Bot https://traffic.libsyn.com/securitypodcast/5646.mp3 https://isc.sans.edu/podcastdetail/5646 Tue, 29 Aug 2017 01:50:02 GMT https://isc.sans.edu/forums/diary/An+Update+On+DVR+Malware+A+DVR+Torture+Chamber/22762/
Disabling Intel ME
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
Wire-X Takedown
https://blogs.akamai.com/2017/08/the-wirex-botnet-an-example-of-cross-organizational-cooperation.html
]]> 5:38 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5644 Analyzing 7zip Malware; Worldwide DNS Manipulation; Crypto Miner Malware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing 7zip Malware; Worldwide DNS Manipulation; Crypto Miner Malware https://traffic.libsyn.com/securitypodcast/5644.mp3 https://isc.sans.edu/podcastdetail/5644 Mon, 28 Aug 2017 00:40:03 GMT https://isc.sans.edu/forums/diary/Malware+analysis+searching+for+dots/22758/
Worldwide DNS Manipulation Survey
https://people.eecs.berkeley.edu/~pearce/papers/dns_usenix_2017.pdf
Sophos Withdraws UTM Update
https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-503-released
Crypto Currency Malware
https://resources.netskope.com/h/i/361264722-coin-mining-malware-heads-to-the-cloud-with-zminer
]]> 6:49 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5642 HPE iLO Vuln; Facebook Messenger Malspam; Samsung Failed TV Update Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HPE iLO Vuln; Facebook Messenger Malspam; Samsung Failed TV Update https://traffic.libsyn.com/securitypodcast/5642.mp3 https://isc.sans.edu/podcastdetail/5642 Fri, 25 Aug 2017 00:05:03 GMT http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us
Facebook Messenger Spam Leads to Malware
https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/
iOS 10.3.1 Kernel Exploit Released
https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/
Samsung Bricks Smart TVs With Update
https://eu.community.samsung.com/t5/TV-Audio-Video/Samsung-MU-Series-2017-Smart-TV-s-will-do-nothing-after-Samsung/td-p/250277
John Bambenek's DGA Feeds
http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt]]> 12:23 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5640 Malware Loading Avast Safe Zone Browser? Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Loading Avast Safe Zone Browser? https://traffic.libsyn.com/securitypodcast/5640.mp3 https://isc.sans.edu/podcastdetail/5640 Thu, 24 Aug 2017 00:05:03 GMT https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/
Ropemaker E-Mail Content
https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf
Cloud Based Accounts Increasingly a Target
https://www.microsoft.com/en-us/security/intelligence-report
More Malware Found At Ukraining Accounting Software Makers
https://issp.ua/issp_system_images/UPD_samples_analysis_eng.pdf
]]> 5:44 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5638 Keychain iCloud Storage Risks; Room Mapping With Speakers; .fish Used For Phishing Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Keychain iCloud Storage Risks; Room Mapping With Speakers; .fish Used For Phishing https://traffic.libsyn.com/securitypodcast/5638.mp3 https://isc.sans.edu/podcastdetail/5638 Wed, 23 Aug 2017 00:55:03 GMT https://www.elcomsoft.com/eppb.html
Mapping Rooms With Smart Speakers
http://musicattacks.cs.washington.edu/activity-information-leakage.pdf
Netcraft Identifies .fish Domain Used For Phishing
https://news.netcraft.com/archives/2017/08/21/first-fishy-phishing-sites-sighted.html
]]> 5:08 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5636 Enigma Cryto Currency Theft; Bitcoin Privacy Threats; SyncCrypt ZIP in Images Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Enigma Cryto Currency Theft; Bitcoin Privacy Threats; SyncCrypt ZIP in Images https://traffic.libsyn.com/securitypodcast/5636.mp3 https://isc.sans.edu/podcastdetail/5636 Tue, 22 Aug 2017 01:05:02 GMT http://www.theregister.co.uk/2017/08/21/enigma_digital_currency_investors_scammed/
Bitcoin Privacy Threats
https://arxiv.org/abs/1708.04748
$500 iPhone PIN Brute Forcing Box
https://www.youtube.com/watch?v=IXglwbyMydM
SyncCrypt Bypasses Antivirus Filters With Images
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/
]]> 5:47 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5634 EngineBox Banking Malware; Invoice Malware; iOS SEP Key; FoxIT Vuln; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. EngineBox Banking Malware; Invoice Malware; iOS SEP Key; FoxIT Vuln; https://traffic.libsyn.com/securitypodcast/5634.mp3 https://isc.sans.edu/podcastdetail/5634 Sun, 20 Aug 2017 23:20:02 GMT https://isc.sans.edu/forums/diary/EngineBox+Malware+Supports+10+Brazilian+Banks/22736/
It's Not An Invoice
https://isc.sans.edu/forums/diary/Its+Not+An+Invoice/22738/
iOS Secure Enclave Key Posted
https://www.theiphonewiki.com/wiki/Greensburg_14G60_%28iPhone6,1%29
Vulnerabilities in FoxIT PDF Reader
https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader
]]> 5:27 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5632 Maldoc Uses Link Auto-Update; Rowhammer for SSD Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Maldoc Uses Link Auto-Update; Rowhammer for SSD https://traffic.libsyn.com/securitypodcast/5632.mp3 https://isc.sans.edu/podcastdetail/5632 Fri, 18 Aug 2017 01:05:02 GMT https://isc.sans.edu/forums/diary/Maldoc+with+autoupdated+link/22730/
Rowhammer is Back: SSD Memory Affected
https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf
Nathaniel Quist: Active Defense in a Labyrinth of Deception
https://www.sans.org/reading-room/whitepapers/ActiveDefense/active-defense-labyrinth-deception-37462
]]> 16:24 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5630 Paypal Phishing Kit; ShadowPad; Audio CAPTCHA Attacks; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Paypal Phishing Kit; ShadowPad; Audio CAPTCHA Attacks; https://traffic.libsyn.com/securitypodcast/5630.mp3 https://isc.sans.edu/podcastdetail/5630 Thu, 17 Aug 2017 03:25:03 GMT https://isc.sans.edu/forums/diary/Analysis+of+a+Paypal+phishing+kit/22726/
ShadowPad Backdoor in NetSarang Equipment
https://securelist.com/shadowpad-in-corporate-networks/81432/
Solving Captcha Audio Challenges
http://uncaptcha.cs.umd.edu/papers/uncaptcha_woot17.pdf
]]> 6:20 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5628 Trickbot via Malspam; Malware via Phone; DJI "Go" App Found to Use JSPatch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Trickbot via Malspam; Malware via Phone; DJI "Go" App Found to Use JSPatch https://traffic.libsyn.com/securitypodcast/5628.mp3 https://isc.sans.edu/podcastdetail/5628 Wed, 16 Aug 2017 00:10:03 GMT https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/
Banker Google Chrome Extension Targeting Brazil
https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/
DJI "Go" App May Be Using JSPatch To Modify Applications After Install
https://www.rcgroups.com/forums/showpost.php?p=38096850&postcount=2713
Smartlocks Bricked After Auto-Update
http://www.securitysales.com/news/smart-locks-lobotomized-failed-update/
]]> 6:03 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5626 SPAM vs. Malware; Android Intra-Library Collusion; SonicSpy Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SPAM vs. Malware; Android Intra-Library Collusion; SonicSpy https://traffic.libsyn.com/securitypodcast/5626.mp3 https://isc.sans.edu/podcastdetail/5626 Tue, 15 Aug 2017 00:05:03 GMT https://isc.sans.edu/forums/diary/Sometimes+its+just+SPAM/22716/
Android iOS Intra-Library Collusion
https://arxiv.org/abs/1708.03520
SonicSpy: Android Spyware Apps
https://blog.lookout.com/sonicspy-spyware-threat-technical-research
Checking For Breached Passwords in Active Directory
https://jacksonvd.com/checking-for-breached-passwords-in-active-directory/
]]> 6:09 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5624 OWA Attacks; Phishing Tests; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OWA Attacks; Phishing Tests; https://traffic.libsyn.com/securitypodcast/5624.mp3 https://isc.sans.edu/podcastdetail/5624 Mon, 14 Aug 2017 00:45:04 GMT https://isc.sans.edu/forums/diary/Outlook+Web+Access+based+attacks/22710/
The Good Phishing Email
https://isc.sans.edu/forums/diary/The+Good+Phishing+Email/22712/
Git/CVS/Mercurial and others: ssh vulnerablity
http://blog.recurity-labs.com/2017-08-10/scm-vulns
Postgresql Vulnerablities
https://bugzilla.redhat.com/show_bug.cgi?id=1477185
]]> 5:40 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5622 Maldoc Analysis With ViperMonkey; More WoSign Trouble; SMS Touch Bugs; Mac Adware Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Maldoc Analysis With ViperMonkey; More WoSign Trouble; SMS Touch Bugs; Mac Adware https://traffic.libsyn.com/securitypodcast/5622.mp3 https://isc.sans.edu/podcastdetail/5622 Fri, 11 Aug 2017 01:45:04 GMT https://isc.sans.edu/forums/diary/Maldoc+Analysis+with+ViperMonkey/22702/
Microsoft Joins Google/Mozilla in Banishing WoSign and StartCom From Trusted CA List
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/
SMS Touch App Leaking Messages
https://www.zscaler.com/blogs/research/mobile-app-wall-shame-sms-touch
Mac Adware Mughthesec
https://objective-see.com/blog/blog_0x20.html
]]> 5:46 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5620 DirectDefense Accuses Carbon Black of Data Leak; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DirectDefense Accuses Carbon Black of Data Leak; https://traffic.libsyn.com/securitypodcast/5620.mp3 https://isc.sans.edu/podcastdetail/5620 Thu, 10 Aug 2017 00:20:03 GMT https://www.carbonblack.com/2017/08/09/directdefense-incorrectly-asserts-architectural-flaw-in-cb-response/
https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/
Vulnerabilities in Solar Generation
https://horusscenario.com
Hunting Malicious npm Packages
https://duo.com/blog/hunting-malicious-npm-packages
]]> 6:52 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5618 MSFT, Adobe and Android Updates; Contract Malspam Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT, Adobe and Android Updates; Contract Malspam https://traffic.libsyn.com/securitypodcast/5618.mp3 https://isc.sans.edu/podcastdetail/5618 Wed, 09 Aug 2017 01:50:03 GMT https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2017/22694/
Adobe Updates
https://helpx.adobe.com/security.html
Android Patches
https://source.android.com/security/bulletin/2017-08-01
How Are People Fooled By This? Email To Sign a Contract Provides Malware
https://isc.sans.edu/forums/diary/How+are+people+fooled+by+this+Email+to+sign+a+contract+provides+malware+instead/22696/
]]> 5:57 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5616 PHPMyAdmin Scans; Hotspot Shield FTC Complaints Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PHPMyAdmin Scans; Hotspot Shield FTC Complaints https://traffic.libsyn.com/securitypodcast/5616.mp3 https://isc.sans.edu/podcastdetail/5616 Mon, 07 Aug 2017 23:15:04 GMT https://isc.sans.edu/forums/diary/Increase+of+phpMyAdmin+scans/22688/
Hotspot Shield Leakes Private User Data
https://cdt.org/files/2017/08/FTC-CDT-VPN-complaint-8-7-17.pdf
Debian Turning Off Support for TLS 1.0/1.1
https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html
Ongoing Phishing Attacks Against Google Chrome Plugin Developers
https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/
]]> 5:43 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5614 Opengraph Link Obfuscation; Cerber Steals Bitcoins; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Opengraph Link Obfuscation; Cerber Steals Bitcoins; https://traffic.libsyn.com/securitypodcast/5614.mp3 https://isc.sans.edu/podcastdetail/5614 Mon, 07 Aug 2017 01:45:04 GMT https://isc.sans.edu/forums/diary/Use+of+the+Open+Graph+Protocol+to+Disguise+Malicious+Facebook+Links/22684/
Cerber Adding Bitcoin and Password Stealer to Crypto Ransomware
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/
Symantec Selling Certificate Business To Digicert
https://www.heise.de/security/meldung/Nachspiel-einer-fatalen-Panne-Symantec-verkauft-Zertifikatssparte-an-DigiCert-3793482.html
Siemens Medical Imaging Systems Vulnerable to Old Windows Flaws
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184.pdf
]]> 6:13 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5612 #RPi Honeypot Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. #RPi Honeypot https://traffic.libsyn.com/securitypodcast/5612.mp3 https://isc.sans.edu/podcastdetail/5612 Fri, 04 Aug 2017 00:25:03 GMT https://github.com/DShield-ISC/dshield
Troy Hunt Releases Password List
https://haveibeenpwned.com/Passwords
Typosquatting npm Packages
http://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry
SEC503: Intrusion Detection in Depth Berlin (Oct 23rd-28th)
https://www.sans.org/event/berlin-2017/course/intrusion-detection-in-depth
]]> 5:50 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5610 Attacking #NoSQL; Web Developer Toolbar Hijacked; #Amazon stops selling #Blu Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Attacking #NoSQL; Web Developer Toolbar Hijacked; #Amazon stops selling #Blu https://traffic.libsyn.com/securitypodcast/5610.mp3 https://isc.sans.edu/podcastdetail/5610 Wed, 02 Aug 2017 23:25:03 GMT https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications+part+2/22676/
Web Developer Chrome Toolbar Replaced with AdWare
https://twitter.com/chrispederick
Android Banking Trojans
https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/
Amazon Stops Selling Blu Smartphones
http://www.zdnet.com/article/amazon-halts-blu-phone-sales-over-potential-security-issue/
]]> 5:21 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5608 Detect SMB Versions; CopyFish Adware; McAffee Vulnerability Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Detect SMB Versions; CopyFish Adware; McAffee Vulnerability https://traffic.libsyn.com/securitypodcast/5608.mp3 https://isc.sans.edu/podcastdetail/5608 Wed, 02 Aug 2017 01:40:02 GMT https://isc.sans.edu/forums/diary/Rooting+Out+Hosts+that+Support+Older+Samba+Versions/22672/
CopyFish Google Chrome Extension Replaced by Adware
https://a9t9.com/blog/chrome-extension-adware/
StartCom Applying to be Included in Mozilla SSL CAs again
https://bugzilla.mozilla.org/show_bug.cgi?id=1311832#c12
McAffee Uses Mixed SSL/nonSSL Content For Online Malware Scan
https://blogs.securiteam.com/index.php/archives/3350
Netflix Releases DoS Testing Tool
https://medium.com/netflix-techblog/starting-the-avalanche-640e69b14a06
]]> 6:18 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5606 Outlook Patches; Social Media Recon; ShieldFS Protecting Files Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Outlook Patches; Social Media Recon; ShieldFS Protecting Files https://traffic.libsyn.com/securitypodcast/5606.mp3 https://isc.sans.edu/podcastdetail/5606 Tue, 01 Aug 2017 00:50:03 GMT https://support.office.com/en-us/article/Outlook-known-issues-in-the-June-2017-security-updates-3f6dbffd-8505-492d-b19f-b3b89369ed9b?ui=en-US&rs=en-US&ad=US&fromAR=1
Iranian Hackers Use Social Media To Collect Data
https://www.darkreading.com/attacks-breaches/iranian-hackers-ensnared-targets-via-phony-female-photographer/d/d-id/1329502?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
ShieldFS Self Healing Filesystem
http://shieldfs.necst.it/continella-shieldfs-2016.pdf
]]> 5:40 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5604 SMBloris; SMS Phishing; Car Hacking Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SMBloris; SMS Phishing; Car Hacking https://traffic.libsyn.com/securitypodcast/5604.mp3 https://isc.sans.edu/podcastdetail/5604 Mon, 31 Jul 2017 00:40:03 GMT https://twitter.com/jennamagius/status/891434286212984832
https://isc.sans.edu/forums/diary/SMBLoris+the+new+SMB+flaw/22662/
Text Banking Attacks
https://isc.sans.edu/forums/diary/Text+Banking+Scams/22666/
Nissan Leaf WiFi Vulnerability
https://github.com/HackingThings/Publications/blob/cdb72df7c3feffd02593a31d67a34ae353b09114/2017/DC25_Driving%20down%20the%20rabbit%20hole-Mickey_Jesse_Oleksander.pdf
]]> 5:48 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5602 HTTP Middlemen Vulnerabilities; Goldeneye/Petya Decrypte; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HTTP Middlemen Vulnerabilities; Goldeneye/Petya Decrypte; https://traffic.libsyn.com/securitypodcast/5602.mp3 https://isc.sans.edu/podcastdetail/5602 Fri, 28 Jul 2017 03:20:02 GMT http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html
Petya/Goldeneye Decrypter
https://blog.malwarebytes.com/malwarebytes-news/2017/07/bye-bye-petya-decryptor-old-versions-released/
TinyPot, My Small Honeypot
https://isc.sans.edu/forums/diary/TinyPot+My+Small+Honeypot/22654/
Shaun McCullough
https://www.sans.org/reading-room/whitepapers/testing/docker-create-multi-container-environments-research-sharing-lateral-movement-37855
]]> 13:32 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5600 Emotet Malspam; Broadpwn Released Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Emotet Malspam; Broadpwn Released https://traffic.libsyn.com/securitypodcast/5600.mp3 https://isc.sans.edu/podcastdetail/5600 Thu, 27 Jul 2017 02:15:05 GMT https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/
Broadpwn Released
http://blog.exodusintel.com/2017/07/26/broadpwn/
Microsoft Announces Windows 10 Bug Bounty
https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/
Custom Map Vulnearbilty in Valve Games
https://oneupsecurity.com/research/remote-code-execution-in-source-games
]]> 5:11 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5598 Flash is Dead (official); SSL Fingerprinting Tool; More iCloud Ransom Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Flash is Dead (official); SSL Fingerprinting Tool; More iCloud Ransom Attacks https://traffic.libsyn.com/securitypodcast/5598.mp3 https://isc.sans.edu/podcastdetail/5598 Wed, 26 Jul 2017 01:05:02 GMT https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html
JA3 Hash To Fingerprint SSL/TLS Connections
https://github.com/salesforce/ja3
https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41
New Wave of Apple iCloud Ransom Attacks
https://www.heise.de/mac-and-i/meldung/Erneut-iCloud-Erpressungswelle-ueber-Meinen-Mac-suchen-und-Mein-iPhone-suchen-3782075.html
]]> 5:45 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5596 Uber Driver Scam; Critical Netscaler SD-WAN 9.1.2 Issue; Mac Malware FruitFly Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Uber Driver Scam; Critical Netscaler SD-WAN 9.1.2 Issue; Mac Malware FruitFly https://traffic.libsyn.com/securitypodcast/5596.mp3 https://isc.sans.edu/podcastdetail/5596 Tue, 25 Jul 2017 01:10:02 GMT https://isc.sans.edu/forums/diary/Uber+drivers+new+threat+the+passenger/22626/
Mac Malware FruitFly2
https://motherboard.vice.com/en_us/article/zmv79w/mysterious-mac-malware-has-infected-hundreds-of-victims-for-years
Exploit Released for Critical Netscaler SD WAN 9.1.2 Vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6316
]]> 7:15 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5594 Malicious .iso Attachments; Maldocs With .lnk File; Ethereum Compromise Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malicious .iso Attachments; Maldocs With .lnk File; Ethereum Compromise https://traffic.libsyn.com/securitypodcast/5594.mp3 https://isc.sans.edu/podcastdetail/5594 Mon, 24 Jul 2017 02:35:02 GMT https://isc.sans.edu/forums/diary/Malicious+iso+Attachments/22636/
Maldoc with .lnk File
https://isc.sans.edu/forums/diary/Another+lnk+File/22640/
Large Ethereum Hack
http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/
]]> 5:02 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5592 Symantec Sloppy Key Verification; Gnome Thumbnailer RCE; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Symantec Sloppy Key Verification; Gnome Thumbnailer RCE; https://traffic.libsyn.com/securitypodcast/5592.mp3 https://isc.sans.edu/podcastdetail/5592 Fri, 21 Jul 2017 00:15:04 GMT https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
Gnome Thumbnailer Executes Code
http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
]]> 11:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5590 Web Error Logs; Apple Updates Everything; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Web Error Logs; Apple Updates Everything; https://traffic.libsyn.com/securitypodcast/5590.mp3 https://isc.sans.edu/podcastdetail/5590 Thu, 20 Jul 2017 00:05:02 GMT https://isc.sans.edu/forums/diary/Bots+Searching+for+Keys+Config+Files/22630/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Trend Micro Sees SambaCry Exploits
http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/
Google Increases Developer Scrutiny
https://developers.googleblog.com/2017/05/updating-developer-identity-guidelines.html
]]> 6:01 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5588 Oracle CPU; Cisco WebEx Patch; NodeJSUpdate; Coindash Hack Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Oracle CPU; Cisco WebEx Patch; NodeJSUpdate; Coindash Hack https://traffic.libsyn.com/securitypodcast/5588.mp3 https://isc.sans.edu/podcastdetail/5588 Wed, 19 Jul 2017 00:15:04 GMT http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html
Cisco WebEx Plugin Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex
https://bugs.chromium.org/p/project-zero/issues/detail?id=1324&desc=2
Node.JS DoS Vulnerability
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
Bitdefender Remote Stack Buffer Overflow
https://landave.io/2017/07/bitdefender-remote-stack-buffer-overflow-via-7z-ppmd/
Coindash Hack
https://twitter.com/coindashio/status/886936799695818752
https://www.coindash.io
DowJones Leaks Customer Data via S3 Buckets
https://www.upguard.com/breaches/cloud-leak-dow-jones
]]> 5:46 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5586 Brazil Phishing Scam Targeting 2FA; FreeRadius Update; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Brazil Phishing Scam Targeting 2FA; FreeRadius Update; https://traffic.libsyn.com/securitypodcast/5586.mp3 https://isc.sans.edu/podcastdetail/5586 Tue, 18 Jul 2017 00:50:03 GMT https://isc.sans.edu/forums/diary/SMS+Phishing+induces+victims+to+photograph+its+own+token+card/22616/
Critical FreeRADIUS Update
https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/
OS X Malware Installs Crypto Messenger Signal
https://blog.checkpoint.com/2017/07/13/osxdok-refuses-go-away-money/
]]> 5:45 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5584 NemucodAES Update; Excel and LNK; Gandi Domain Hijack; iSmart Alarm Vulns Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NemucodAES Update; Excel and LNK; Gandi Domain Hijack; iSmart Alarm Vulns https://traffic.libsyn.com/securitypodcast/5584.mp3 https://isc.sans.edu/podcastdetail/5584 Mon, 17 Jul 2017 00:45:04 GMT https://isc.sans.edu/forums/diary/NemucodAES+and+the+malspam+that+distributes+it/22614/
Analyzing Malicious Office Document With LNK
https://isc.sans.edu/forums/diary/Office+maldoc+lnk/22618/
Gandi Breach Leads to Domain Compromise
https://news.gandi.net/en/2017/07/detailed-incident-report/
iSmart Alarm Vulnerabilities
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
]]> 5:25 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5582 Malware Loads ffmpeg; SAP Updates; Password Managers and Cloud Sync Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Loads ffmpeg; SAP Updates; Password Managers and Cloud Sync https://traffic.libsyn.com/securitypodcast/5582.mp3 https://isc.sans.edu/podcastdetail/5582 Thu, 13 Jul 2017 19:50:03 GMT https://blog.malwarebytes.com/threat-analysis/2017/07/malware-abusing-ffmpeg/
Password Managers and Cloud Storage
https://discussions.agilebits.com/discussion/76956/can-i-still-buy-standalone-license-for-the-1password-no-longer-being-marketed/p8
SAP Point of Sales Express Patch
https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-july-2017/
Roderick Currie: Car Hacking Developments
https://www.sans.org/reading-room/whitepapers/internet/developments-car-hacking-36607
]]> 14:56 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5580 Simple File Integrity Checks; Ethereum Scams; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Simple File Integrity Checks; Ethereum Scams; https://traffic.libsyn.com/securitypodcast/5580.mp3 https://isc.sans.edu/podcastdetail/5580 Wed, 12 Jul 2017 21:30:04 GMT https://isc.sans.edu/forums/diary/Backup+Scripts+the+FIM+of+the+Poor/22606/
Ethereum Wallet Services Targeted By Scammers
http://www.ibtimes.co.uk/ethereum-under-siege-scammers-make-700000-6-days-slack-reddit-phishing-attacks-1629866
MongoDB Security Surprises For Shared Hosting
https://medium.com/@alexbyk/mongodb-at-shared-hosting-security-surprises-c441ecb84b54
Trend Micro Vulnerabilities
https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities
]]> 5:45 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5578 MSFT Patch Tuesday; AT&T Cell Phone Takeover Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT Patch Tuesday; AT&T Cell Phone Takeover https://traffic.libsyn.com/securitypodcast/5578.mp3 https://isc.sans.edu/podcastdetail/5578 Tue, 11 Jul 2017 21:05:02 GMT https://isc.sans.edu/diary//22602
AT&T Cell Phone Takeover
https://carpeaqua.com/2017/07/07/hack-the-planet/
Systemd Invalid Username Bug To Be Fixed
https://github.com/systemd/systemd/pull/6300
]]> 5:33 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5576 Takeover of .io TLD; OpenBSD Even More Random; Malwarebytes quarterly report Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Takeover of .io TLD; OpenBSD Even More Random; Malwarebytes quarterly report https://traffic.libsyn.com/securitypodcast/5576.mp3 https://isc.sans.edu/podcastdetail/5576 Mon, 10 Jul 2017 21:00:32 GMT https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/
Malwarebytes Quarterly Malware Report
https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf
OpenBSD Introducing KARL To Randomize Kernel Layout at Boot
https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
]]> 5:39 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5574 More DDoS Ransom; Using SOF-ELK For Hunting; Template Attacks Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. More DDoS Ransom; Using SOF-ELK For Hunting; Template Attacks https://traffic.libsyn.com/securitypodcast/5574.mp3 https://isc.sans.edu/podcastdetail/5574 Sun, 09 Jul 2017 20:40:02 GMT https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Adversary Hunting With SOF-ELK
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Petya Master Key Published
https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F
Template Attacks Against Critical Infrastructure
http://blog.talosintelligence.com/2017/07/template-injection.html
]]> 5:56 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5572 Finding Odd Domain Names; BitTorrent Sync 2.0 Log Files; BIND TSIG Exploit Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Finding Odd Domain Names; BitTorrent Sync 2.0 Log Files; BIND TSIG Exploit https://traffic.libsyn.com/securitypodcast/5572.mp3 https://isc.sans.edu/podcastdetail/5572 Thu, 06 Jul 2017 20:05:02 GMT https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/
BitTorrent Sync 2.0 Log Files
https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2
Finding Weak Password Hashing Algorithms Via Hash Collisions
https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/
BIND TSIG Exploit
http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf
]]> 5:32 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5570 AVTest Report; #MSFT Update Prompts; Relaxed Laptop Ban; MeDOC Raid Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AVTest Report; #MSFT Update Prompts; Relaxed Laptop Ban; MeDOC Raid https://traffic.libsyn.com/securitypodcast/5570.mp3 https://isc.sans.edu/podcastdetail/5570 Wed, 05 Jul 2017 19:40:02 GMT https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf
Microsoft Will Prompt Users to Update Windows 10
https://support.microsoft.com/en-us/help/4023814
Bithumb Bitcoin Exchange Hacked (Article in Korean)
http://bithumb.cafe/archives/7329
Turkish Airlines and Emirates Remove Laptop Ban
http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/
Ukrainian Authorities Raid MeDoc (Article in Ukrainian)
https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
]]> 4:50 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5568 Skype Patch Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Skype Patch https://traffic.libsyn.com/securitypodcast/5568.mp3 https://isc.sans.edu/podcastdetail/5568 Tue, 04 Jul 2017 23:05:02 GMT https://www.vulnerability-lab.com/get_content.php?id=2071
SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug)
https://github.com/systemd/systemd/issues/6237
Cisco Fixes SNMP Vulnerability in IOS and IOS XE
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Smartphones Can Be Compromised with shady replacement parts
https://iss.oy.ne.ro/Shattered
Siemens Fixes Intel AMT Bug
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf
Update For libgcrypt
https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev
]]> 5:55 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5566 News from Blank Slate; Azure AD Connect Bug; #SANSEDU #STI Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. News from Blank Slate; Azure AD Connect Bug; #SANSEDU #STI https://traffic.libsyn.com/securitypodcast/5566.mp3 https://isc.sans.edu/podcastdetail/5566 Fri, 30 Jun 2017 01:25:02 GMT https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/
Azure AD Connect Vulnerability
https://technet.microsoft.com/library/security/4033453.aspx#ID0EN
Exploit Available For Stack Clash Vulnerability
https://www.qualys.com/research/security-advisories/
Paul Herschberger: Data Breach Impact Estimation
https://www.sans.org/reading-room/whitepapers/dlp/data-breach-impact-estimation-37502
]]> 15:07 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5564 Petya Update; Ubuntu systemd Vuln; BPG Attacks against Bitcoin Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Petya Update; Ubuntu systemd Vuln; BPG Attacks against Bitcoin https://traffic.libsyn.com/securitypodcast/5564.mp3 https://isc.sans.edu/podcastdetail/5564 Thu, 29 Jun 2017 01:10:02 GMT https://isc.sans.edu/forums/diary/Petya+I+hardly+know+ya+an+ISC+update+on+the+20170627+ransomware+outbreak/22566/
Ubuntu systemd Vulnerability
https://www.ubuntu.com/usn/usn-3341-1/
Microsoft Will Include EMET in Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/
BGB Attacks Against Bitcoin
https://blog.acolyer.org/2017/06/27/hijacking-bitcoin-routing-attacks-on-cryptocurrencies/
]]> 5:37 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5562 Petya/Goldeneye Variant Makes the Rounds Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Petya/Goldeneye Variant Makes the Rounds https://traffic.libsyn.com/securitypodcast/5562.mp3 https://isc.sans.edu/podcastdetail/5562 Wed, 28 Jun 2017 00:00:08 GMT https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/
]]> 5:07 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5560 BitTorrent Sync 2.0 Forensics; Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BitTorrent Sync 2.0 Forensics; https://traffic.libsyn.com/securitypodcast/5560.mp3 https://isc.sans.edu/podcastdetail/5560 Tue, 27 Jun 2017 00:15:04 GMT https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Part+1/22554/
Ransomware Payment Spurres More DDoS Ransomware Attacks
https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/
Speed Trap Cameras in Australia Infected with WannaCrypt
http://www.camerassavelives.vic.gov.au/utility/latest+news/investigation+underway+into+cameras+affected+by+software+virus
More Vulnerablities in Windows Defender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2
npm Developer Accounts Reset After Password Reuse Discovery
https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md
]]> 6:16 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5558 DDOS Extortion; Laptop Travel; MSFT Leaks Code; Locky back for XP Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DDOS Extortion; Laptop Travel; MSFT Leaks Code; Locky back for XP https://traffic.libsyn.com/securitypodcast/5558.mp3 https://isc.sans.edu/podcastdetail/5558 Sun, 25 Jun 2017 22:50:03 GMT https://isc.sans.edu/forums/diary/Fake+DDoS+Extortions+Continue+Please+Forward+Us+Any+Threats+You+Have+Received/22550/
Traveling with a Laptop
https://isc.sans.edu/forums/diary/Traveling+with+a+Laptop+Surviving+a+Laptop+Ban+How+to+Let+Go+of+Precious/22462/
Side Channel Attacks on the Cheap
https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf
Latest Locky Variant Hunting Down Windows XP Users
http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html
Windows Beta Builts and Source Code Leaked
http://www.theregister.co.uk/2017/06/23/windows_10_leak/
]]> 6:36 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber security, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5556 Obfuscation Techniques; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Obfuscation Techniques; https://traffic.libsyn.com/securitypodcast/5556.mp3 https://isc.sans.edu/podcastdetail/5556 Fri, 23 Jun 2017 01:35:03 GMT Obfuscating Without XOR
https://isc.sans.edu/forums/diary/Obfuscating+without+XOR/22544/
Airbnb OAUTH Token Theft
https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/
Critical Drupal Vulnerablity
https://www.drupal.org/SA-CORE-2017-003
Auditing Docker Containers
https://www.sans.org/reading-room/whitepapers/auditing/checklist-audit-docker-containers-37437
]]> 11:55 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5554 OpenVPN Post-Audit Vulnerabilities; WannaCry Aftershocks Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. OpenVPN Post-Audit Vulnerabilities; WannaCry Aftershocks https://traffic.libsyn.com/securitypodcast/5554.mp3 https://isc.sans.edu/podcastdetail/5554 Thu, 22 Jun 2017 11:17:13 GMT https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
RAR Unpack Vulnerability Affects BitDefender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1278&desc=6
Honda Plant Shuts Down Over Wannacry
https://www.bleepingcomputer.com/news/security/one-month-later-wannacry-ransomware-is-still-shutting-down-factories/
]]> 5:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5552 Cisco Ships Private Key in Video Player; Windows Error Reports; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Cisco Ships Private Key in Video Player; Windows Error Reports; https://traffic.libsyn.com/securitypodcast/5552.mp3 https://isc.sans.edu/podcastdetail/5552 Wed, 21 Jun 2017 01:40:02 GMT https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/T6emeoE-lCU
Windows Error Reporting: DFIR Benefits and Privacy Concerns
https://isc.sans.edu/forums/diary/Windows+Error+Reporting+DFIR+Benefits+and+Privacy+Concerns/22536/
Deteting Memory Curruption in glibc
https://github.com/DhavalKapil/libdheap
Let's Encrypt ACME Protocol To Become IETF Standard
https://tools.ietf.org/html/draft-ietf-acme-acme-06
Microsoft Publishes Analysis of NSA Exploits
https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/
]]> 5:52 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5550 Stack Clash Vulnerablitiy; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Stack Clash Vulnerablitiy; https://traffic.libsyn.com/securitypodcast/5550.mp3 https://isc.sans.edu/podcastdetail/5550 Tue, 20 Jun 2017 00:45:04 GMT https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Separation Of Duties / Malicious Administrators
https://isc.sans.edu/forums/diary/As+Your+Admin+Walks+Out+the+Door/22530/
Progress in Sattelite Based Quantum Cryptography
https://www.wired.com/story/chinese-satellite-relays-a-quantum-signal-between-cities/
https://www.helpnetsecurity.com/2017/06/19/extremely-secure-data-encryption/
Women Connect Event Minneapolis:
https://www.sans.org/event/minneapolis-2017/bonus-sessions/12162
]]> 7:19 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5548 Port 83 Uptick; WINS DoS Not Fixed; SMB1 will be turned off Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Port 83 Uptick; WINS DoS Not Fixed; SMB1 will be turned off https://traffic.libsyn.com/securitypodcast/5548.mp3 https://isc.sans.edu/podcastdetail/5548 Mon, 19 Jun 2017 02:10:02 GMT https://isc.sans.edu/forums/diary/What+is+going+on+with+Port+83/22524/
WINS DoS Vulnerability will not be fixed by Microsoft
https://blog.fortinet.com/2017/06/14/wins-server-remote-memory-corruption-vulnerability-in-microsoft-windows-server
Microsoft to Release Patch to Turn off SMB1
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-smbv1-in-windows-starting-this-fall/
UK Hacker Stole Personell Data For US Military Sattelite Network
https://public-newsroom-nca-01.azurewebsites.net/news/hacker-stole-satellite-data-from-us-department-of-defence
Sophos Web Appliance Will Now Update via https
https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-2---security-and-defect-fix-rollup
]]> 5:22 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5546 Cherry Blossom Wifi Hacking; DVR Vulns; MSFT Defender Vulns Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Cherry Blossom Wifi Hacking; DVR Vulns; MSFT Defender Vulns https://traffic.libsyn.com/securitypodcast/5546.mp3 https://isc.sans.edu/podcastdetail/5546 Fri, 16 Jun 2017 00:05:03 GMT https://wikileaks.org/vault7/#Cherry%20Blossom
More DVR Vulnerabilities
https://www.pentestpartners.com/security-blog/what-did-mirai-miss-making-a-better-bigger-botnet/
More Microsoft Windows Defender Vulnerabilities
http://www.theregister.co.uk/2017/06/15/microsoft_how_about_sandboxing_windows_defenders_engine/

Decryption Utility For Jaff Crypto Ransomware
https://noransom.kaspersky.com
Preston Ackerman: Two Factor Authentication by Home End-Users
https://www.sans.org/reading-room/whitepapers/authentication/impediments-adoption-two-factor-authentication-home-end-users-37607

]]> 18:08 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5544 Malicious Headphones; Systemd Odd Defaults; VoLTE Vulnerabilities; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Malicious Headphones; Systemd Odd Defaults; VoLTE Vulnerabilities; https://traffic.libsyn.com/securitypodcast/5544.mp3 https://isc.sans.edu/podcastdetail/5544 Wed, 14 Jun 2017 23:45:03 GMT https://isc.sans.edu/forums/diary/Systemd+Could+Fallback+to+Google+DNS/22516/
Voice over LTE Vulnerabilities
https://www.sstic.org/media/SSTIC2017/SSTIC-actes/remote_geolocation_and_tracing_of_subscribers_usin/SSTIC2017-Article-remote_geolocation_and_tracing_of_subscribers_using_4g_volte_android_phone-le-moal_ventuzelo_coudray.pdf
Tails 3.0 Released
https://tails.boum.org/install/download/index.en.html
Nexus 9 Headphone Jack Vulnerability
https://alephsecurity.com/2017/06/13/nexus9-ephemeral-fiq/
]]> 6:25 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5542 MSFT Patches Remaining #NSA Exploits (incl. Win XP); North Korea Builds DDoS Botnet Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. MSFT Patches Remaining #NSA Exploits (incl. Win XP); North Korea Builds DDoS Botnet https://traffic.libsyn.com/securitypodcast/5542.mp3 https://isc.sans.edu/podcastdetail/5542 Wed, 14 Jun 2017 01:45:04 GMT https://isc.sans.edu/forums/diary/Microsoft+and+Adobe+June+2017+Patch+Tuesday+Two+Exploited+Vulnerabilities+Patched/22512/
North Korea Building DDoS Botnet
https://www.us-cert.gov/ncas/alerts/TA17-164A
]]> 6:29 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5540 Industroyer/ #CrashOverride Power System Malware; Mac Spyware Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Industroyer/ #CrashOverride Power System Malware; Mac Spyware https://traffic.libsyn.com/securitypodcast/5540.mp3 https://isc.sans.edu/podcastdetail/5540 Tue, 13 Jun 2017 00:15:02 GMT https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/
https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
MacSpy Spyware As A Service For Macs
http://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service
VolUtility Memory Analysis Made Easy
https://isc.sans.edu/forums/diary/An+Introduction+to+VolUtility/22508/
Google News Abused For Spam
http://www.theregister.co.uk/2017/06/12/googles_news_algorithm_serves_up_penis_pills_for_all/
]]> 5:54 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5538 SAMBA Vuln. Exploited; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. SAMBA Vuln. Exploited; https://traffic.libsyn.com/securitypodcast/5538.mp3 https://isc.sans.edu/podcastdetail/5538 Mon, 12 Jun 2017 00:20:03 GMT https://securelist.com/78674/sambacry-is-coming/
Intel's AMT Technology Used For Covert Channel
https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/
Broadcom Vulnerablities to be Announced
https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets
Release Lag In National Vulnerablity Database
https://www.recordedfuture.com/vulnerability-disclosure-delay/
]]> 5:55 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5536 Cisco DCNM Vulnerabilities; Peoplesoft Default Accts; Camera Vulns; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Cisco DCNM Vulnerabilities; Peoplesoft Default Accts; Camera Vulns; https://traffic.libsyn.com/securitypodcast/5536.mp3 https://isc.sans.edu/podcastdetail/5536 Fri, 09 Jun 2017 01:25:03 GMT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2
Oracle Peoplesoft Default Accounts
https://erpscan.com/press-center/blog/peoplesoft-default-accounts/
FOSCAM Camera Default Passwords and Other Vulnerabilities
http://images.news.f-secure.com/Web/FSecure/%7B43df9e0d-20a8-404a-86d0-70dcca00b6e5%7D_vulnerabilities-in-foscam-IP-cameras_report.pdf
Android Malware With Code Injections
https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/
STI Student John Dittmer: Legal Implication of Vulnerablity Scans
https://www.sans.org/reading-room/whitepapers/legal/minimizing-legal-risk-cybersecurity-scanning-tools-37522
]]> 12:32 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5534 RevenueHits and Deceptive Ads; Instagram Covert Channel Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. RevenueHits and Deceptive Ads; Instagram Covert Channel https://traffic.libsyn.com/securitypodcast/5534.mp3 https://isc.sans.edu/podcastdetail/5534 Thu, 08 Jun 2017 00:35:02 GMT https://isc.sans.edu/forums/diary/Deceptive+Advertisements+What+they+do+and+where+they+come+from/22494/
Instagram as Covert Channel
https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/
Domain Shadowing Used in Rik Exploit Kit
https://blogs.rsa.com/shadowfall/
]]> 6:02 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5532 Finding XOR Keys Part 2; Instagram Not Using TLS; Printer Dots Lead to Arrest Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Finding XOR Keys Part 2; Instagram Not Using TLS; Printer Dots Lead to Arrest https://traffic.libsyn.com/securitypodcast/5532.mp3 https://isc.sans.edu/podcastdetail/5532 Tue, 06 Jun 2017 23:55:02 GMT https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+2/22490/
Instagram Stories Not Using TLS
https://vvyper.com/2017/05/22/instagram-stories-ssl/
Printer "Dots" May Have Lead to Arrest of NSA Contractor
http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html#.WTc9SMbMyRt
Exfiltrating Data via Blinking LED
https://arxiv.org/abs/1706.01140
]]> 5:28 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5530 Finding XOR Keys; Maping IMSI Catchers; TLD Hijacking Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Finding XOR Keys; Maping IMSI Catchers; TLD Hijacking https://traffic.libsyn.com/securitypodcast/5530.mp3 https://isc.sans.edu/podcastdetail/5530 Tue, 06 Jun 2017 00:35:03 GMT https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+1/22486/
Citywide IMSI Discovery
https://seaglass.cs.washington.edu
Hijacking Country Level Domains
https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html
]]> 7:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5528 Bitcoin Phishing; Powerpoint Mouseover; Pandemic; Mozillay moving from OCSP Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Bitcoin Phishing; Powerpoint Mouseover; Pandemic; Mozillay moving from OCSP https://traffic.libsyn.com/securitypodcast/5528.mp3 https://isc.sans.edu/podcastdetail/5528 Mon, 05 Jun 2017 00:25:03 GMT https://isc.sans.edu/forums/diary/Phishing+Campaigns+Follow+Trends/22482/
Mouseover May Trigger Powerpoint Macro
https://www.dodgethissecurity.com/2017/06/02/new-powerpoint-mouseover-based-downloader-analysis-results/
Vault 7 "Pandemic" Tool
https://wikileaks.org/vault7/document/Pandemic-1_1-S-NF/Pandemic-1_1-S-NF.pdf
Mozilla Considering Move Away From OCSP
https://bugzilla.mozilla.org/show_bug.cgi?id=1366100
Defending Web Application Security Minneapolis
https://www.sans.org/event/minneapolis-2017
Intrusion Detection in Depth Columbia MD
https://www.sans.org/event/columbia-2017/course/intrusion-detection-in-depth
]]> 7:34 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5526 Dangerous Invites; onelogin breach; Google AMP Phishing Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Dangerous Invites; onelogin breach; Google AMP Phishing https://traffic.libsyn.com/securitypodcast/5526.mp3 https://isc.sans.edu/podcastdetail/5526 Fri, 02 Jun 2017 00:05:02 GMT https://isc.sans.edu/forums/diary/Sharing+Private+Data+with+Webcast+Invitations/22478/
onelogin breach
https://www.onelogin.com/blog/may-31-2017-security-incident
Google AMP Phishing
https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/
STI Student Paper: Kevin Kelly Tesla Crypt
https://www.sans.org/reading-room/whitepapers/bestprac/indicators-compromise-teslacrypt-malware-37622
]]> 10:47 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5524 ACH Part 2; Wcry Craches Win XP; Jeep Dealer DB Used to Steal Cars Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. ACH Part 2; Wcry Craches Win XP; Jeep Dealer DB Used to Steal Cars https://traffic.libsyn.com/securitypodcast/5524.mp3 https://isc.sans.edu/podcastdetail/5524 Thu, 01 Jun 2017 01:40:03 GMT https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+WCry+and+Lazarus+ACH+part+2/22470/
Windows XP Not Stable Enough for WannaCry
https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html
Mexican Biker Gang Uses Jeep Database to Steal Car
https://regmedia.co.uk/2017/05/31/indictment5_30.pdf
Dangers of Public WAS Snapshots
https://www.nvteh.com/news/problems-with-public-ebs-snapshots
]]> 6:10 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5522 FreeRADIUS Vulnerability; MSFT Malware Protection Updates; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. FreeRADIUS Vulnerability; MSFT Malware Protection Updates; https://traffic.libsyn.com/securitypodcast/5522.mp3 https://isc.sans.edu/podcastdetail/5522 Wed, 31 May 2017 11:23:39 GMT https://isc.sans.edu/forums/diary/FreeRadius+Authentication+Bypass/22466/
Microsoft Malware Protection Engine Update
http://seclists.org/microsoft/2017/q2/8
Chrome UI Bug May Allow Unnoticed Recording
https://medium.com/@barzik/the-new-html5-video-audio-api-has-privacy-issues-on-desktop-chrome-5832c99c7659
AWS Auditing Tools
https://summitroute.com/blog/2017/05/30/free_tools_for_auditing_the_security_of_an_aws_account/
SANS Social Denver June 14th
https://pages.sans.org/denversocial
]]> 6:32 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5520 Microsoft $MFT DoS Exploit; SMTP Proxy/Split Tunnel Issues Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Microsoft $MFT DoS Exploit; SMTP Proxy/Split Tunnel Issues https://traffic.libsyn.com/securitypodcast/5520.mp3 https://isc.sans.edu/podcastdetail/5520 Tue, 30 May 2017 01:00:07 GMT https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+ACH+part+1/22460/
Microsoft Master File Table BSOD Exploit
http://www.theregister.co.uk/2017/05/29/microsoft_master_file_table_bug_exploited_to_bsod_windows_7_81/
SMTP Split Tunnel / Transparent Proxy Exploit
https://blog.securolytics.io/2017/05/split-tunnel-smtp-exploit-explained/
]]> 7:10 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5518 Samba Remote Code Exec; Pacemaker Vuln; Patching takes down AU Hospitals Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Samba Remote Code Exec; Pacemaker Vuln; Patching takes down AU Hospitals https://traffic.libsyn.com/securitypodcast/5518.mp3 https://isc.sans.edu/podcastdetail/5518 Thu, 25 May 2017 23:10:04 GMT https://isc.sans.edu/forums/diary/Critical+Vulnerability+in+Samba+from+350+onwards/22452/
Pacemaker Vulnerabilities
http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html
Patching May have Affected Access to Australian Health Systems
http://www.cairnspost.com.au/news/cairns-hospital-suffers-software-catastrophe-with-possible-loss-of-patient-data/news-story/c828de3f4a0f73132ec3d19284cbae88
]]> 13:32 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5516 Jaff Ransomware Makeover; OpenVPN Access Server Vuln; Credential Dump Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Jaff Ransomware Makeover; OpenVPN Access Server Vuln; Credential Dump https://traffic.libsyn.com/securitypodcast/5516.mp3 https://isc.sans.edu/podcastdetail/5516 Thu, 25 May 2017 00:00:09 GMT https://isc.sans.edu/forums/diary/Jaff+ransomware+gets+a+makeover/22446/
OpenVPN Access Server Vulnerability
http://seclists.org/oss-sec/2017/q2/332
Large Credential Dumps Used in Password Brute Forcing Attacks
http://info.digitalshadows.com/AccountTakeover-WhitePapersPage_Registration.html
]]> 6:04 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5514 Subtitle File Vulnerabilities; Iris Scanner Bypass Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Subtitle File Vulnerabilities; Iris Scanner Bypass https://traffic.libsyn.com/securitypodcast/5514.mp3 https://isc.sans.edu/podcastdetail/5514 Wed, 24 May 2017 00:25:03 GMT http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
Samsung Galaxy S8 Iris Scanner Bypass
https://www.ccc.de/en/updates/2017/iriden
Verizon XSS Flaw in Web Messaging Application
https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages
]]> 5:33 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5512 Uber TLS Phish; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Uber TLS Phish; https://traffic.libsyn.com/securitypodcast/5512.mp3 https://isc.sans.edu/podcastdetail/5512 Tue, 23 May 2017 01:00:05 GMT https://isc.sans.edu/forums/diary/Investigating+Sites+After+They+are+Gone+And+a+Case+of+Uber+Phishing+With+SSL/22440/
Let's Encrypt Outage
http://letsencrypt.status.io/pages/history/55957a99e800baa4470002da
https://community.letsencrypt.org/t/ocsp-and-issuance-outage-2017-05-19/34506
More ImageMagik Flaws
https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
]]> 6:45 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5510 Typosquatting (again); Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Typosquatting (again); https://traffic.libsyn.com/securitypodcast/5510.mp3 https://isc.sans.edu/podcastdetail/5510 Mon, 22 May 2017 00:20:03 GMT https://isc.sans.edu/forums/diary/Typosquatting+Awareness+and+Hunting/22436/
Netgear Collecting Analytics Data in Recent Update
https://kb.netgear.com/000038663/What-router-analytics-data-is-collected-and-how-is-the-data-being-used-by-NETGEAR
disable: https://kb.netgear.com/000038661/How-do-I-Enable-Disable-Router-Analytics-Data-Collection
WannaCry Updates
https://venturebeat.com/2017/05/19/ransomware-wannacry-causes-fewer-tears-than-feared/

LastPass Authenticator Cloud Backup
https://blog.lastpass.com/2017/05/announcing-cloud-backup-for-lastpass-authenticator-easier-multifactor-security-for-everyone.html/
]]> 5:21 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5508 Patch Rediscovery; WannaKey; CVE Bot Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Patch Rediscovery; WannaKey; CVE Bot https://traffic.libsyn.com/securitypodcast/5508.mp3 https://isc.sans.edu/podcastdetail/5508 Fri, 19 May 2017 02:25:03 GMT https://isc.sans.edu/forums/diary/My+Little+CVE+Bot/22432/
Probablility of Vulnerability Re-Discovery
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758
Wannakey May Recover WannaCry Keys
https://github.com/aguinet/wannakey
Finding Bad With Splunk
https://www.sans.org/reading-room/whitepapers/critical/finding-bad-splunk-3748
]]> 13:08 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5506 NIST Password Guidance; Exploiting PeopleSoft XXE; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. NIST Password Guidance; Exploiting PeopleSoft XXE; https://traffic.libsyn.com/securitypodcast/5506.mp3 https://isc.sans.edu/podcastdetail/5506 Thu, 18 May 2017 04:05:03 GMT https://panic.com/blog/stolen-source-code/
NIST Password Guidance Update
https://isc.sans.edu/forums/diary/Wait+What+We+dont+have+to+change+passwords+every+90+days/22428/
Exploiting XXE Vulnerabilities in Peoplesoft
https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce
]]> 5:26 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5504 DocuSign Spam; HP Updates Audio Driver; Chrome Credential Stealing Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. DocuSign Spam; HP Updates Audio Driver; Chrome Credential Stealing https://traffic.libsyn.com/securitypodcast/5504.mp3 https://isc.sans.edu/podcastdetail/5504 Wed, 17 May 2017 03:10:03 GMT https://trust.docusign.com/en-us/personal-safeguards/
HP Updates Audio Drivers (twice) to Remove Keylogger
https://support.hp.com/us-en/document/c05519670
Chrome File Download Behaviour Can Lead to SMB Credential Theft
http://defensecode.com/news_article.php?id=21
]]> 5:34 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5502 Apple Updates Everything; OpenVPN Audit; Car Insurance Privacy Issues Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Apple Updates Everything; OpenVPN Audit; Car Insurance Privacy Issues https://traffic.libsyn.com/securitypodcast/5502.mp3 https://isc.sans.edu/podcastdetail/5502 Tue, 16 May 2017 03:10:03 GMT https://support.apple.com/en-us/HT201222
OpenVPN Audit Results
https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-evaluation-summary-report/
Italian Car Insurance Leaks User Driving Data
https://www.andreascarpino.it/posts/how-my-car-insurance-exposed-my-position.html
]]> 6:54 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5500 WannaCry/WannaCrypt Malware Spreading Rapidly #WannaCry #WannaCrypt Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. WannaCry/WannaCrypt Malware Spreading Rapidly #WannaCry #WannaCrypt https://traffic.libsyn.com/securitypodcast/5500.mp3 https://isc.sans.edu/podcastdetail/5500 Mon, 15 May 2017 03:00:11 GMT Latest updates see https://isc.sans.edu
Webcast: https://www.sans.org/webcasts/special-webcast-wannacry-ransomeware-threat-105160
PowerPoint: https://isc.sans.edu/presentations/WannaCry.ppt

]]> 7:11 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5498 Conexant Audio Drivers Log Keystrokes; Encase Vulnerabilty Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Conexant Audio Drivers Log Keystrokes; Encase Vulnerabilty https://traffic.libsyn.com/securitypodcast/5498.mp3 https://isc.sans.edu/podcastdetail/5498 Fri, 12 May 2017 03:20:02 GMT https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
Rig Exploit Kit Used to Send Ramnit Trojan
https://isc.sans.edu/forums/diary/Seamless+Campaign+using+Rig+Exploit+Kit+to+send+Ramnit+Trojan/22404/
Encase Forensic Imager Exploit
http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html
]]> 13:20 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5496 Review OAUTH Permissions; OS X EFI Monitor; MS Edge SOP Bypass Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Review OAUTH Permissions; OS X EFI Monitor; MS Edge SOP Bypass https://traffic.libsyn.com/securitypodcast/5496.mp3 https://isc.sans.edu/podcastdetail/5496 Thu, 11 May 2017 08:00:04 GMT https://isc.sans.edu/forums/diary/OAuth+and+Its+High+Time+for+Some+Personal+SecurityScaping+Today/22400/
Apple Working on Firmware Integrity Check
http://apple.stackexchange.com/questions/282028/pop-up-firmware-changes-detected-randomly-appear
Panda Mobile Anti Malware Releases Patch for Evilgrade Bug
https://www.contextis.com/resources/blog/exploiting-vulnerable-pandas/
ASUS RT Router Vulnerabilities
https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/
Microsoft Edge SOP Bypass
https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/
Linux Kernel Packet Socket Vulnerability Exploit
https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
]]> 8:42 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5494 MSFT Patch Tuesday; Cisco CMP-Telnet Patch; WolfSSL Vuln Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. MSFT Patch Tuesday; Cisco CMP-Telnet Patch; WolfSSL Vuln https://traffic.libsyn.com/securitypodcast/5494.mp3 https://isc.sans.edu/podcastdetail/5494 Tue, 09 May 2017 22:30:05 GMT https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+and+Adobe/22396/
Snake For Mac OS X Included in Handbrake
https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/
Cisco Patches CMP-Telnet Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
WolfSSL Library X.509 Certificate Text Parsing Code Execution Vulnerability
http://blog.talosintelligence.com/2017/05/wolfssl-x509-vuln.html
]]> 5:49 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5492 P2P Botnet Analysis; MSFT Malware Engine Patch; OS X Keychain Vuln (Patched) Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. P2P Botnet Analysis; MSFT Malware Engine Patch; OS X Keychain Vuln (Patched) https://traffic.libsyn.com/securitypodcast/5492.mp3 https://isc.sans.edu/podcastdetail/5492 Tue, 09 May 2017 03:15:03 GMT https://isc.sans.edu/forums/diary/Exploring+a+P2P+Transient+Botnet+From+Discovery+to+Enumeration/22392/
Video Conversion Application Handbrake Compromised
https://forum.handbrake.fr/viewtopic.php?f=33&t=36364
Emergency Update for Microsoft Malware Protection Engine
https://technet.microsoft.com/en-us/library/security/4022344
OS X Keychain OTR Vulnerability
https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605
]]> 6:35 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5490 Intel AMT Bug Details Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Intel AMT Bug Details https://traffic.libsyn.com/securitypodcast/5490.mp3 https://isc.sans.edu/podcastdetail/5490 Sun, 07 May 2017 23:40:03 GMT http://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
Android Apps Use Ultrasound Beacons To Track Users
http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf
HTTP Headers... the Achilles' Heel of Many Applications
https://isc.sans.edu/forums/diary/HTTP+Headers+the+Achilles+heel+of+many+applications/22382/
]]> 6:05 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5488 Google OAUTH Spam Wrapup; Master Fingerprint Set Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Google OAUTH Spam Wrapup; Master Fingerprint Set https://traffic.libsyn.com/securitypodcast/5488.mp3 https://isc.sans.edu/podcastdetail/5488 Fri, 05 May 2017 00:50:02 GMT https://threatpost.com/1-million-gmail-users-impacted-by-google-docs-phishing-attack/125436/
Artificial Master Fingerprint Set
https://wp.nyu.edu/memon/the-master-print/
rpcbind denial of service
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
Debian Discontinue FTP Support for Downloads
https://www.debian.org/News/2017/20170425
]]> 5:11 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5486 Google Docs OAUTH Phish; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Google Docs OAUTH Phish; https://traffic.libsyn.com/securitypodcast/5486.mp3 https://isc.sans.edu/podcastdetail/5486 Wed, 03 May 2017 22:10:03 GMT https://isc.sans.edu/forums/diary/OAUTH+phishing+against+Google+Docs+beware/22372/
Review Google App Permissions https://myaccount.google.com/u/0/permissions?pli=1
SS7 Exploits Documented in Banking Attacks
http://www.sueddeutsche.de/digital/it-sicherheit-schwachstelle-im-mobilfunknetz-kriminelle-hacker-raeumen-konten-leer-1.3486504
http://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/
]]> 8:26 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5484 Scans for Intel Vuln; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Scans for Intel Vuln; https://traffic.libsyn.com/securitypodcast/5484.mp3 https://isc.sans.edu/podcastdetail/5484 Tue, 02 May 2017 23:25:03 GMT https://isc.sans.edu/port.html?port=16992
https://isc.sans.edu/port.html?port=16993
Outlook Forms Can Run Macros
https://sensepost.com/blog/2017/outlook-forms-and-shells/
Jenkins Vulnerability
https://jenkins.io/security/advisory/2017-04-26/
Google Android May Patchday
https://source.android.com/security/bulletin/2017-05-01
IBM Storwize USB Stick Malware
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E
]]> 5:25 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5482 Critical Intel AMT/ISM/SBT Vulnerablity; chkrootkit local root exploit Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Critical Intel AMT/ISM/SBT Vulnerablity; chkrootkit local root exploit https://traffic.libsyn.com/securitypodcast/5482.mp3 https://isc.sans.edu/podcastdetail/5482 Tue, 02 May 2017 00:59:10 GMT https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/

Local Root Exploit in chkrootkit
https://lepetithacker.wordpress.com/2017/04/30/local-root-exploit-in-chkrootkit/
Escape Sequence Exploits in Various Linux Terminals
http://www.openwall.com/lists/oss-security/2017/05/01/13
]]> 5:54 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5480 Simple Obfuscation Bypasses AV; OS X Proxy Malware; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Simple Obfuscation Bypasses AV; OS X Proxy Malware; https://traffic.libsyn.com/securitypodcast/5480.mp3 https://isc.sans.edu/podcastdetail/5480 Mon, 01 May 2017 01:50:03 GMT https://isc.sans.edu/forums/diary/Another+Day+Another+Obfuscation+Technique/22354/
OS X Malware Adds Proxy To Intercept HTTPS
http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/
OVH Vulnerability Put Servers at Risk
https://jrwr.io/doku.php?id=blog:ovh_vrack_security_issue
]]> 5:50 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5478 BGP Attack against VISA; Antminer DoS Vuln; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. BGP Attack against VISA; Antminer DoS Vuln; https://traffic.libsyn.com/securitypodcast/5478.mp3 https://isc.sans.edu/podcastdetail/5478 Fri, 28 Apr 2017 01:20:02 GMT https://isc.sans.edu/forums/diary/BGP+Hijacking+The+Internet+is+StillAgain+Broken/22350/
Antminer "Checking" DoS Vulnerability
http://www.antbleed.com
Symantec Offers Audits To Stave Off Google's CA Blacklisting
https://www.symantec.com/connect/blogs/symantec-ca-proposal
NoMX Security E-Mail Appliance Pentest
https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/
vendor response: www.nomx.com
SANS Defending Web Applications
https://www.sans.org/dev522]]> 6:17 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, Cyber, Infosec, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5476 Bots Disrupt More ISPs; Samsung TV Exploit; Coldfusion Update; SNMP Auth bypass Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Bots Disrupt More ISPs; Samsung TV Exploit; Coldfusion Update; SNMP Auth bypass https://traffic.libsyn.com/securitypodcast/5476.mp3 https://isc.sans.edu/podcastdetail/5476 Thu, 27 Apr 2017 01:50:02 GMT https://www.bleepingcomputer.com/news/security/us-isp-goes-down-as-two-malware-families-go-to-war-over-its-modems/
Samsung Smart TV Wi-Fi Direct Exploit
http://seclists.org/fulldisclosure/2017/Apr/101
Adobe Publishes ColdFusion Update
https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html
SNMP Misconfiguration Eliminates Community String Validation
https://stringbleed.github.io/#
]]> 5:35 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5474 What are CAA Records? Hyndai Car Hacking. Display Software Vulnerabilities Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. What are CAA Records? Hyndai Car Hacking. Display Software Vulnerabilities https://traffic.libsyn.com/securitypodcast/5474.mp3 https://isc.sans.edu/podcastdetail/5474 Wed, 26 Apr 2017 00:30:03 GMT https://isc.sans.edu/forums/diary/CAA+Records+and+Certificate+Issuance/22342/
Hyundai Blue Link Infomration Disclosure
https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed
HP, Philips, Fujitsu Display Software Privilege Escalation
http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html
]]> 5:53 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5472 Android SOCKS Proxy Malware; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Android SOCKS Proxy Malware; https://traffic.libsyn.com/securitypodcast/5472.mp3 https://isc.sans.edu/podcastdetail/5472 Tue, 25 Apr 2017 01:40:02 GMT http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/
Remote Code Execution Flaw in Squirrelmail
http://seclists.org/fulldisclosure/2017/Apr/81
Atlassian Confluence Update
https://confluence.atlassian.com/doc/confluence-security-advisory-2017-04-19-887071137.html
TCP Proxy Over Named Pipes / SMB
https://github.com/dxflatline/flatpipes
]]> 5:09 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5470 Port 81; CVE-2017-0199 HTA Exploit Analysis; NVidia installs Node.js Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Port 81; CVE-2017-0199 HTA Exploit Analysis; NVidia installs Node.js https://traffic.libsyn.com/securitypodcast/5470.mp3 https://isc.sans.edu/podcastdetail/5470 Mon, 24 Apr 2017 02:05:02 GMT https://isc.sans.edu/forums/diary/WTF+tcp+port+81/22332/
Analyzing a Document and Malware Trying to Exploit CVE-2017-0199 (HTA)
https://isc.sans.edu/forums/diary/Malicious+Documents+A+Bit+Of+News/22334/
DOUBLEPULSAR Detected on Tens of Thousands of Systems
http://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/
NVidia Includes Node.js Server With Drivers
http://blog.sec-consult.com/2017/04/application-whitelisting-application.html
Android SMSVova Spyware Survives in Google Play Store for 3 Years
https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store
]]> 5:22 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5468 #DNS Covert Channels; Ambient Light Sensors; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #DNS Covert Channels; Ambient Light Sensors; https://traffic.libsyn.com/securitypodcast/5468.mp3 https://isc.sans.edu/podcastdetail/5468 Thu, 20 Apr 2017 23:45:03 GMT https://isc.sans.edu/forums/diary/DNS+Query+Length+Because+Size+Does+Matter/22326/
Ambient Light Sensors May Become Accessible Via JavaScript
https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
BIND Name Server Update
https://kb.isc.org/article/AA-01491
Entropy As A Service
https://www.getnetrandom.com
Webcast: NoSQL Doesn't Make You NoVulnerable
https://www.sans.org/webcasts/nosql-doesnt-novulnerable-104897
]]> 5:56 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5466 More About #Excel Macros; Bose SpyPhones; Own/NextCloud Buggy Bugreports Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. More About #Excel Macros; Bose SpyPhones; Own/NextCloud Buggy Bugreports https://traffic.libsyn.com/securitypodcast/5466.mp3 https://isc.sans.edu/podcastdetail/5466 Thu, 20 Apr 2017 00:40:02 GMT https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Excel+Sheets/22322/
Bose May Be Spying on Listeners
https://www.scribd.com/document/345620278/Bose-Privacy-Complaint
Microsoft No-Password Sign In
https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-password-phone-sign-in-for-microsoft-accounts/
Owncloud/Nextcloud Bug Reports Include Passwords
https://blog.hboeck.de/archives/885-Passwords-in-the-Bug-Reports-OwncloudNextcloud.html
Fuzzing Used to Find a Tcpdump Vulnerability
https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/
DNS Homograph Detection
https://github.com/dutchcoders/homographs
For Friday's (and other upcoming webcasts), see
https://www.sans.org/webcasts
]]> 5:40 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5464 #CVE-2017-0199 Details; Old Windows Versions vs. New CPUs; #Forensics and Win10 Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #CVE-2017-0199 Details; Old Windows Versions vs. New CPUs; #Forensics and Win10 https://traffic.libsyn.com/securitypodcast/5464.mp3 https://isc.sans.edu/podcastdetail/5464 Wed, 19 Apr 2017 01:10:02 GMT https://rewtin.blogspot.com.au/2017/04/cve-2017-0199-practical-exploitation-poc.html

User Provided Patch To Help Update Old Operating Systems on New CPU
https://github.com/zeffy/kb4012218-19
Forensics Tools and Issues With Windows 10 Compact OS
https://www.heise.de/security/artikel/Forensik-Tools-patzen-bei-neuer-Windows-Kompression-3676075.html
]]> 5:54 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5462 Detecting IDN Phishing; Old Linux Kernel Bug Surfaces; Edge Leaks Info Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Detecting IDN Phishing; Old Linux Kernel Bug Surfaces; Edge Leaks Info https://traffic.libsyn.com/securitypodcast/5462.mp3 https://isc.sans.edu/podcastdetail/5462 Tue, 18 Apr 2017 00:15:04 GMT https://isc.sans.edu/forums/diary/Tool+to+Detect+Active+Phishing+Attacks+Using+Unicode+LookAlike+Domains/22310/
Old Linux Kernel Bug Allows for Remote Code Execution via UDP
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191
Microsoft Edge JavaScript "fetch" Function Can Be Used to Leak User Data
http://mov.sx/2017/04/16/microsoft-edge-leaks-url.html
]]> 7:08 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5460 What you need to know: Eternalblue and Doublepulsar in 5min Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. What you need to know: Eternalblue and Doublepulsar in 5min https://traffic.libsyn.com/securitypodcast/5460.mp3 https://isc.sans.edu/podcastdetail/5460 Mon, 17 Apr 2017 00:25:02 GMT https://isc.sans.edu/forums/diary/Detecting+SMB+Covert+Channel+Double+Pulsar/22312/
ETERNALBLUE: Windows SMBv1 Exploit
https://isc.sans.edu/forums/diary/ETERNALBLUE+Windows+SMBv1+Exploit+Patched/22304/
]]> 5:35 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5458 Filter Packets By Process; C-LDAP DDoS; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Filter Packets By Process; C-LDAP DDoS; https://traffic.libsyn.com/securitypodcast/5458.mp3 https://isc.sans.edu/podcastdetail/5458 Fri, 14 Apr 2017 01:30:03 GMT https://isc.sans.edu/forums/diary/Packet+Captures+Filtered+by+Process/22296/
C-LDAP Used to Amplify DDoS Attack
https://isc.sans.edu/forums/diary/Akamai+reports+UDP+DDOS+Using+CLDAP+reaching+24Gbps/22300/
Juniper Updates
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
SAP Patches Code Injection in TREX
https://erpscan.com/press-center/press-release/critical-vulnerability-affects-sap-hana-dozen-sap-applications/
More Details About Dallas Siren Hack
https://duo.com/blog/the-dallas-county-siren-hack
]]> 5:42 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5456 MOLE Ransomware; Netflix Traffic Analysis; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. MOLE Ransomware; Netflix Traffic Analysis; https://traffic.libsyn.com/securitypodcast/5456.mp3 https://isc.sans.edu/podcastdetail/5456 Thu, 13 Apr 2017 02:05:02 GMT https://isc.sans.edu/forums/diary/Malspam+on+20170411+pushes+yet+another+ransomware+variant/22290/
Identifying HTTPS-Protected Netflix Videos in Real-Time
https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf
SMS Messages Used to Control Oven
https://www.pentestpartners.com/blog/iot-Aga-cast-iron-security-flaw/
Android Hardening TLS Use
https://android-developers.googleblog.com/2017/04/android-o-to-drop-insecure-tls-version.html
]]> 5:52 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5454 #MSFT/#Adobe Patch Tuesday Unhinged; Solaris 0-Day; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #MSFT/#Adobe Patch Tuesday Unhinged; Solaris 0-Day; https://traffic.libsyn.com/securitypodcast/5454.mp3 https://isc.sans.edu/podcastdetail/5454 Wed, 12 Apr 2017 01:25:02 GMT https://isc.sans.edu/forums/diary/April+2017+Microsoft+Patch+Tuesday/22288/
Solaris 0-Day
https://twitter.com/hackerfantastic/status/851555538597011460
OWASP Top 10 Update
https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf
]]> 05:00:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5452 TPLink Modem SMS Vulnerability; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. TPLink Modem SMS Vulnerability; https://traffic.libsyn.com/securitypodcast/5452.mp3 https://isc.sans.edu/podcastdetail/5452 Tue, 11 Apr 2017 02:40:03 GMT http://www.theregister.co.uk/2017/04/10/tplink_3gwifi_modem_spills_credentials_to_an_evil_text_message/
Fake Google Map Weblinks
https://www.bleepingcomputer.com/news/google/thousands-of-fake-google-maps-listings-redirect-users-to-fraudulent-sites-each-month/
Apple Fixes Apple Music For Android
http://seclists.org/bugtraq/2017/Apr/26
Dalles Sirens Hacked via Wireless Attacks
http://www.theregister.co.uk/2017/04/10/hackers_set_off_dallas_emergency_siren_system/
NATO Discovers (finally?) that IPv6 Can be Used As a Covert Channel
https://t.co/FvSSwhtUH7
]]> 05:00:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5450 Alexa/Umbrella Whitelisting; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Alexa/Umbrella Whitelisting; https://traffic.libsyn.com/securitypodcast/5450.mp3 https://isc.sans.edu/podcastdetail/5450 Mon, 10 Apr 2017 01:25:02 GMT https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists/22270/
https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists+update/22274/
SANS Security West (San Diego)
https://www.sans.org/event/sans-security-west-2017
Dallas Tornado Sirens Hacked
https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/?utm_term=.ca706deea318
Shadowbroker Files
https://github.com/x0rz/EQGRP
Word Vulnerability
https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/
]]> 05:00:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5449 Antivirus Assisted Attacks; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Antivirus Assisted Attacks; https://traffic.libsyn.com/securitypodcast/5449.mp3 https://isc.sans.edu/podcastdetail/5449 Fri, 07 Apr 2017 02:20:02 GMT https://www.sec.cs.tu-bs.de/pubs/2017-asiaccs.pdf
Cisco Aironet Default Credentials
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
Intercepting Two-Factor Authentication
https://breakdev.org/evilginx-advanced-phishing-with-two-factor-authentication-bypass/
QNAP NAS Vulnerabilities
https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt
]]> 5:40 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5447 Attackers Chasing Whitelists; Struts2 Vuln Installing Cerber Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Attackers Chasing Whitelists; Struts2 Vuln Installing Cerber https://traffic.libsyn.com/securitypodcast/5447.mp3 https://isc.sans.edu/podcastdetail/5447 Thu, 06 Apr 2017 03:40:02 GMT https://isc.sans.edu/forums/diary/Whitelists+The+Holy+Grail+of+Attackers/22262/
Java Struts2 Vulnerability Used To Install Ransomware
https://isc.sans.edu/forums/diary/Java+Struts2+Vulnerability+Used+To+Install+Cerber+Crypto+Ransomware/22264/
Brazilian Bank Looses Control Over Domains
https://threatpost.com/lessons-from-top-to-bottom-compromise-of-brazilian-bank/124770/
Google Android April Patch Day
https://source.android.com/security/bulletin/2017-04-01#security-vulnerability-summary
Radware Observes "BrickerBot" Destroying Devices
https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/
Struts2 Vulnerability Webcast
https://www.sans.org/webcasts/struts-shock-current-attacks-struts2-defend-104787
]]> 6:25 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5445 Exploiting Broadcom Wi-Fi; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Exploiting Broadcom Wi-Fi; https://traffic.libsyn.com/securitypodcast/5445.mp3 https://isc.sans.edu/podcastdetail/5445 Wed, 05 Apr 2017 02:35:02 GMT https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
Covert Channel Between Virtual Machines Via CPU Cache
https://cmaurice.fr/pdf/ndss17_maurice.pdf
40 Vulnerabilities in Samsung Tizen
https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities
]]> 5:59 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5443 #iOS Emergency Patch; ISO #SHA1 Collsisions; #Skype Malvertising Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #iOS Emergency Patch; ISO #SHA1 Collsisions; #Skype Malvertising https://traffic.libsyn.com/securitypodcast/5443.mp3 https://isc.sans.edu/podcastdetail/5443 Tue, 04 Apr 2017 02:15:02 GMT https://support.apple.com/en-us/HT207688
Practical Use of SHA1 Collisions: ISO Images
https://isc.sans.edu/forums/diary/A+Practical+Use+for+a+SHA1+Collision/22257/
Microsoft Defender False Positive
https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FBluber.A
Cracking Weak Session Secrets
https://martinfowler.com/articles/session-secret.html
Skype Malvertising Advertises Fake Flash Players
https://www.bleepingcomputer.com/news/security/skype-malvertising-campaign-pushes-fake-flash-player/
]]> 5:34 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5441 More LastPass Patches; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. More LastPass Patches; https://traffic.libsyn.com/securitypodcast/5441.mp3 https://isc.sans.edu/podcastdetail/5441 Mon, 03 Apr 2017 02:20:01 GMT https://bugs.chromium.org/p/project-zero/issues/detail?id=1225&desc=6
Attacking KeePass
https://www.slideshare.net/harmj0y/a-case-study-in-attacking-keepass
https://github.com/HarmJ0y/KeeThief
Bypassing Cylance
http://www.blackhillsinfosec.com/?p=5792
Mimi Penguin: Extracting Credentials From Memory on Linux Tools
https://github.com/huntergregal/mimipenguin
Windows 2003 / IIS 6 Exploit
https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html
https://github.com/rapid7/metasploit-framework/pull/8162
]]> 5:59 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5439 PowerShell EncodedCommand; GitHub Developers Targeted Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. PowerShell EncodedCommand; GitHub Developers Targeted https://traffic.libsyn.com/securitypodcast/5439.mp3 https://isc.sans.edu/podcastdetail/5439 Fri, 31 Mar 2017 02:40:02 GMT https://isc.sans.edu/forums/diary/Diverting+builtin+features+for+the+bad/22250/
Fake Job Offers to GitHub Developers Include Malware
http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/
Drones With Lasers!
https://arxiv.org/pdf/1703.07751.pdf
]]> 5:41 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5437 Better Phishing E-Mails; Crusader Adware; VMWare Patch Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Better Phishing E-Mails; Crusader Adware; VMWare Patch https://traffic.libsyn.com/securitypodcast/5437.mp3 https://isc.sans.edu/podcastdetail/5437 Thu, 30 Mar 2017 02:00:02 GMT https://isc.sans.edu/forums/diary/Logical+Physical+Security+Correlation/22243/
Recent Mirai DDoS Attacks
https://www.incapsula.com/blog/new-mirai-variant-ddos-us-college.html
Crusader Injects Fake Support Phone Numbers into Websites
https://www.bleepingcomputer.com/news/security/adware-replaces-phone-numbers-for-security-firms-returned-in-search-results/
VMWare Closes Pwn2Own Guest Escape Vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2017-0006.html
Apple iCloud for Windows Update
https://support.apple.com/de-de/HT207607
]]> 5:08 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5435 New Struts2 Exploit for Recent Vulnerability; Symantec CA SSL Checker Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. New Struts2 Exploit for Recent Vulnerability; Symantec CA SSL Checker https://traffic.libsyn.com/securitypodcast/5435.mp3 https://isc.sans.edu/podcastdetail/5435 Wed, 29 Mar 2017 02:00:02 GMT https://blog.gdssecurity.com/labs/2017/3/27/an-analysis-of-cve-2017-5638.html
PoC Exploit for iBook ePub Javascript Vulnerability
https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html
Microsoft Docs.com Leak
https://twitter.com/gossithedog/status/845446263244050434
Symantec SSL CA tool
https://www.renditioninfosec.com/socapps/sslcheck/index.php
]]> 5:29 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5433 Apple Updates Everything (Again); IIS6/Win2013 WebDav Exploit; Symantec SSL Update Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Apple Updates Everything (Again); IIS6/Win2013 WebDav Exploit; Symantec SSL Update https://traffic.libsyn.com/securitypodcast/5433.mp3 https://isc.sans.edu/podcastdetail/5433 Tue, 28 Mar 2017 01:50:02 GMT https://support.apple.com/en-us/HT201222
IIS 6 / Windows Server 2003 Exploit
https://github.com/edwardz246003/IIS_exploit/blob/master/exploit.py
Symantec SSL Update
https://www.symantec.com/connect/blogs/message-our-ca-customers
]]> 6:46 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5431 #Symantec vs. #Google SSL; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Symantec vs. #Google SSL; https://traffic.libsyn.com/securitypodcast/5431.mp3 https://isc.sans.edu/podcastdetail/5431 Mon, 27 Mar 2017 02:35:02 GMT https://www.symantec.com/connect/blogs/symantec-backs-its-ca
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs
https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/symantec/README.md
Spoofing Referrer in Microsoft Edge
https://www.brokenbrowser.com/referer-spoofing-patch-bypass/
Smart TV Compromise Via Broadcast Signals
https://www.youtube.com/watch?v=bOJ_8QHX6OA
Defending Web Applications Class
https://www.sans.org/event/sans-security-west-2017/course/defending-web-applications-security-essentials
]]> 6:33 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5429 Fake BTS Used to Spread Malware; Another Lastpass Update Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Fake BTS Used to Spread Malware; Another Lastpass Update https://traffic.libsyn.com/securitypodcast/5429.mp3 https://isc.sans.edu/podcastdetail/5429 Fri, 24 Mar 2017 03:25:02 GMT http://blog.checkpoint.com/2017/03/21/swearing-trojan-continues-rage-even-authors-arrest/
Lastpass Updates ClickJacking Exploit (Again)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1188&desc=2
Application Verifier "Bug"
https://github.com/ionescu007/HookingNirvana/blob/master/Esoteric%20Hooks.pdf
]]> 6:35 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5427 #iPhone Threats; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #iPhone Threats; https://traffic.libsyn.com/securitypodcast/5427.mp3 https://isc.sans.edu/podcastdetail/5427 Thu, 23 Mar 2017 02:55:01 GMT https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom?utm_source=vicefbus
Siemens Control Systems Affected by Fake Firmware
https://dragos.com/blog/mimics/
GitHub Used for C&C
http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/
Adium IM Vulnerable to Older libpurple Issue
http://seclists.org/fulldisclosure/2017/Mar/57
]]> 5:59 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5425 Password Encrypted Word File; Patch LastPass! NestCam DoS Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Password Encrypted Word File; Patch LastPass! NestCam DoS https://traffic.libsyn.com/securitypodcast/5425.mp3 https://isc.sans.edu/podcastdetail/5425 Wed, 22 Mar 2017 02:25:02 GMT https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+documents/22203/
Critical LastPass Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1209
Nest Camera Bluetooth Vulnerability
https://github.com/jasondoyle/Google-Nest-Cam-Bug-Disclosures/blob/master/README.md
]]> 5:27 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5423 #Cisco CMP (Telnet!) RCE; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Cisco CMP (Telnet!) RCE; https://traffic.libsyn.com/securitypodcast/5423.mp3 https://isc.sans.edu/podcastdetail/5423 Tue, 21 Mar 2017 02:50:02 GMT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
Pwn2Own Contest Leads to Exploits Against All Browsers (and VM!)
https://www.zerodayinitiative.com/blog/2017/3/17/the-results-pwn2own-2017-day-three
Git Moving Away From SHA1 (likely to SHA3)
https://news.ycombinator.com/item?id=13906804
Proxy Security
https://isc.sans.edu/forums/diary/What+is+really+being+proxied/22165/
https://www.us-cert.gov/ncas/alerts/TA17-075A
]]> 6:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5421 Multistage Downloader; Attacks Against ZRTP; MySQL-UNSHA1 Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Multistage Downloader; Attacks Against ZRTP; MySQL-UNSHA1 https://traffic.libsyn.com/securitypodcast/5421.mp3 https://isc.sans.edu/podcastdetail/5421 Mon, 20 Mar 2017 02:10:02 GMT https://isc.sans.edu/forums/diary/Example+of+Multiple+Stages+Dropper/22197/
Real-World Wiretaping Attacks Against ZRTP
https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf
Authenticating Against MySQL Server Using a Hashed Password
https://github.com/cyrus-and/mysql-unsha1
]]> 5:50 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5419 #Ubiquity Flaw; #MACOS RAT Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Ubiquity Flaw; #MACOS RAT https://traffic.libsyn.com/securitypodcast/5419.mp3 https://isc.sans.edu/podcastdetail/5419 Fri, 17 Mar 2017 03:05:02 GMT https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170316-0_Ubiquiti_Networks_authenticated_command_injection_v10.txt
Proton Mac OS RAT
https://www.cybersixgill.com/proton-a-new-mac-os-rat/
Linux Kernel n_hdlc Privilege Escalation
http://seclists.org/oss-sec/2017/q1/569
VMWare Copy/Paste Exploit Fixed
https://www.vmware.com/security/advisories/VMSA-2017-0005.html
]]> 6:04 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5417 thecounter twitter hack; Telegram/WhatsApp Vulnerability Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. thecounter twitter hack; Telegram/WhatsApp Vulnerability https://traffic.libsyn.com/securitypodcast/5417.mp3 https://isc.sans.edu/podcastdetail/5417 Thu, 16 Mar 2017 03:05:02 GMT https://twitter.com/thecounter
Telegram and WhatsApp Image Vulnerability
http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/
RSA Panel Webcast
https://cc.readytalk.com/registration/#/?meeting=6oowksc223hm&campaign=ijmt1z8qsc1q
]]> 6:31 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5415 Microsoft's Double Patch Tuesday Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Microsoft's Double Patch Tuesday https://traffic.libsyn.com/securitypodcast/5415.mp3 https://isc.sans.edu/podcastdetail/5415 Wed, 15 Mar 2017 03:00:01 GMT https://isc.sans.edu/forums/diary/February+and+March+Microsoft+Patch+Tuesday/22185/
]]> 5:54 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5413 #SHA3 Sigs; Webkit Attack Against Switch; Outdated JS Libs Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #SHA3 Sigs; Webkit Attack Against Switch; Outdated JS Libs https://traffic.libsyn.com/securitypodcast/5413.mp3 https://isc.sans.edu/podcastdetail/5413 Tue, 14 Mar 2017 01:10:02 GMT https://isc.sans.edu/forums/diary/New+tool+sigspy/22181/
Canada Revenue Agency Website Attacked / Down over Struts2
http://www.cbc.ca/news/politics/cra-internet-vulnerability-government-1.4022591
Webkit Exploit Adobted to Nintendo Switch
https://www.youtube.com/watch?v=xkdPjbaLngE
Analysis of Outdated Javascript Libraries on the Web
http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf
Github Enterprise SAML Authentication Bypass
http://www.economyofmechanism.com/github-saml
]]> 5:42 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5411 #GeoLocation Trouble; Mobile PIN Heat Signature; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #GeoLocation Trouble; Mobile PIN Heat Signature; https://traffic.libsyn.com/securitypodcast/5411.mp3 https://isc.sans.edu/podcastdetail/5411 Mon, 13 Mar 2017 02:15:01 GMT https://isc.sans.edu/forums/diary/The+Side+Effect+of+GeoIP+Filters/22173/
Recovering Mobile Device PINs via Thermal Images
http://www.mkhamis.com/data/papers/abdelrahman2017chi.pdf
Unmasking Randomized MAC Addresses
https://arxiv.org/abs/1703.02874v1
Mobile Phone Supply Chain Attacks
http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/
]]> 6:36 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5409 #Struts2 Update; Drupal7 Services Module RCE; Haraka Xploit Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Struts2 Update; Drupal7 Services Module RCE; Haraka Xploit https://traffic.libsyn.com/securitypodcast/5409.mp3 https://isc.sans.edu/podcastdetail/5409 Fri, 10 Mar 2017 03:20:02 GMT https://isc.sans.edu/forums/diary/Critical+Apache+Struts+2+Vulnerability+Patch+Now/22169/
Exploits Against Haraka Mail Server
https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py

Android Password Stealing Apps
http://www.welivesecurity.com/2017/03/09/new-instagram-credentials-stealers-discovered-google-play/
Drupal Services Module Vulnerability and Exploit
https://www.ambionics.io/blog/drupal-services-module-rce
https://www.drupal.org/node/2858847
]]> 5:18 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5407 Nintendo Switch; Patch Struts! Dockerscan Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Nintendo Switch; Patch Struts! Dockerscan https://traffic.libsyn.com/securitypodcast/5407.mp3 https://isc.sans.edu/podcastdetail/5407 Thu, 09 Mar 2017 02:30:03 GMT https://twitter.com/qlutoo
https://www.youtube.com/watch?v=CwdDN1kA93Q&feature=youtu.be
Dockerscan
https://github.com/cr0hn/dockerscan
1 in 5 Websites still rely on SHA-1 Based Certificates
http://www.theregister.co.uk/2017/03/08/sha1_certificate_survey/
Not All Malware Samples Are Complex
https://isc.sans.edu/forums/diary/Not+All+Malware+Samples+Are+Complex/22163/
Struts Vulnerability Included in Metasploit
https://github.com/rapid7/metasploit-framework/issues/8064
https://cwiki.apache.org/confluence/display/WW/S2-045?from=groupmessage
]]> 5:37 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5405 #CIA Leak; #Shamoon now #Stonedrill; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #CIA Leak; #Shamoon now #Stonedrill; https://traffic.libsyn.com/securitypodcast/5405.mp3 https://isc.sans.edu/podcastdetail/5405 Wed, 08 Mar 2017 02:50:02 GMT https://wikileaks.com/ciav7p1/
From Shamoon To Stonedrill: Evolution of Wipers Attacking Saudi Organziations
https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf
WordPress Update
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
Reading Secret Keys From SGX Enclaves
https://arxiv.org/abs/1702.08719
]]> 6:41 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5403 #Typosquatting With Followup; #Apple to Fix iPhone #911 DDoS; Nextcloud Scan; Disconnect MyCloud Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Typosquatting With Followup; #Apple to Fix iPhone #911 DDoS; Nextcloud Scan; Disconnect MyCloud https://traffic.libsyn.com/securitypodcast/5403.mp3 https://isc.sans.edu/podcastdetail/5403 Tue, 07 Mar 2017 02:50:02 GMT https://isc.sans.edu/forums/diary/A+very+convincing+Typosquatting+Social+Engineering+campaign+is+targeting+Santander+corporate+customers+in+Brazil/22157/
Post Mortem on 911 DDoS Attack
https://www.wsj.com/articles/how-a-cyberattack-overwhelmed-the-911-system-1488554972
Nextcloud/Owncloud Scanner
https://scan.nextcloud.com
Western Digital MyCloud Vulnerability
https://blog.exploitee.rs/2017/hacking_wd_mycloud/
]]> 6:22 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5401 Malware Image Use Implicates Innocent Sites; Applying SHA1 Collisions to Bittorent Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Malware Image Use Implicates Innocent Sites; Applying SHA1 Collisions to Bittorent https://traffic.libsyn.com/securitypodcast/5401.mp3 https://isc.sans.edu/podcastdetail/5401 Mon, 06 Mar 2017 02:25:02 GMT https://isc.sans.edu/forums/diary/How+your+pictures+may+affect+your+website+reputation/22151/
De-Obuscating Padded Code
https://isc.sans.edu/forums/diary/Another+example+of+maldoc+string+obfuscation+with+extra+bonus+UAC+bypass/22153/
FoxIT PDF Reader Vulnerability
https://www.foxitsoftware.com/support/security-bulletins.php#content-2017
Applying SHA1 Shatter Attack To Bittorent
https://biterrant.io
Gargoyle Memory Scanning Evasion
https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html
Attacking Synergy Clients
https://www.n00py.io/2017/03/compromising-synergy-clients-with-a-rogue-synergy-server/
]]> 6:04 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5399 #BEC and #SPF; Infected Developers Publish Android Malware Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #BEC and #SPF; Infected Developers Publish Android Malware https://traffic.libsyn.com/securitypodcast/5399.mp3 https://isc.sans.edu/podcastdetail/5399 Fri, 03 Mar 2017 02:15:02 GMT https://isc.sans.edu/forums/diary/Phishing+for+Big+Money+Wire+Transfers+is+Still+Alive+and+Well+or+For+Want+of+Good+Punctuation+all+was+Lost/22141/
Android Developers Infected With Malware Publishing Malicious Apps
http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infected-malicious-iframes/
DBLTek GoIP Backdoor
https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/
Decrypting Findzip/Patcher Ransomware
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/
]]> 5:29 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5397 #LDAP and #STARTTLS; NextGen Gallery #SQLi; Breaking CAPTCHAS Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #LDAP and #STARTTLS; NextGen Gallery #SQLi; Breaking CAPTCHAS https://traffic.libsyn.com/securitypodcast/5397.mp3 https://isc.sans.edu/podcastdetail/5397 Thu, 02 Mar 2017 02:55:02 GMT https://isc.sans.edu/forums/diary/SSLTLS+on+port+389+Say+what/22135/
Wordpress NextGen Gallery Plugin SQL Injection Vulnerability
https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html
Password Manager Insecurities
https://team-sik.org/trent_portfolio/password-manager-apps/
Slack Insecure Cross Window Messaging
https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/
Google Voice Recognition Used to Break Google ReCaptcha Audio Challenge
https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/
]]> 6:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5395 #AWS IPv4 Resuse; #AWS #S3 Outage; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #AWS IPv4 Resuse; #AWS #S3 Outage; https://traffic.libsyn.com/securitypodcast/5395.mp3 https://isc.sans.edu/podcastdetail/5395 Wed, 01 Mar 2017 01:55:02 GMT https://isc.sans.edu/forums/diary/My+Catch+Of+4+Months+In+The+Amazon+IP+Address+Space/22129
Amazon S3 Outage
https://isc.sans.edu/forums/diary/Amazon+S3+Outage/22131/
CloudPets Leaks Recordings
https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/
ESET Antivirus Vulnerability Puts Macs at Risk
http://seclists.org/fulldisclosure/2017/Feb/68
Analysis of a Simple PHP Backdoor
https://isc.sans.edu/forums/diary/Analysis+of+a+Simple+PHP+Backdoor/22127/
]]> 5:23 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5393 TLS 1.3 Bluecoat Issue Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. TLS 1.3 Bluecoat Issue https://traffic.libsyn.com/securitypodcast/5393.mp3 https://isc.sans.edu/podcastdetail/5393 Tue, 28 Feb 2017 02:10:02 GMT https://bugs.chromium.org/p/chromium/issues/detail?id=694593
Windows 10 Will Implmenet "Gatekeeper" Like Technology
https://twitter.com/vitorgrs/status/835674417602637824
Google Releases E2EMail Chrome Plugin
https://security.googleblog.com/2017/02/e2email-research-project-has-left-nest_24.html
Decrypting SCOM "RunAs" Credentials
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/february/scomplicated-decrypting-scom-runas-credentials/
]]> 5:55 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5391 Cloudflare Data Leak; Dynamite Phishing Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Cloudflare Data Leak; Dynamite Phishing https://traffic.libsyn.com/securitypodcast/5391.mp3 https://isc.sans.edu/podcastdetail/5391 Mon, 27 Feb 2017 03:00:01 GMT https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
IE/Edge Denial of Service
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011#c2
"Dynamite Phishing"
https://isc.sans.edu/forums/diary/Dynamite+Phishing/22121/
Google Credentials Problems
https://productforums.google.com/forum/#!category-topic/gmail/LOt2x1_c3KM
]]> 5:17 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5389 #SHA1 Collisions Found; Mirai Botnet Arrest Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #SHA1 Collisions Found; Mirai Botnet Arrest https://traffic.libsyn.com/securitypodcast/5389.mp3 https://isc.sans.edu/podcastdetail/5389 Fri, 24 Feb 2017 02:40:02 GMT https://shattered.io/static/shattered.pdf
Arrest Made in Deutsche Telekom DSL Modem Attack
https://www.bleepingcomputer.com/news/security/uk-police-arrest-suspect-behind-mirai-malware-attacks-on-deutsche-telekom/
]]> 5:32 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5387 #Stethoscope for #MDM; #Firefox Fingerprinting; #JudasDNS Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Stethoscope for #MDM; #Firefox Fingerprinting; #JudasDNS https://traffic.libsyn.com/securitypodcast/5387.mp3 https://isc.sans.edu/podcastdetail/5387 Thu, 23 Feb 2017 03:15:02 GMT http://techblog.netflix.com/2017/02/introducing-netflix-stethoscope.html
Fingerprinting Firefox With Intermediate Certificates
https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/
JudasDNS Attack DNS Proxy
https://github.com/mandatoryprogrammer/JudasDNS
]]> 5:23 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5385 MSFT Releases Flash Patch; Off-Primise #Wifi; #Bugdrop Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. MSFT Releases Flash Patch; Off-Primise #Wifi; #Bugdrop https://traffic.libsyn.com/securitypodcast/5385.mp3 https://isc.sans.edu/podcastdetail/5385 Wed, 22 Feb 2017 03:10:02 GMT https://technet.microsoft.com/en-us/library/security/MS17-005
Investigating Off-Premise Wireless Behaviour
https://isc.sans.edu/forums/diary/Investigating+OffPremise+Wireless+Behaviour+or+I+Know+What+You+Connected+To/22089/
"Bugdrop" Steals Large Amount of Audio
https://cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/
]]> 5:02 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5383 FTP Relay Postfix Hardening; Car Hacking; Xen Disclosure Policy Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. FTP Relay Postfix Hardening; Car Hacking; Xen Disclosure Policy https://traffic.libsyn.com/securitypodcast/5383.mp3 https://isc.sans.edu/podcastdetail/5383 Tue, 21 Feb 2017 02:50:02 GMT https://isc.sans.edu/forums/diary/Hardening+Postfix+Against+FTP+Relay+Attacks/22086/
Kaspersky Examins Mobile Car Apps
https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/
Cars "Remember" Prior Owners
http://money.cnn.com/2017/02/17/technology/used-car-hack-safety-location/
Xen Project Reconsidering Vulnerability Disclosure Policy
https://blog.xenproject.org/2017/02/14/request-for-comment-scope-of-vulnerabilities-for-which-xsas-are-issued/
Stagefright Vulnerability had minimal affect on Android Security
https://www.rsaconference.com/speakers/adrian_ludwig
]]> 5:55 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5381 Backing up Router/Switch Config; #Windows #EMF #0Day Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Backing up Router/Switch Config; #Windows #EMF #0Day https://traffic.libsyn.com/securitypodcast/5381.mp3 https://isc.sans.edu/podcastdetail/5381 Mon, 20 Feb 2017 03:10:02 GMT https://isc.sans.edu/forums/diary/RTRBK+Router+Switch+Firewall+Backups+in+PowerShell+tool+drop/22079/
Windows EMF Imge 0-Day Memory Leak
https://bugs.chromium.org/p/project-zero/issues/detail?id=992
Brazillian Traffic Ticket Malspam
https://isc.sans.edu/forums/diary/Brazilian+malspam+sends+Autoitbased+malware/22081/
Using XXE To Send E-Mail
https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
]]> 5:27 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5379 #AVM Key Leak; #OpenSSL Update; MMU #ASLR Bypass Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #AVM Key Leak; #OpenSSL Update; MMU #ASLR Bypass https://traffic.libsyn.com/securitypodcast/5379.mp3 https://isc.sans.edu/podcastdetail/5379 Fri, 17 Feb 2017 06:35:02 GMT https://isc.sans.edu/forums/diary/AVM+Private+Key+Leak+Puts+Cable+Modems+Worldwide+At+Risk/22076/
OpenSSL Update
https://isc.sans.edu/forums/diary/OpenSSL+110e+Update+No+need+to+panic+openssl/22074/
Microsoft Update Delayed
https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/
ANC Attack ASLR Bypass
https://www.vusec.net/projects/anc/
]]> 7:09 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5377 #RSAC2017; Collecting WiFi Client History; XAgent; Conference Phone Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #RSAC2017; Collecting WiFi Client History; XAgent; Conference Phone https://traffic.libsyn.com/securitypodcast/5377.mp3 https://isc.sans.edu/podcastdetail/5377 Thu, 16 Feb 2017 05:20:02 GMT https://isc.sans.edu/forums/diary/How+was+your+stay+at+the+Hotel+La+Playa/22069
XAgent OS X Malware
https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/
Conference Phone Compromise
https://www.contextis.com//resources/blog/phwning-boardroom-hacking-android-conference-phone/
]]> 5:28 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5375 #NoPatchTuesday; #Adobe & #Websphere Patch; Operation Kingphish Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #NoPatchTuesday; #Adobe & #Websphere Patch; Operation Kingphish https://traffic.libsyn.com/securitypodcast/5375.mp3 https://isc.sans.edu/podcastdetail/5375 Wed, 15 Feb 2017 04:00:02 GMT https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/
Adobe Update For Flash
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
WebSephere Update
http://www-01.ibm.com/support/docview.wss?uid=swg21997743
Operation Kingphish
https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.965et86vk
Hacking Node-Serialize
http://blog.websecurify.com/2017/02/hacking-node-serialize.html
]]> 5:46 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5373 #Packettotal; Simple Static Malware Analyzer #SSMA Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Packettotal; Simple Static Malware Analyzer #SSMA https://traffic.libsyn.com/securitypodcast/5373.mp3 https://isc.sans.edu/podcastdetail/5373 Tue, 14 Feb 2017 02:50:02 GMT http://www.packettotal.com
What Not To Decrypt When Intercepting SSL
https://isc.sans.edu/forums/diary/Stuff+I+Learned+Decrypting/22059/
webcast: https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277
Simple Static Malware Analyzer
https://github.com/secrary/SSMA
Critical Firefox for Android Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/
Ubuntu ntfs-3g Privilege Escalation
https://bugs.chromium.org/p/project-zero/issues/detail?id=1072
Microsoft Patch Tuesday Changes
http://www.infoworld.com/article/3139922/microsoft-windows/microsoft-to-revamp-its-documentation-for-security-patches.html
]]> 5:28 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5371 #Samsung #KNOX Patch; #MongoDB Audit; Crypto in #PHP Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Samsung #KNOX Patch; #MongoDB Audit; Crypto in #PHP https://traffic.libsyn.com/securitypodcast/5371.mp3 https://isc.sans.edu/podcastdetail/5371 Mon, 13 Feb 2017 02:15:02 GMT https://googleprojectzero.blogspot.de/2017/02/lifting-hyper-visor-bypassing-samsungs.html
Auditing MongoDB Configurations
https://github.com/stampery/mongoaudit
Reversing Javascript
https://isc.sans.edu/forums/diary/Analysis+of+a+Suspicious+Piece+of+JavaScript/22056/
Wordpress REST API Flaw Widely Exploited
https://www.wordfence.com/blog/2017/02/rapid-growth-in-rest-api-defacements/
Cryptographically Secure PHP Development
https://paragonie.com/blog/2017/02/cryptographically-secure-php-development
DEV522 Web Application Security Essentials
https://www.sans.org/event/sans-2017/course/defending-web-applications-security-essentials
]]> 5:57 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5369 #Ticketbleed F5 #TLS Vulnerability; Malware Update; #iCloud Retaining Deleted Browser History Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Ticketbleed F5 #TLS Vulnerability; Malware Update; #iCloud Retaining Deleted Browser History https://traffic.libsyn.com/securitypodcast/5369.mp3 https://isc.sans.edu/podcastdetail/5369 Fri, 10 Feb 2017 02:10:02 GMT https://filippo.io/Ticketbleed/
CryptoShield Ransomware from Rig EK
https://isc.sans.edu/forums/diary/CryptoShield+Ransomware+from+Rig+EK/22047/
Hancitor/Pony Malspam
https://isc.sans.edu/forums/diary/HancitorPony+malspam/22053/
Apple Retaining Old Browser History Data
https://blog.elcomsoft.com/2017/02/elcomsoft-extracts-deleted-safari-browsing-history-from-icloud/#more-3769
Brute Forcing LUKS Passwords
https://0x00sec.org/t/breaking-encryption-hashed-passwords-luks-devices/811
]]> 6:15 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5367 Cloud Metadata URLs; #Intel Atom #C2000 Fiasko; #MacOS Word Macro Malware Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Cloud Metadata URLs; #Intel Atom #C2000 Fiasko; #MacOS Word Macro Malware https://traffic.libsyn.com/securitypodcast/5367.mp3 https://isc.sans.edu/podcastdetail/5367 Thu, 09 Feb 2017 02:45:02 GMT https://isc.sans.edu/forums/diary/Cloud+Metadata+Urls/22046/
Intel Atom C2000 Chip Failures
http://www.theregister.co.uk/2017/02/06/cisco_intel_decline_to_link_product_warning_to_faulty_chip/
More W-2 Scams, Now Combined With Wire Transfer Scams
https://nakedsecurity.sophos.com/2017/02/08/beware-the-latest-tax-season-spear-phishing-scam/
Macro Malware Coming to MacOS
https://objective-see.com/blog/blog_0x17.html
]]> 6:26 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5365 Emoji Passwords; iOS Apps and TLS; Web Bluetooth; Spoofing GMail Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Emoji Passwords; iOS Apps and TLS; Web Bluetooth; Spoofing GMail https://traffic.libsyn.com/securitypodcast/5365.mp3 https://isc.sans.edu/podcastdetail/5365 Wed, 08 Feb 2017 00:30:02 GMT https://isc.sans.edu/forums/diary/My+Password+is+taco+Using+Emojis+for+Stronger+Passwords/22042/
Popular iOS Applications Not Using TLS
https://medium.com/@chronic_9612/76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-2c9a2409dd1#.nv0mf6w4e
Web Bluetooth Security Model
https://medium.com/@jyasskin/the-web-bluetooth-security-model-666b4e7eed2#.kqtxdk70h
E-Mail Spoofing in GMail
https://www.linkedin.com/pulse/aware-sender-spoofing-amongst-gmail-users-renato-marinho
]]> 7:05 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5363 Defining "not malicious"; OpenBSD http server DoS; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Defining "not malicious"; OpenBSD http server DoS; https://traffic.libsyn.com/securitypodcast/5363.mp3 https://isc.sans.edu/podcastdetail/5363 Tue, 07 Feb 2017 03:50:01 GMT https://isc.sans.edu/forums/diary/Malicious+Or+Not+You+decide/22040/
OpenBSD Http Server DoS Vulnerability
https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html
Bypassing Tor Browser Via Windows DRM
https://www.myhackerhouse.com/windows_drm_vs_torbrowser/
Freedom Hosting II Compromise
https://www.scmagazineuk.com/major-dark-web-host-hacked-381000-sets-of-user-details-leaked-online/article/636259/
]]> 5:51 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5361 Malware on #Pastebin; McAfee ePO Patch #sqlinj ; #Whatsapp used to spread malware Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Malware on #Pastebin; McAfee ePO Patch #sqlinj ; #Whatsapp used to spread malware https://traffic.libsyn.com/securitypodcast/5361.mp3 https://isc.sans.edu/podcastdetail/5361 Mon, 06 Feb 2017 02:20:02 GMT https://isc.sans.edu/forums/diary/Many+Malware+Samples+Found+on+Pastebin/22036/
Cisco Recaling Meraki Access Points over Fatal Hardware Flaw
http://www.cisco.com/c/en/us/support/web/clock-signal.html
SQL Injection Vulnerability in McAfee e Policy Orchastrator
https://kc.mcafee.com/corporate/index?page=content&id=SB10187
Update from Microsoft on SMB 3 Vulnerability
https://threatpost.com/microsoft-waits-for-patch-tuesday-to-fix-smb-zero-day/123541/
Malicious Files Sent via Whatsapp to Target Indian Military
http://economictimes.indiatimes.com/news/defence/defence-security-forces-alerted-against-whatsapp-virus/articleshow/56258702.cms
]]> 5:28 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5359 SMB 3 0-Day DoS Exploit; WordPress Update; Webroot BSOD Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. SMB 3 0-Day DoS Exploit; WordPress Update; Webroot BSOD https://traffic.libsyn.com/securitypodcast/5359.mp3 https://isc.sans.edu/podcastdetail/5359 Fri, 03 Feb 2017 00:10:02 GMT https://isc.sans.edu/forums/diary/Windows+SMBv3+Denial+of+Service+Proof+of+Concept+0+Day+Exploit/22029/
WordPress Update Silently Fixes Security Flaw
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
Webroot Update Patches BSOD Flaw
https://community.webroot.com/t5/Product-Questions/BSOD-0x50-PAGE-FAULT-IN-NONPAGED-AREA/td-p/284302?sf54120672=1&sf54123115=1
Google Adds Support for Mandatory Two-Factor Authentication to G-Suite
https://security.googleblog.com/2017/02/better-and-more-usable-protection-from.html
Cisco Prime Home Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home
]]> 5:27 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5357 #tcpdump update; #redis #CSRF; Compromised Machine Post Mortem Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #tcpdump update; #redis #CSRF; Compromised Machine Post Mortem https://traffic.libsyn.com/securitypodcast/5357.mp3 https://isc.sans.edu/podcastdetail/5357 Thu, 02 Feb 2017 03:30:02 GMT https://isc.sans.edu/forums/diary/Multiple+Vulnerabilities+in+tcpdump/22017/
Quick Analysis of Data Left Available by Attackers
https://isc.sans.edu/forums/diary/Quick+Analysis+of+Data+Left+Available+by+Attackers/22015/
Securing The Human Ouch! Newsletter
https://securingthehuman.sans.org/ouch/
Redis CSRF Vulnerability Exploit
https://github.com/dxa4481/whatsinmyredis]]> 4:59 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5355 #UAC Bypass and #Keybase; #tcpdump vulnerable; Postscript showpage vuln; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #UAC Bypass and #Keybase; #tcpdump vulnerable; Postscript showpage vuln; https://traffic.libsyn.com/securitypodcast/5355.mp3 https://isc.sans.edu/podcastdetail/5355 Wed, 01 Feb 2017 02:55:02 GMT https://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/
Apple Removes Activation Lock Test Tool After Abuse
https://www.macrumors.com/2017/01/30/activation-lock-website-used-in-hack/
Multiple Vulnerabilities in tcpdump
https://www.debian.org/security/2017/dsa-3775
Postscript Printer Vulnerabilities
http://seclists.org/fulldisclosure/2017/Jan/89
Stop Disabling SELinux
https://learntemail.sam.today/blog/stop-disabling-selinux:-a-real-world-guide/
]]> 5:36 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5353 Decompiling #py2exe; Leaked Calls; #FB introduces delegated recovery Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Decompiling #py2exe; Leaked Calls; #FB introduces delegated recovery https://traffic.libsyn.com/securitypodcast/5353.mp3 https://isc.sans.edu/podcastdetail/5353 Tue, 31 Jan 2017 12:55:02 GMT https://isc.sans.edu/forums/diary/py2exe+Decompiling+Part+2/22005/
Telemarketer Leaks Call Recordings
https://mackeeper.com/blog/post/326-telemarketing-company-leaks-400k-of-sensitive-files
Facebook Introduces Delegated Recovery Protocol
https://github.com/facebookincubator/DelegatedRecovery/
https://raw.githubusercontent.com/facebookincubator/DelegatedRecovery/master/draft-hill-delegated-recovery.raw.txt
Another Cisco WebEx Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Cryptkeeper Does Not Correctly Encrypt Folders
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751
]]> 6:36 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5351 DC Traffic Cams and #Hotel Locks Held #Ransom; #Android Not So Private #VPN Apps Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. DC Traffic Cams and #Hotel Locks Held #Ransom; #Android Not So Private #VPN Apps https://traffic.libsyn.com/securitypodcast/5351.mp3 https://isc.sans.edu/podcastdetail/5351 Mon, 30 Jan 2017 03:15:02 GMT https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/
OpenSSH Vulnerablity
http://www.openwall.com/lists/oss-security/2017/01/26/2
Ransomware Hits Traffic Cameras in DC
https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html
Hotel Hit By Ransomware
http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms
Not So Private Android VPNs
http://www.icir.org/vern/papers/vpn-apps-imc16.pdf
Google Starting its own Certificate Authority
https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
]]> 6:41 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5349 Threatintel Automation Risks; Android Ransomware; WebEx Update Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Threatintel Automation Risks; Android Ransomware; WebEx Update https://traffic.libsyn.com/securitypodcast/5349.mp3 https://isc.sans.edu/podcastdetail/5349 Fri, 27 Jan 2017 01:20:01 GMT https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/
Android Ransomware in Google Play Store
http://blog.checkpoint.com/2017/01/24/charger-malware/
OpenSSL Update
https://www.openssl.org/news/vulnerabilities.html#y2017
Facebook To Implement U2F (FIDO) Login
https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766
WebEx Update
https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
]]> 5:35 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5347 More Cisco WebEx News; Malicious #SVG Files; W2 Scams Are Back Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. More Cisco WebEx News; Malicious #SVG Files; W2 Scams Are Back https://traffic.libsyn.com/securitypodcast/5347.mp3 https://isc.sans.edu/podcastdetail/5347 Thu, 26 Jan 2017 02:20:01 GMT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Malicious SVG Files Fund in the Wild
https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/
W2 Scams Hitting Again
http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html
XXE Entity Vulnerability in Uber
https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1
Firefox 51 Released
https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
]]> 5:49 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5345 WebEx Plugin Fixed; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. WebEx Plugin Fixed; https://traffic.libsyn.com/securitypodcast/5345.mp3 https://isc.sans.edu/podcastdetail/5345 Wed, 25 Jan 2017 04:35:01 GMT https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/
Companies Fall For Fake Ransomware
https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/
systemd priviledge escalation vulnerablity
http://www.openwall.com/lists/oss-security/2017/01/24/4
nginx update released
http://nginx.org/en/CHANGES
]]> 5:26 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5343 #IPv6 Fragments; #Apple Updates Everything; #WebEx Backdoor Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #IPv6 Fragments; #Apple Updates Everything; #WebEx Backdoor https://traffic.libsyn.com/securitypodcast/5343.mp3 https://isc.sans.edu/podcastdetail/5343 Tue, 24 Jan 2017 02:50:02 GMT https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
WebEx Secret Install URL
https://bugs.chromium.org/p/project-zero/issues/detail?id=1096
Vulnerability in Symantec Norton Download Manager
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00
Exploit for Microsoft RDC Client on Mac
https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution
]]> 5:42 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5341 Sage 2.0 Ransomware; Starwars Twitter Bots; Symantec SSL Cert Problem Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Sage 2.0 Ransomware; Starwars Twitter Bots; Symantec SSL Cert Problem https://traffic.libsyn.com/securitypodcast/5341.mp3 https://isc.sans.edu/podcastdetail/5341 Mon, 23 Jan 2017 08:05:02 GMT https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/
Starwars Twitter Botner
https://regmedia.co.uk/2017/01/20/starwarsbotnet.pdf
Symantec Messes Up SSL Certificates Again
https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg05455.html
Github CSP Experiences
https://githubengineering.com/githubs-post-csp-journey/
Podcast Survey
https://www.surveymonkey.com/r/sbn2017
]]> 5:46 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5339 Open Hadoop At Risk; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Open Hadoop At Risk; https://traffic.libsyn.com/securitypodcast/5339.mp3 https://isc.sans.edu/podcastdetail/5339 Thu, 19 Jan 2017 20:50:02 GMT http://www.threatgeek.com/2017/01/open-hadoop-installs-wiped-worldwide.html
Upcoming SHA-1 Deadlines
https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
Google "Verify Apps" Algorithm
https://blog.google/topics/connected-workspaces/silence-speaks-louder-words-when-finding-malware/
Practical JSONP Injection
https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
Necurs Decline Huring Loky Distribution
http://blog.talosintel.com/2017/01/locky-struggles.html
]]> 6:11 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5337 US-Cert Considers Netbios/SMBv1 Harmfull; IPv6 Atomic Fragments Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. US-Cert Considers Netbios/SMBv1 Harmfull; IPv6 Atomic Fragments https://traffic.libsyn.com/securitypodcast/5337.mp3 https://isc.sans.edu/podcastdetail/5337 Wed, 18 Jan 2017 22:14:48 GMT https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
IPv6 Atomic Fragments Can Lead to DDoS Attack
https://tools.ietf.org/html/rfc8021
Facebook Was Affectd by ImageTragick Flaw
http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html
Malwarebytes Identifies Old Mac Backdoor
https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA]]> 6:28 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5335 Efficient Whois Lookups; Dovecot Passes Audit; Secrets in Mobile Apps Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Efficient Whois Lookups; Dovecot Passes Audit; Secrets in Mobile Apps https://traffic.libsyn.com/securitypodcast/5335.mp3 https://isc.sans.edu/podcastdetail/5335 Tue, 17 Jan 2017 20:55:01 GMT https://isc.sans.edu/forums/diary/domainstatspy+a+web+api+for+SEIM+phishing+hunts/21943/
Mutiple RCE in ZyXEL/Billion/True Online Routers
http://seclists.org/fulldisclosure/2017/Jan/40
Dovecot Passes Security Audit
https://wiki.mozilla.org/images/4/4d/Dovecot-report.pdf
Dutch Web Developers Left Backdoors Behind
http://www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_backdoors_for_carding/
Mobile Applications Contain Secrets
https://hackernoon.com/we-reverse-engineered-16k-apps-heres-what-we-found-51bdf3b456bb
]]> 5:19 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5333 Whitelisting #Apache Extension; #Wordpress 4.7.1 released; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Whitelisting #Apache Extension; #Wordpress 4.7.1 released; https://traffic.libsyn.com/securitypodcast/5333.mp3 https://isc.sans.edu/podcastdetail/5333 Mon, 16 Jan 2017 20:50:02 GMT https://isc.sans.edu/forums/diary/Whitelisting+File+Extensions+in+Apache/21937/
Wordpress 4.7.1 Updates PHPMailer
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Tricky Phishing Attacks Harvesting Google Passwords
https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
More Refined Browser Fingerprinting Via GPU Features
https://drive.google.com/file/d/0B4s900Byvv1ibW5uc1NiU2g3R3c/view
]]> 5:27 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5331 Evil Back Files; #Apache Server-Status; There is no Backdoor in #WhatsApp ; Injecting #Javascript in Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Evil Back Files; #Apache Server-Status; There is no Backdoor in #WhatsApp ; Injecting #Javascript in https://traffic.libsyn.com/securitypodcast/5331.mp3 https://isc.sans.edu/podcastdetail/5331 Sun, 15 Jan 2017 19:30:02 GMT https://isc.sans.edu/forums/diary/Backup+Files+Are+Good+but+Can+Be+Evil/21935/
Exploiting Apache Server Status
http://blog.mazinahmed.net/2017/01/exploiting-misconfigured-apache-server-status-instances.html
WhatsApp Backdoor Controversy
https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
Hardening Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/
Injecting JavaScript Into PDFs
http://insert-script.blogspot.in/2016/10/pdf-how-to-steal-pdfs-by-injecting.html
]]> 7:22 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5329 Reading #SRUM Data; #Docker Updates; Exploiting #DNS Operational Issues; Updated SSL #CRL Data Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Reading #SRUM Data; #Docker Updates; Exploiting #DNS Operational Issues; Updated SSL #CRL Data https://traffic.libsyn.com/securitypodcast/5329.mp3 https://isc.sans.edu/podcastdetail/5329 Fri, 13 Jan 2017 02:00:02 GMT https://isc.sans.edu/forums/diary/System+Resource+Utilization+Monitor/21927/
Docker Fixes Privilege Escalation Vulnerability
http://seclists.org/fulldisclosure/2017/Jan/21
Taking Over Expired Name Servers
https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/
Updated Certificate Revocation Data
https://isc.sans.edu/crls.html
Shadow Broker Releasing More Tools and Going Dark
https://heimdalsecurity.com/blog/security-alert-the-shadow-brokers-windows-hacking-tools/
Extracting Fingerprints from Selfies
http://www.japantimes.co.jp/news/2017/01/11/national/crime-legal/researchers-warn-fingerprint-theft-peace-sign/
]]> 6:28 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5327 Fake Parking Ticket Installing Backdoor; GoDaddy SSL Validation Bug; DVR Master Passwd List Leaked Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Fake Parking Ticket Installing Backdoor; GoDaddy SSL Validation Bug; DVR Master Passwd List Leaked https://traffic.libsyn.com/securitypodcast/5327.mp3 https://isc.sans.edu/podcastdetail/5327 Thu, 12 Jan 2017 02:10:02 GMT https://isc.sans.edu/forums/diary/HancitorPonyVawtrak+malspam/21919/
Godaddy Revokes > 6,000 SSL Certs After Validation Bug
https://www.godaddy.com/garage/godaddy/information-about-ssl-bug/
DVR Master Password List Leaked
https://www.pentestpartners.com/blog/leaked-dvr-creds-added-to-the-iot-fail-list/
Autofill Enables Information Leakage
https://github.com/anttiviljami/browser-autofill-phishing
]]> 6:04 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5325 #MSFT and #Adobe Patches; Port 37777 "MapTable" Requests; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #MSFT and #Adobe Patches; Port 37777 "MapTable" Requests; https://traffic.libsyn.com/securitypodcast/5325.mp3 https://isc.sans.edu/podcastdetail/5325 Wed, 11 Jan 2017 03:05:01 GMT https://isc.sans.edu/forums/diary/January+2017+Microsoft+Patch+Tuesday/21915/
Adobe Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Adobe+January+2017+Patches/21917/
Port 37777 "MapTable" Requests
https://isc.sans.edu/forums/diary/Port+37777+MapTable+Requests/21913/
CVE 2016-7200/7201 Exploit Included in Sundown Exploit Kit
http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html
]]> 5:35 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5323 DVWS: Experiment With WebSocket Vulns; Cracking Long Passwords; #VNC Library Update Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. DVWS: Experiment With WebSocket Vulns; Cracking Long Passwords; #VNC Library Update https://traffic.libsyn.com/securitypodcast/5323.mp3 https://isc.sans.edu/podcastdetail/5323 Mon, 09 Jan 2017 23:30:02 GMT https://github.com/interference-security/DVWS
St. Jude Medical Patches Vulnerable Cardiac Devices
https://threatpost.com/st-jude-medical-patches-vulnerable-cardiac-devices/122955/
Cracking Hashes of Passwords 12 Characters and Longer
http://www.netmux.com/blog/cracking-12-character-above-passwords
VNC Library Update
https://www.debian.org/security/2017/dsa-3753
]]> 5:47 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5321 Careful With #Virustotal and Insecure Securitytools; Elaborate #Ransomware Scams Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Careful With #Virustotal and Insecure Securitytools; Elaborate #Ransomware Scams https://traffic.libsyn.com/securitypodcast/5321.mp3 https://isc.sans.edu/podcastdetail/5321 Mon, 09 Jan 2017 03:00:02 GMT https://isc.sans.edu/forums/diary/Great+Misadventures+of+Security+Vendors+Absurd+Sandboxing+Edition/21895/
Vulnerable Security Tools Can Be Used Against You
https://isc.sans.edu/forums/diary/Using+Security+Tools+to+Compromize+a+Network/21903/
Elaborate Ransomware Attacks
http://www.actionfraud.police.uk/news/department-of-education-ransomware-alert-jan17
E-Mail and iTunes Popup Extortion
https://blog.malwarebytes.com/101/mac-the-basics/2017/01/tech-support-scam-page-attempts-denial-of-service-via-mail-app/
]]> 5:45 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5319 Google.com.br DNS Hijack; Spreadshirt Attacked With Leaked Passwords; Ransomware Adds DDoS Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Google.com.br DNS Hijack; Spreadshirt Attacked With Leaked Passwords; Ransomware Adds DDoS https://traffic.libsyn.com/securitypodcast/5319.mp3 https://isc.sans.edu/podcastdetail/5319 Fri, 06 Jan 2017 01:40:02 GMT https://www.linkedin.com/pulse/googlecombr-hacked-renato-marinho
Attackers Use Stolen Passwords To Take Over Spreadshirt.com Accounts.
https://www.heise.de/security/meldung/Angriff-auf-Spreadshirt-Konten-3589579.html (sorry, only in German)
Ransomware Adding DDoS Component
https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/
Old Malware Returning in Targeted Attacks
https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose
]]> 6:01 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5317 Insecure #MonboDB Held Ransom; Android Updates; #XSHM To Find #Wordpress Inside Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Insecure #MonboDB Held Ransom; Android Updates; #XSHM To Find #Wordpress Inside https://traffic.libsyn.com/securitypodcast/5317.mp3 https://isc.sans.edu/podcastdetail/5317 Thu, 05 Jan 2017 02:10:02 GMT http://www.openwall.com/lists/oss-security/2016/10/13/11
Insecure MongoDB Instances Hit By Fake Ransomware
https://twitter.com/0xDUDE
Android Security Update
https://source.android.com/security/bulletin/2017-01-01.html
Identifying WordPress Websites on Local Networks
https://www.netsparker.com/blog/web-security/bruteforce-wordpress-local-networks-xshm-attack/
]]> 5:24 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5315 Removing "Ransom Ware" From TVs; libpng Patch; Kaspersky AV SSL Vuln; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Removing "Ransom Ware" From TVs; libpng Patch; Kaspersky AV SSL Vuln; https://traffic.libsyn.com/securitypodcast/5315.mp3 https://isc.sans.edu/podcastdetail/5315 Tue, 03 Jan 2017 23:35:02 GMT https://www.youtube.com/watch?v=0WZ4uLFTHEE
libpng Patches 30 Year Old Bug
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567619
Kaspersky Antivirus SSL Interception Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=978
Thunderbird Update Fixes Critical Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/
]]> 4:58 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5313 Leap Second Errors; #ATT Shutting Down 2G; iMessage Vuln; Truffle Hog Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Leap Second Errors; #ATT Shutting Down 2G; iMessage Vuln; Truffle Hog https://traffic.libsyn.com/securitypodcast/5313.mp3 https://isc.sans.edu/podcastdetail/5313 Tue, 03 Jan 2017 01:50:01 GMT https://www.att.com/esupport/article.html#!/wireless/KM1084805
Leap Second
https://blog.cloudflare.com/how-and-why-the-leap-second-affected-cloudflare-dns/
Thunderbird Patch
https://www.heise.de/security/meldung/Thunderbird-Mozilla-schliesst-mit-Sicherheitsupdate-kritische-Luecken-3583472.html
iMessage Crash
https://vincedes3.com/crash-message-app-iphone/
Truffle Hog
https://github.com/dxa4481/truffleHog
]]> 5:06 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5311 Protocol 47 (GRE) Traffic; US-CERT Releases Russian IoCs; Android #Switcher Malware Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Protocol 47 (GRE) Traffic; US-CERT Releases Russian IoCs; Android #Switcher Malware https://traffic.libsyn.com/securitypodcast/5311.mp3 https://isc.sans.edu/podcastdetail/5311 Fri, 30 Dec 2016 00:00:02 GMT https://isc.sans.edu/forums/diary/Increase+in+Protocol+47+denys/21865/
US Cert Releases "Grizzly Steppe" Report
https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity
Android Malware Changes Router DNS Settings
https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/
]]> 3:57 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5309 More PHPMailer Issues; Picking Smart Locks; #IPv6 Scanning Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. More PHPMailer Issues; Picking Smart Locks; #IPv6 Scanning https://traffic.libsyn.com/securitypodcast/5309.mp3 https://isc.sans.edu/podcastdetail/5309 Thu, 29 Dec 2016 00:25:02 GMT https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
CCC Talk: Lockpicking in the IoT
https://media.ccc.de/v/33c3-8019-lockpicking_in_the_iot
CCC Talk: IPv6 Scanning
https://media.ccc.de/v/33c3-8061-you_can_-j_reject_but_you_can_not_hide_global_scanning_of_the_ipv6_internet
]]> 5:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5307 Manipulating Airline Bookings; PHPMailer Exploit; Signal Uses Domain Fronting Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Manipulating Airline Bookings; PHPMailer Exploit; Signal Uses Domain Fronting https://traffic.libsyn.com/securitypodcast/5307.mp3 https://isc.sans.edu/podcastdetail/5307 Wed, 28 Dec 2016 00:30:02 GMT https://isc.sans.edu/forums/diary/Using+daemonlogger+as+a+Software+Tap/21859/
CCC Conference
https://events.ccc.de/congress/2016/wiki/Main_Page
PHPMailer Exploit Released
https://legalhackers.com/exploits/CVE-2016-10033/PHPMailer-RCE-exploit-poc.txt
Patch For Exim Mail Server
https://exim.org/static/doc/CVE-2016-9963.txt
Signal Uses Domain Fronting To Evade Censor Ship
https://whispersystems.org/blog/doodles-stickers-censorship/
]]> 5:32 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5305 #PHPMailer Flaw; Malware Using Ping Delay; #Apple Extends TLS Deadline Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #PHPMailer Flaw; Malware Using Ping Delay; #Apple Extends TLS Deadline https://traffic.libsyn.com/securitypodcast/5305.mp3 https://isc.sans.edu/podcastdetail/5305 Tue, 27 Dec 2016 00:30:22 GMT https://isc.sans.edu/forums/diary/Critical+security+update+PHPMailer+5218+CVE201610033/21855/
Malware Delays Execution with "Ping"
https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/
Apple Extends TLS Deadline
https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/
]]> 6:02 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5303 #Mirai keeps shifting; #Ukraine Power Issues; #OutMine Hacks @Netflix; #Methbot Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Mirai keeps shifting; #Ukraine Power Issues; #OutMine Hacks @Netflix; #Methbot https://traffic.libsyn.com/securitypodcast/5303.mp3 https://isc.sans.edu/podcastdetail/5303 Wed, 21 Dec 2016 23:20:02 GMT https://isc.sans.edu/forums/diary/UPDATED+x1+Mirai+Scanning+for+Port+6789+Looking+for+New+Victims+Now+hitting+tcp23231/21833/
Ukraining Power Outages
http://uawire.org/news/ukrenergo-claims-that-blackouts-in-kyiv-could-have-been-caused-by-hackers
OurMine Hacks Netflix and Other Twitter Accounts
http://www.bbc.com/news/technology-38390343?ocid=socialflow_twitter
Methbot Generating Millions of Dollars With Click Fraud
http://go.whiteops.com/rs/179-SQE-823/images/WO_Methbot_Operation_WP.pdf
]]> 4:37 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5301 vSphere Data Protection Known SSH Key; NMap 7.4 Released; SCCM Software Metering Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. vSphere Data Protection Known SSH Key; NMap 7.4 Released; SCCM Software Metering https://traffic.libsyn.com/securitypodcast/5301.mp3 https://isc.sans.edu/podcastdetail/5301 Wed, 21 Dec 2016 00:35:01 GMT http://www.vmware.com/security/advisories/VMSA-2016-0024.html
nmap Update
https://nmap.org/download.html
SCCM Software Metering
https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html
CryptXXX Version 3 Decryptor Available
https://noransom.kaspersky.com
Airline Inflight Entertainment System Hack
http://blog.ioactive.com/2016/12/in-flight-hacking-system.html
SEC503, Intrusion Detection in Depth: Brussles January 16th-21st 2017
https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
]]> 5:05 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5299 Port 6789 Scans; OpenSSH Update; Google Releases Crypto Test Tool Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Port 6789 Scans; OpenSSH Update; Google Releases Crypto Test Tool https://traffic.libsyn.com/securitypodcast/5299.mp3 https://isc.sans.edu/podcastdetail/5299 Tue, 20 Dec 2016 01:00:02 GMT https://isc.sans.edu/forums/diary/Mirai+Scanning+for+Port+6789+Looking+for+New+Victims/21833/
OpenSSH update
https://www.openssh.com/releasenotes.html#7.4
Google Releases Tool to Audit Crypto Libraries
https://security.googleblog.com/2016/12/project-wycheproof.html
Escaping A Restricted Shell
https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/
]]> 4:17 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5297 Verizon Webmail #XSS; Limit Powershell Connections; Cerber Ransomware Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Verizon Webmail #XSS; Limit Powershell Connections; Cerber Ransomware https://traffic.libsyn.com/securitypodcast/5297.mp3 https://isc.sans.edu/podcastdetail/5297 Mon, 19 Dec 2016 02:25:01 GMT https://randywestergren.com/persistent-xss-verizons-webmail-client/
Blocking Powershell Connections via Windows Firewall
https://isc.sans.edu/forums/diary/Blocking+Powershell+Connection+via+Windows+Firewall/21829/
Exploit Kits Delivering Cerber Ransomware
https://isc.sans.edu/forums/diary/One+if+by+email+and+two+if+by+EK+The+Cerbers+are+coming/21823/
More Security Companies joining "No More Ransom"
https://www.nomoreransom.org
IT Contractor Trying to Take Over Radio Station
https://regmedia.co.uk/2016/12/16/kcohvtaylorfiling.pdf
Holiday Safe Computing Tips
https://isc.sans.edu/forums/diary/Holiday+Safe+Computing+Tips/21827/
]]> 5:52 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5295 Domaincops Malware; FileVault2 Vulnerability; DNS Changer is Back Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Domaincops Malware; FileVault2 Vulnerability; DNS Changer is Back https://traffic.libsyn.com/securitypodcast/5295.mp3 https://isc.sans.edu/podcastdetail/5295 Fri, 16 Dec 2016 01:40:02 GMT https://isc.sans.edu/forums/diary/Domaincop+malpsam/21821/
OS X Filevault Password Retrieval
http://blog.frizk.net/2016/12/filevault-password-retrieval.html
QEMU/Xen Vulnerability
http://xenbits.xen.org/xsa/advisory-199.html
DNS Changer Attacking Home Routers
https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices
]]> 5:25 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5293 #UAC Bypass JScript Dropper; Skype Desktop API Access; FB Cert. Transp. Monitor Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #UAC Bypass JScript Dropper; Skype Desktop API Access; FB Cert. Transp. Monitor https://traffic.libsyn.com/securitypodcast/5293.mp3 https://isc.sans.edu/podcastdetail/5293 Thu, 15 Dec 2016 02:05:02 GMT https://isc.sans.edu/forums/diary/UAC+Bypass+in+JScript+Dropper/21813/
Skype Unauthorized API Access Blocked
https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-OS-X/?page=1&year=0&month=0
Facebook Anounces Certificate Transparency Monitoring Tool
https://www.facebook.com/notes/protect-the-graph/introducing-our-certificate-transparency-monitoring-tool/1811919779048165
Another Tor Browser (and Firefox) Bug Fixed
https://blog.torproject.org/blog/tor-browser-608-released
Cheap Android Phones Arrive With Malware Preinstalled
https://news.drweb.com/show/?i=10345&lng=en
Exploit for Nagios
https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
]]> 5:28 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5291 #MSFT Patches; MacOS Updates; iOS Profile Vuln PoC Released; #Netgear Update Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #MSFT Patches; MacOS Updates; iOS Profile Vuln PoC Released; #Netgear Update https://traffic.libsyn.com/securitypodcast/5291.mp3 https://isc.sans.edu/podcastdetail/5291 Wed, 14 Dec 2016 04:00:03 GMT https://isc.sans.edu/mspatchdays.html?viewday=2016-12-13
Apple Updates
https://support.apple.com/en-us/HT201222
More Netgear Products Vulnerable; Beta Patch Available
http://kb.netgear.com/000036386/CVE-2016-582384?cid=wmt_netgear_organic
iOS Profile Vulnerability PoC Available
https://cxsecurity.com/issue/WLB-2016110046
]]> 5:02 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5289 #iOS, #tvos, #watchOS Patches; #McAfee AV Scan Vulnerabilities; Ransomware Snowball Marketing Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #iOS, #tvos, #watchOS Patches; #McAfee AV Scan Vulnerabilities; Ransomware Snowball Marketing https://traffic.libsyn.com/securitypodcast/5289.mp3 https://isc.sans.edu/podcastdetail/5289 Tue, 13 Dec 2016 01:10:02 GMT https://support.apple.com/en-us/HT201222
Windows 8/10 Update Causing DHCP Problems
https://community.plus.net/t5/Broadband/Windows-8-10-Issues/m-p/1393675#M310992
McAfee VirusScan Enterprise for Linux Vulnerabilities
https://nation.state.actor/mcafee.html
Snowball Marketing for Ransomware
https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/
Europol Arrests DDoS Miscreants
http://www.theregister.co.uk/2016/12/12/europol_arrests_34_ddos_kiddies/
5 Questions to Ask you IoT Vendor
https://isc.sans.edu/forums/diary/5+Questions+to+Ask+your+IoT+Vendors+But+Do+Not+Expect+an+Answer/21807/
]]> 5:49 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5287 Malware Anti-Reversing Trick; #PwC ACE Makes #SAP Vulnerable; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Malware Anti-Reversing Trick; #PwC ACE Makes #SAP Vulnerable; https://traffic.libsyn.com/securitypodcast/5287.mp3 https://isc.sans.edu/podcastdetail/5287 Sun, 11 Dec 2016 22:50:02 GMT https://isc.sans.edu/forums/diary/Sleeping+VBS+Really+Wants+To+Sleep/21801/
PwC ACE Tool For SAP Introduces Security Vulnerability into SAP
http://seclists.org/fulldisclosure/2016/Dec/33
Steganography Used to Hide Exploits in Images
https://isc.sans.edu/forums/diary/Steganography+in+Action+Image+Steganography+StegExpose/21803/
Netgear R7000 and R6400 Aribtrary Command Execution
http://www.kb.cert.org/vuls/id/582384
Holiday Hack Challenge
https://holidayhackchallenge.com]]> 5:47 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5285 Domaincops Malware; Yahoo Mail XSS; Trend Office Scan False Positive Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Domaincops Malware; Yahoo Mail XSS; Trend Office Scan False Positive https://traffic.libsyn.com/securitypodcast/5285.mp3 https://isc.sans.edu/podcastdetail/5285 Fri, 09 Dec 2016 00:40:02 GMT https://isc.sans.edu/forums/diary/Good+Cop+Bad+Cop+Domain+Cop/21795/
Yahoo Mail Persistent XSS
https://klikki.fi/adv/yahoo2.html
Trend Office Scan False Positives
https://www.reddit.com/r/sysadmin/comments/5gs2gv/anyone_else_also_affected_by_a_deleted/
Linux Privilege Escalation due ot af_packet.c race condition
http://seclists.org/oss-sec/2016/q4/607
]]> 5:58 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5283 AV Exclusion Abused by Targeted Attacks; Android Update; Firefox SVG XDomain Cookies Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. AV Exclusion Abused by Targeted Attacks; Android Update; Firefox SVG XDomain Cookies https://traffic.libsyn.com/securitypodcast/5283.mp3 https://isc.sans.edu/podcastdetail/5283 Thu, 08 Dec 2016 00:35:01 GMT http://www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour/
Android Update Patches "Dirty Cow"
https://source.android.com/security/bulletin/2016-12-01.html
"Goldeneye" Ransomware May Use Stolen Data For Realistic E-Mails
https://www.heise.de/security/meldung/Goldeneye-nutzt-Informationen-vom-Arbeitsamt-fuer-aeusserst-gezielte-Angriffe-3564386.html
Firefox Cross Domain Cookie Vulnerability
https://insert-script.blogspot.ch/2016/12/firefox-svg-cross-domain-cookie.html
]]> 6:00 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5281 Attacking MongoDB; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Attacking MongoDB; https://traffic.libsyn.com/securitypodcast/5281.mp3 https://isc.sans.edu/podcastdetail/5281 Wed, 07 Dec 2016 00:40:02 GMT https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications/21787/
Heap Buffer Overflow in Encase Forensic Imager
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161128-0_Guidance_Software_Encase_DoS_heap_buffer_overflow_vulnerabilities_v10.txt
Raspbian To Increase Default Security
https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel/
SONY Camera Backdoor
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt
Feedback: https://isc.sans.edu/contact.html
]]> 6:30 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5279 Guessing CC Numbers; Hancitor Reversing Video; Guess CC Number Fast Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Guessing CC Numbers; Hancitor Reversing Video; Guess CC Number Fast https://traffic.libsyn.com/securitypodcast/5279.mp3 https://isc.sans.edu/podcastdetail/5279 Tue, 06 Dec 2016 01:00:04 GMT https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Videos/21783/
Rapid Distributed Credit Card Number Brute Forcing
http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf
Cloudflare Detecting Large DDoS Attacks Over Thanksgiving / Cyber Monday
https://blog.cloudflare.com/the-daily-ddos-ten-days-of-massive-attacks/
Free Windows Tool to Harden Networks: SAMRi10
https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b
NY State Outlawing Automated Ticket Purchasing Software
https://www.nysenate.gov/legislation/bills/2015/S8123
]]> 5:30 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5277 #CSP Bypass With #Polyglot Images; Finding #SQL Injection via Stack Overflow; Mirai Update Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #CSP Bypass With #Polyglot Images; Finding #SQL Injection via Stack Overflow; Mirai Update https://traffic.libsyn.com/securitypodcast/5277.mp3 https://isc.sans.edu/podcastdetail/5277 Sun, 04 Dec 2016 23:50:02 GMT http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html
also see this Youtube video on Polyglot Images: https://www.youtube.com/watch?v=Ub5G_t-gUBc
Stack Overflow SQL Injection Questions
https://laurent22.github.io/so-injections/
Mirai Update: More Outages and Vulnerable Chipset Identified
http://www.theregister.co.uk/2016/12/02/broadband_mirai_takedown_analysis/
SEC503 Intrusion Detection in Depth in Brussles (Jan 2017):
https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
]]> 5:24 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5275 Beamgun vs. Poisontap; Shamoon is Back; British ISP Suffers Outage Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Beamgun vs. Poisontap; Shamoon is Back; British ISP Suffers Outage https://traffic.libsyn.com/securitypodcast/5275.mp3 https://isc.sans.edu/podcastdetail/5275 Fri, 02 Dec 2016 03:00:02 GMT https://github.com/JLospinoso/beamgun
"Shamoon" Malware is back with a new destructive attack against Saudi Arabia
https://www.bloomberg.com/news/articles/2016-12-01/destructive-hacks-strike-saudi-arabia-posing-challenge-to-trump
British ISP "KCOM" Suffering Outage After Attack
http://www.hulldailymail.co.uk/kcom-blames-cyber-attack-for-thousands-losing-internet-access-in-hull/story-29944084-detail/story.html#xf23rtZbUqlh5uXY.99
Microsoft Fixes Long Known Priviledge Escalation Issue
https://threatpost.com/microsoft-silently-fixes-kernel-bug-that-led-to-chrome-sandbox-bypass/122179/
]]> 5:11 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5273 Mozilla Patches #Firefox 0-Day; SQL Slammer; #Goolian Malware; Bypassing #SAML Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Mozilla Patches #Firefox 0-Day; SQL Slammer; #Goolian Malware; Bypassing #SAML https://traffic.libsyn.com/securitypodcast/5273.mp3 https://isc.sans.edu/podcastdetail/5273 Wed, 30 Nov 2016 23:10:01 GMT https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+in+Firefox+used+to+Attack+Tor+Browser/21769/
SQL Slammer "Resurgance" ?
https://isc.sans.edu/forums/diary/Take+Back+Wednesday+SQL+Slammer+still+alive+but+barely+kicking/21767/
Goolian Android Malware
http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/
Bypassing SAML 2.0 SSO
http://research.aurainfosec.io/bypassing-saml20-SSO/
Webcast: The Six Most Dangerous New Cyber Attack Techniques
https://cc.readytalk.com/registration/#/?meeting=9yq9nbx4tp7a&campaign=nggmjhc39guc
]]> 6:27 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5271 Telekom Router's Not TR-069 Vulnerable; Software Only Defenses Against #Rowhammer Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Telekom Router's Not TR-069 Vulnerable; Software Only Defenses Against #Rowhammer https://traffic.libsyn.com/securitypodcast/5271.mp3 https://isc.sans.edu/podcastdetail/5271 Tue, 29 Nov 2016 23:25:02 GMT https://comsecuris.com/blog/posts/were_900k_deutsche_telekom_routers_compromised_by_mirai/
Bitlocker Encrypted Drives Exposed During System Upgrade
http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html
Software-Only Defenses Against Rowhammer
https://arxiv.org/abs/1611.08396
]]> 5:54 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5269 #Mirai Variant Attacking Routers via TR-069 Vuln; #Paypal #OAuth Vuln; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Mirai Variant Attacking Routers via TR-069 Vuln; #Paypal #OAuth Vuln; https://traffic.libsyn.com/securitypodcast/5269.mp3 https://isc.sans.edu/podcastdetail/5269 Tue, 29 Nov 2016 00:10:02 GMT https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/
Paypal OAuth Vulnerability
http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html
]]> 5:56 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5267 Extracting Shellcode from JS; Scapy vs. #CozyDuke; Images Spread Facebook Malware? MUNI for Free thx Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Extracting Shellcode from JS; Scapy vs. #CozyDuke; Images Spread Facebook Malware? MUNI for Free thx https://traffic.libsyn.com/securitypodcast/5267.mp3 https://isc.sans.edu/podcastdetail/5267 Mon, 28 Nov 2016 00:10:02 GMT https://isc.sans.edu/forums/diary/Extracting+Shellcode+From+JavaScript/21753/
Using Scapy to Test CozyDuke Snort Signatures
https://isc.sans.edu/forums/diary/Scapy+vs+CozyDuke/21755/
Malicious JPEG Spreading via Facebook
http://blog.checkpoint.com/2016/11/24/imagegate-check-point-uncovers-new-method-distributing-malware-images/
San Francisco Public Transport ("MUNI") hit by Ransomware
http://sanfrancisco.cbslocal.com/2016/11/26/you-hacked-cyber-attackers-crash-muni-computer-system-across-sf/
Tesla Smartphone App Vulnerability
https://promon.co/blog/tesla-cars-can-be-stolen-by-hacking-the-app/
]]> 6:20 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5265 Wordpress Update Vuln; Turning Speakers into Microphones; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Wordpress Update Vuln; Turning Speakers into Microphones; https://traffic.libsyn.com/securitypodcast/5265.mp3 https://isc.sans.edu/podcastdetail/5265 Wed, 23 Nov 2016 01:30:02 GMT http://www.openwall.com/lists/oss-security/2016/11/21/3
Turning Speakers into Microphones
http://cyber.bgu.ac.il/advanced-cyber/system/files/SPEAKEaR.pdf
5 Second Video iOS Crash
http://www.cultofmac.com/455215/455215/
"Stubby" Implements Encrypted DNS
http://www.theregister.co.uk/2016/11/22/dns_boffins_offer_up_privacy_test/
]]> 6:43 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5263 Encrypted ZIP File With Comments; Siemens Camera Default Password Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Encrypted ZIP File With Comments; Siemens Camera Default Password https://traffic.libsyn.com/securitypodcast/5263.mp3 https://isc.sans.edu/podcastdetail/5263 Mon, 21 Nov 2016 23:45:02 GMT https://isc.sans.edu/forums/diary/ZIP+With+Comment/21737/
Siemens Surveilance Cameras Use Static Default Password
https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01
NTP Single Packet DoS Vulnerablity
http://dumpco.re/cve-2016-7434/
Windows 10 Does Not Provide the Same Protections as EMET
https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecure-applications-like-emet-can.html
]]> 5:20 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5261 Converting Timestamps; SIP Dispabled Macbook Pros; Spoofing Microsoft E-Mails With Outlook 365 Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Converting Timestamps; SIP Dispabled Macbook Pros; Spoofing Microsoft E-Mails With Outlook 365 https://traffic.libsyn.com/securitypodcast/5261.mp3 https://isc.sans.edu/podcastdetail/5261 Mon, 21 Nov 2016 00:40:03 GMT https://isc.sans.edu/forums/diary/How+many+Epoch+times+Epocalypsepy+timestamp+converter/21733/
SIP Disabled on Some Macbook Pros
http://www.macrumors.com/2016/11/17/system-integrity-protection-disabled-macbook-pro/
Spoofing Microsoft.com E-Mails with Outlook.com
https://www.utkusen.com/blog/sending-valid-phishing-emails-from-microsoftcom.html
Various High Profile Twitter Accounts Hijacked By Spammers
https://www.engadget.com/2016/11/19/spammers-compromised-twitter-accounts-for-playstation-and-other/
Dyn Attack Caused by Single Angry Playstation User
http://www.wsj.com/articles/october-internet-attack-targeted-playstation-network-researchers-say-1479250847]]> 5:59 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5259 Anti-Research Countermeasures; #Fedora/#Chrome Driveby Exploit; #Volutility Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Anti-Research Countermeasures; #Fedora/#Chrome Driveby Exploit; #Volutility https://traffic.libsyn.com/securitypodcast/5259.mp3 https://isc.sans.edu/podcastdetail/5259 Fri, 18 Nov 2016 01:20:01 GMT https://isc.sans.edu/forums/diary/Example+of+Getting+Analysts+Researchers+Away/21721/
Fedora / Chrome Automatic Downloads and Code Execution
https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
Volutility Version 1.0 Released
https://techanarchy.net/2016/11/volutility-version-1-0-release/
iOS Synchronizing Call Logs via iCloud
http://www.forbes.com/sites/thomasbrewster/2016/11/17/iphone-call-logs-in-icloud-warns-elcomsoft-hackers/#5d96b21c2936
]]> 5:44 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5257 Troldesh #Ransomware; #Poisontap; #Symantec DLL Patch; #VMWare Patch; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Troldesh #Ransomware; #Poisontap; #Symantec DLL Patch; #VMWare Patch; https://traffic.libsyn.com/securitypodcast/5257.mp3 https://isc.sans.edu/podcastdetail/5257 Thu, 17 Nov 2016 00:38:25 GMT https://isc.sans.edu/forums/diary/Malspam+distributing+Troldesh+ransomware/21717/
Poisontap Exploits USB Ethernet Adapters
https://samy.pl/poisontap/
Symantec Patches Untrusted DLL Loading Vulnerability
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161115_00
VMWare Patches VM Escape Vulnerablity
http://www.vmware.com/security/advisories/VMSA-2016-0019.html
Some Android Phones Leak Data To China
http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html
Jacksonville ISC2 Meeting
https://www.eventbrite.com/e/isc2-ne-florida-chapter-meeting-november-2016-tickets-29050701430
]]> 6:02 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5255 #LUKS Vulnerability; #Shazam Privacy Concerns; #Debian/#nginx Priv Esc Vuln Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #LUKS Vulnerability; #Shazam Privacy Concerns; #Debian/#nginx Priv Esc Vuln https://traffic.libsyn.com/securitypodcast/5255.mp3 https://isc.sans.edu/podcastdetail/5255 Wed, 16 Nov 2016 01:05:02 GMT http://betanews.com/2016/11/15/linux-security-bug-cryptsetup-luks/
Shazam Keeps Microphone Turned on Even While not "Listening"
https://objective-see.com/blog/blog_0x13.html
nginx Privilege Escalation Vulnerability (Debian Only)
http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
]]> 5:52 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5253 #FIFA Coins Indictment; Crysis #Ransomware Decrypt; #Lightbulb #WAF Auditing Framework Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #FIFA Coins Indictment; Crysis #Ransomware Decrypt; #Lightbulb #WAF Auditing Framework https://traffic.libsyn.com/securitypodcast/5253.mp3 https://isc.sans.edu/podcastdetail/5253 Tue, 15 Nov 2016 00:05:02 GMT https://regmedia.co.uk/2016/11/14/fifafraudindictment.pdf
Crysis Ransomware Master Encryption Key Released
http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/
Adult Friend Finder Breached
https://www.leakedsource.com/blog/friendfinder
Lightbulb Web Application Firewall Auditing Framework
http://seclist.us/lightbulb-is-an-open-source-python-framework-for-auditing-web-applications-firewalls.html
]]> 5:20 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5251 #VBA Shellcode and #EMET; #Bitcoin Miner FTP Uploads; #Russian Bank #DDoS Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #VBA Shellcode and #EMET; #Bitcoin Miner FTP Uploads; #Russian Bank #DDoS https://traffic.libsyn.com/securitypodcast/5251.mp3 https://isc.sans.edu/podcastdetail/5251 Mon, 14 Nov 2016 02:10:02 GMT https://isc.sans.edu/forums/diary/VBA+Shellcode+and+EMET/21705/
Bitcoin Miners Distributed via FTP Exploits
https://isc.sans.edu/forums/diary/Bitcoin+Miner+File+Upload+via+FTP/21707/
5 Russian Banks Suffer DoS Attack
https://www.rt.com/news/366172-russian-banks-ddos-attack/
Wifi May Reveal Mobile Phone Passwords
http://dl.acm.org/citation.cfm?id=2978397
]]> 5:29 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5249 #ICMP DoS Attacks; OpenSSL Patch; #OWASP CRS 3.0.0 Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #ICMP DoS Attacks; OpenSSL Patch; #OWASP CRS 3.0.0 https://traffic.libsyn.com/securitypodcast/5249.mp3 https://isc.sans.edu/podcastdetail/5249 Fri, 11 Nov 2016 00:05:02 GMT https://isc.sans.edu/forums/diary/ICMP+Unreachable+DoS+Attacks+aka+Black+Nurse/21699/
OpenSSL 1.1.0 Patch
https://www.openssl.org/news/secadv/20161110.txt
OWASP ModSecurity Core Rule Set Version 3.0.0 Release
https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2016-November/002265.html
]]> 6:11 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5247 DoS Turns of Heat to Finish Appartments; #DLink HNAP Vuln; 2 MSFT Bug PoCs Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. DoS Turns of Heat to Finish Appartments; #DLink HNAP Vuln; 2 MSFT Bug PoCs https://traffic.libsyn.com/securitypodcast/5247.mp3 https://isc.sans.edu/podcastdetail/5247 Wed, 09 Nov 2016 23:35:01 GMT http://www.hs.fi/kotimaa/a1478495966653 (finish only)
DLink HNAP Vulnerability
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt
PoC Exploits Available for Two MSFT Vulnerabilities
https://github.com/tinysec/public/tree/master/CVE-2016-7255
https://g-laurent.blogspot.com/2016/11/ms16-137-lsass-remote-memory-corruption.html
OpenSSL Patch Pre-Announced
https://mta.openssl.org/pipermail/openssl-announce/2016-November/000085.html
Hue Lightbulb Exploit/Worm
http://iotworm.eyalro.net (Sophos labels this link as "Spam", but appears to be harmless)
]]> 5:27 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5245 Microsoft Patch Tuesday; Adobe Updates (Flash and Connect); Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Microsoft Patch Tuesday; Adobe Updates (Flash and Connect); https://traffic.libsyn.com/securitypodcast/5245.mp3 https://isc.sans.edu/podcastdetail/5245 Tue, 08 Nov 2016 23:55:02 GMT https://isc.sans.edu/forums/diary/November+2016+Microsoft+Patch+Day/21689/
Adobe Updates
https://helpx.adobe.com/security/products/connect/apsb16-35.html
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
]]> 7:29 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5243 #TESCO Bank Limits Online Banking; Attacking Mobile Devices via #IoT; Fake Apple iOS Apps Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #TESCO Bank Limits Online Banking; Attacking Mobile Devices via #IoT; Fake Apple iOS Apps https://traffic.libsyn.com/securitypodcast/5243.mp3 https://isc.sans.edu/podcastdetail/5243 Tue, 08 Nov 2016 00:55:02 GMT https://yourcommunity.tescobank.com/t5/News/Message-for-Current-Account-customers/td-p/6599
Belkin WeMo Devices Used To Attack Mobile Devices
https://www.blackhat.com/eu-16/briefings/schedule/index.html#breaking-bhad-abusing-belkin-home-automation-devices-4640
Fake Retail Apps Flooding Apple App Store
http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html?_r=0
Netflix Password Recovery via Phone Call Vulnerability
https://slashcrypto.org/2016/11/07/Netflix/
Webcast: 8 Ways To Watch The Invisible: Analyzing Encrypted Network Traffic
https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277
]]> 6:18 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5241 Hancitor Maldoc Whitelisting Bypass; EMET Support Extended; IMSI Catcher Via WiFi Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Hancitor Maldoc Whitelisting Bypass; EMET Support Extended; IMSI Catcher Via WiFi https://traffic.libsyn.com/securitypodcast/5241.mp3 https://isc.sans.edu/podcastdetail/5241 Mon, 07 Nov 2016 00:25:02 GMT https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Bypasses+Application+Whitelisting/21683/
Microsoft Extends EMET Support Deadline
https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/
Wifi Based IMSI Catcher
https://www.blackhat.com/docs/eu-16/materials/eu-16-OHanlon-WiFi-IMSI-Catcher.pdf
]]> 5:44 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5239 Reconstruct Binaries Sent via Telnet; Wix.com DOM Based XSS; WoT Leaked/Sold User Data Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Reconstruct Binaries Sent via Telnet; Wix.com DOM Based XSS; WoT Leaked/Sold User Data https://traffic.libsyn.com/securitypodcast/5239.mp3 https://isc.sans.edu/podcastdetail/5239 Thu, 03 Nov 2016 23:20:01 GMT https://isc.sans.edu/forums/diary/Extracting+Malware+Transmitted+Via+Telnet/21673/
Wix.com DOM Based XSS
https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com
DNS Based Mail Security
https://nccoe.nist.gov/projects/building_blocks/secured_email
Web of Trust Plugin Released Anonymized User Data
https://www.mywot.com/en/forum/70396--virus-spyware-do-not-install-uninstall-as-soon-as-possible
]]> 6:53 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5237 #OWA Two Factor Bypass; #Baraccuda DoS; #Targobank loses track of accounts Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #OWA Two Factor Bypass; #Baraccuda DoS; #Targobank loses track of accounts https://traffic.libsyn.com/securitypodcast/5237.mp3 https://isc.sans.edu/podcastdetail/5237 Thu, 03 Nov 2016 00:00:01 GMT http://www.blackhillsinfosec.com/?p=5396
Barracuda DoS Disrupts Mail Delivery
http://status.barracuda.com
Targobank Looses Account Data After Maintenance
http://www.spiegel.de/wirtschaft/service/targobank-kunden-fehlt-geld-auf-dem-konto-it-probleme-a-1119434.html (german only)
Ouch! Security Awareness Newsletter
http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201611_en.pdf
]]> 5:48 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5235 Google Ads On Google Pushing Malware to macOS Users; Memcached Vuln Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Google Ads On Google Pushing Malware to macOS Users; Memcached Vuln https://traffic.libsyn.com/securitypodcast/5235.mp3 https://isc.sans.edu/podcastdetail/5235 Wed, 02 Nov 2016 01:10:02 GMT http://blog.cylance.com/malvertising-on-google-adwords-targeting-macos-users
Microsoft Response to Google Privilege Escalation Disclosure
https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/
Memcached Remote Code Execution Vulnerabilities
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
SAP Vulnerability Details Released
https://erpscan.com/press-center/blog/0-day-sap-vulnerability-published-heres-can/
]]> 5:50 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5233 snapshot.ps1; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. snapshot.ps1; https://traffic.libsyn.com/securitypodcast/5233.mp3 https://isc.sans.edu/podcastdetail/5233 Tue, 01 Nov 2016 01:45:01 GMT https://isc.sans.edu/forums/diary/SEC505+DFIR+capture+script+snapshotps1/21659/
Predicting Domain Reputation
http://www.icir.org/vern/papers/predator-ccs16.pdf
Mozilla Removing Battery Status API For Privacy Reasons
https://www.fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/
Windows Privilege Escalation 0-day Actively Exploited
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
]]> 5:56 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5231 Volatility Bot; E911 DoS; Mirai Vuln; iOS/macOS task_t Vuln; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Volatility Bot; E911 DoS; Mirai Vuln; iOS/macOS task_t Vuln; https://traffic.libsyn.com/securitypodcast/5231.mp3 https://isc.sans.edu/podcastdetail/5231 Mon, 31 Oct 2016 01:15:02 GMT https://isc.sans.edu/forums/diary/Volatility+Bot+Automated+Memory+Analysis/21655/
911 System Fragility Exposed in Accidental DoS Attacks
https://staging.mcso.org/Multimedia/PressRelease/911%20Cyber%20Attack.pdf
Vulnerability in Mirai Botnet
https://www.invincealabs.com/blog/2016/10/killing-mirai/
XNU Kernel (iOS/macOS) task_t Privildge Escalation
https://googleprojectzero.blogspot.de/2016/10/taskt-considered-harmful.html
]]> 6:44 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5229 Small Changes to Ransomware E-Mails; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Small Changes to Ransomware E-Mails; https://traffic.libsyn.com/securitypodcast/5229.mp3 https://isc.sans.edu/podcastdetail/5229 Thu, 27 Oct 2016 23:45:02 GMT https://isc.sans.edu/forums/diary/Your+Bill+Is+Not+Overdue+today/21647/
Microsoft / Google Release Browser Updates to Address Flash Vulnerablity
https://technet.microsoft.com/en-us/library/security/ms16-128.aspx
https://googlechromereleases.blogspot.com
Social Media "Support" Phishing
https://www.proofpoint.com/us/corporate-blog/post/cybercriminals-spoof-every-major-bank-masquerade-branded-customer-service-twitter-accounts
Path Traversal Vulnerablity in gnu tar
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Podcast Survey
https://dshield.typeform.com/to/lVgHr5
]]> 6:35 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5227 #Adobe Flash Patch; #Pwn2Own; #Startcom/#Wosign Update; #Joomla #Exploit; #Google #CSRF; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Adobe Flash Patch; #Pwn2Own; #Startcom/#Wosign Update; #Joomla #Exploit; #Google #CSRF; https://traffic.libsyn.com/securitypodcast/5227.mp3 https://isc.sans.edu/podcastdetail/5227 Wed, 26 Oct 2016 23:55:02 GMT https://isc.sans.edu/forums/diary/Critical+Flash+Player+Update+APSB1636/21643/
Mobile Pwn2Own Writeup
http://blog.trendmicro.com/results-mobile-pwn2own-2016/
Mozilla Will Stick With Blacklisting Startcom/WoSign
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Joomla Exploit Released
https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.b8gks1jar
Google Spreadsheet Vulnerability
https://www.rodneybeede.com/Google_Spreadsheet_Vuln_-_CSRF_and_JSON_Hijacking_allows_data_theft.html
]]> 6:02 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5225 Patch #Joomla Now; Letsencrypt Persistent Domain Validation; New Locky Variant Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Patch #Joomla Now; Letsencrypt Persistent Domain Validation; New Locky Variant https://traffic.libsyn.com/securitypodcast/5225.mp3 https://isc.sans.edu/podcastdetail/5225 Wed, 26 Oct 2016 01:25:02 GMT https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html
Letsencrypt Domain Verification Problem
https://dan.enigmabridge.com/lets-encrypts-vulnerability-as-a-feature-authz-reuse-and-eternal-account-key/
New Locky Variants: Pumpkin Locky
http://blog.talosintel.com/2016/10/pumpkin-locky.html
Pagers still in use for Critical Infrastructure
http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/industrial-plant-beepers-leaking-secrets
]]> 5:16 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5223 #MacOS #iOS Updates; LTE MitM Exploit; Rowhammer Exploited Against Android Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #MacOS #iOS Updates; LTE MitM Exploit; Rowhammer Exploited Against Android https://traffic.libsyn.com/securitypodcast/5223.mp3 https://isc.sans.edu/podcastdetail/5223 Tue, 25 Oct 2016 00:50:02 GMT https://support.apple.com/en-us/HT201222
LTE Intercept Vulnerability
http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/
Rowhammer Exploit Demonstrated Against Android
https://www.vusec.net/projects/drammer/
]]> 6:36 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5221 #Dyn DNS DDoS Attack; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Dyn DNS DDoS Attack; https://traffic.libsyn.com/securitypodcast/5221.mp3 https://isc.sans.edu/podcastdetail/5221 Sun, 23 Oct 2016 22:10:02 GMT https://isc.sans.edu/forums/diary/ISC+Briefing+Large+DDoS+Attack+Against+Dyn/21627/
TCP Port 4786: Cisco Memory Leak Vulnerability
https://isc.sans.edu/forums/diary/Request+for+Packets+TCP+4786+CVE20166385/21625/
Dirty Cow PoC Exploits Available
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
To register for today's SANS Technology Institute's Professional Lecture Series, pleaes e-mail info@sans.edu
]]> 7:22 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5219 #NanoCore RAT; #DirtyCow Priv Escalation Flaw; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #NanoCore RAT; #DirtyCow Priv Escalation Flaw; https://traffic.libsyn.com/securitypodcast/5219.mp3 https://isc.sans.edu/podcastdetail/5219 Thu, 20 Oct 2016 23:35:02 GMT https://isc.sans.edu/forums/diary/Malspam+delivers+NanoCore+RAT/21615/
Dirty Cow Privilege Escalation Flaw
https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13
Lexmark Markvision Enterprise Application Vulnerability
https://www.digitaldefense.com/blog-zero-day-lexmark-markvision/
WebRTC Security Overview
https://webrtc-security.github.io
UPnP Scanner
https://www.tenable.com/blog/do-you-know-where-your-upnp-is
]]> 6:05 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5217 #ICS Files Used to "Amplify" spam; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #ICS Files Used to "Amplify" spam; https://traffic.libsyn.com/securitypodcast/5217.mp3 https://isc.sans.edu/podcastdetail/5217 Wed, 19 Oct 2016 23:30:01 GMT https://isc.sans.edu/forums/diary/Spam+Delivered+via+ICS+Files/21611/
Comodo OCR Errors Leads to SSL Certificate Verification Issues
https://heise.de/-3354229 (german only)
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Images Used to Exfiltrate CC Numbers From Web Stores
https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.html
]]> 5:45 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5215 #SSL/#SSH Confusion; #Dyre is Back; How Stolen iPhones are Unlocked; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #SSL/#SSH Confusion; #Dyre is Back; How Stolen iPhones are Unlocked; https://traffic.libsyn.com/securitypodcast/5215.mp3 https://isc.sans.edu/podcastdetail/5215 Wed, 19 Oct 2016 00:55:02 GMT https://isc.sans.edu/forums/diary/OpenSSH+Protocol+Mismatch+In+Response+to+SSL+Client+Hello/21609/
Dyre is Back as Trickbot
http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html
How Stolen iPhones Are Unlocked
https://www.linkedin.com/pulse/sin-card-how-criminals-unlocked-stolen-iphone-6s-renato-marinho?trk=pulse_spock-articles
]]> 6:48 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5213 Mozilla Users Reach 50% HTTPs; Yahoo! Mail MITM; LastPass Memory Forensics Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Mozilla Users Reach 50% HTTPs; Yahoo! Mail MITM; LastPass Memory Forensics https://traffic.libsyn.com/securitypodcast/5213.mp3 https://isc.sans.edu/podcastdetail/5213 Mon, 17 Oct 2016 23:50:01 GMT https://twitter.com/0xjosh/status/786971412959420424/photo/1
Retrieving LastPass Passwords From Memory
https://techanarchy.net/2016/10/extracting-lastpass-site-credentials-from-memory/
Yahoo MITM Due To Weak Crossdomain.xml Configuration
https://github.com/JordanMilne/YMail-Pineapple
]]> 5:20 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5211 pseudoDarkleach Switches Payload; Decoding VBA; Auditing SSH; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. pseudoDarkleach Switches Payload; Decoding VBA; Auditing SSH; https://traffic.libsyn.com/securitypodcast/5211.mp3 https://isc.sans.edu/podcastdetail/5211 Sun, 16 Oct 2016 23:55:02 GMT https://isc.sans.edu/forums/diary/pseudoDarkleech+Rig+EK/21595/
Decoder.xls to Decode Word Malicious Macro
https://isc.sans.edu/forums/diary/Analyzing+Office+Maldocs+With+Decoderxls/21601/
Auditing SSH Servers
https://github.com/arthepsy/ssh-audit
How Not To User HTML Purifier
https://devwerks.net/blog/16/how-not-to-use-html-purifier/
]]> 5:31 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5209 Mount Docker Filesystems; Globalsign Messes Up CA; DXXD Ransomware; LockyDump Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Mount Docker Filesystems; Globalsign Messes Up CA; DXXD Ransomware; LockyDump https://traffic.libsyn.com/securitypodcast/5209.mp3 https://isc.sans.edu/podcastdetail/5209 Fri, 14 Oct 2016 00:50:02 GMT https://isc.sans.edu/forums/diary/New+tool+dockermountpy/21589/
Global Sign OCSP Mess Up Invalidates Countless Certs
https://downloads.globalsign.com/acton/fs/blocks/showLandingPage/a/2674/p/p-008f/t/page/fm/0
Cisco Releases LockyDump
http://blog.talosintel.com/2016/10/lockydump.html
Google Updates Chrome
https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html
DXXD Ransomware Infected un-mapped Shares
http://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/
]]> 5:30 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5207 Wifi Dangers; AVTECH IP Camera Vulns; SAP Patches; 1024 Bit Keys Factored; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Wifi Dangers; AVTECH IP Camera Vulns; SAP Patches; 1024 Bit Keys Factored; https://traffic.libsyn.com/securitypodcast/5207.mp3 https://isc.sans.edu/podcastdetail/5207 Wed, 12 Oct 2016 22:50:02 GMT https://isc.sans.edu/forums/diary/WiFi+Still+Remains+a+Good+Attack+Vector/21583/
AVTECH IP Camera Vulnerabilities
http://seclists.org/bugtraq/2016/Oct/26
SAP Patches 3 Year Old Bug in P4
https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/
1024 bit DSA Keys Factored
https://eprint.iacr.org/2016/961.pdf
]]> 6:13 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5205 #MSFT, #Adobe Patches, badssl.com summary, More Swift Attacks Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #MSFT, #Adobe Patches, badssl.com summary, More Swift Attacks https://traffic.libsyn.com/securitypodcast/5205.mp3 https://isc.sans.edu/podcastdetail/5205 Tue, 11 Oct 2016 22:35:02 GMT https://isc.sans.edu/mspatchdays.html?viewday=2016-10-11
https://helpx.adobe.com/security/products/acrobat/apsb16-33.html
http://www.minixforum.com/threads/neo-z64w-doesnt-start-anymore-after-windows-10-update-help.14122/
Review of Browsers SSL Failures
https://docs.google.com/document/d/1b7lenmn5XO06QohaJzVffnJxjXjY1rD70wg34gfuxRo/edit#heading=h.w6vk76mv9e6n
New Malware Targeting SWIFT Users
http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks
]]> 5:58 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5203 #rehash calc entropy Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #rehash calc entropy https://traffic.libsyn.com/securitypodcast/5203.mp3 https://isc.sans.edu/podcastdetail/5203 Tue, 11 Oct 2016 02:55:02 GMT https://isc.sans.edu/forums/diary/Radare2+rahash2/21577/
Spoofing IPs Still works
https://idea.popcount.org/2016-09-20-strange-loop---ip-spoofing/
EU Commission Plants IoT Labeling
http://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/
]]> 3:29 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5201 Hurricane Matthew Phish; KNOXOut Vulnerability; Win 10 Improves XSS Protection Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Hurricane Matthew Phish; KNOXOut Vulnerability; Win 10 Improves XSS Protection https://traffic.libsyn.com/securitypodcast/5201.mp3 https://isc.sans.edu/podcastdetail/5201 Sun, 09 Oct 2016 23:45:02 GMT https://isc.sans.edu/forums/diary/First+Hurricane+Matthew+related+Phish/21571/
Samsung Galaxy S6 "KNOXOut" Vulnerability
http://media.wix.com/ugd/4e84e6_668d564cc447434a9a8fda3c13a63f6a.pdf
Windows 10 Anniversary Edition Improves IE 10 XSS Protection
http://mksben.l0.cm/2016/10/xss-via-referrer.html
]]> 5:09 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5199 Honeypot Fun; OS X Webcam; iOS Privacy; Steam Chat Hacks Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Honeypot Fun; OS X Webcam; iOS Privacy; Steam Chat Hacks https://traffic.libsyn.com/securitypodcast/5199.mp3 https://isc.sans.edu/podcastdetail/5199 Fri, 07 Oct 2016 03:25:01 GMT https://isc.sans.edu/forums/diary/Checking+my+honeypot+day/21561/
OS X Webcam Exploit
https://objective-see.com/products/oversight.html
iOS 10 Private Browsing
https://www.intaforensics.com/2016/09/30/ios-10-private-browsing-how-private-is-it/
Hacked Steam Accounts Used to Spread Malware
http://www.bleepingcomputer.com/news/security/hacked-steam-accounts-spreading-remote-access-trojan/
Please Report Any Hurricane Matthew Related Malware/Scams
https://isc.sans.edu/contact.html
]]> 5:41 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5197 Ouch Newsletter; Security Fatigue; Selfi Pay; MarsJoke Decrypter Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Ouch Newsletter; Security Fatigue; Selfi Pay; MarsJoke Decrypter https://traffic.libsyn.com/securitypodcast/5197.mp3 https://isc.sans.edu/podcastdetail/5197 Thu, 06 Oct 2016 04:20:02 GMT https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201610_en.pdf
"Security Fatigue"
https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly
"Selfi Pay" Facial Recognition
http://www.theregister.co.uk/2016/10/05/mastercard_selfie_pay/
"MarsJoke" Ransomware Decrypted
https://threatpost.com/researchers-break-marsjoke-ransomware-encryption/121022/
]]> 5:40 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5195 Misguided SSL Requests; Insulin Pump Flaws; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Misguided SSL Requests; Insulin Pump Flaws; https://traffic.libsyn.com/securitypodcast/5195.mp3 https://isc.sans.edu/podcastdetail/5195 Wed, 05 Oct 2016 03:15:02 GMT https://isc.sans.edu/forums/diary/SSL+Requests+to+nonSSL+HTTP+Servers/21551/
Insulin Pump Vulnerablities
https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
SSH Konami Codes
http://pen-testing.sans.org/blog/2015/11/10/protected-using-the-ssh-konami-code-ssh-control-sequences
Cyber Security Awareness Month
https://securingthehuman.sans.org/blog/2016/10/02/week01-kicking-off-ncsam/
OpenJPEG Flaw
http://blog.talosintel.com/2016/09/vulnerability-spotlight-jpeg2000.html
]]> 5:32 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5193 Password Buddy; iMessage Info Leak; Exploiting Kiosks Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Password Buddy; iMessage Info Leak; Exploiting Kiosks https://traffic.libsyn.com/securitypodcast/5193.mp3 https://isc.sans.edu/podcastdetail/5193 Tue, 04 Oct 2016 05:00:02 GMT https://isc.sans.edu/forums/diary/Password+Buddies+A+Better+Way+To+Reset+Passwords/21547/
iMessage Data Leakage
http://rsmck.co.uk/blog/imessage-preview/
Exploiting HP Thin Client
http://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html
]]> 5:43 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5191 DVR Exploit Analysis; Odd User-Agent From Word Exploit; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. DVR Exploit Analysis; Odd User-Agent From Word Exploit; https://traffic.libsyn.com/securitypodcast/5191.mp3 https://isc.sans.edu/podcastdetail/5191 Mon, 03 Oct 2016 04:35:02 GMT https://isc.sans.edu/forums/diary/The+Short+Life+of+a+Vulnerable+DVR+Connected+to+the+Internet/21543/
Another Day, Another Malicious Behaviour
https://isc.sans.edu/forums/diary/Another+Day+Another+Malicious+Behaviour/21539/
Capcom's Streetfighter V Anti Cheat Tool Allows Privilege Escalation
https://twitter.com/TheWack0lian/status/779397840762245124/photo/1?ref_src=twsrc%5Etfw
Apple Joins Mozilla In Distrusting WoSign
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/lWJ1zdUJPLI
"Footprints" Browser Extension Demonstrate Unmasking User's Idendity
https://footprints.stanford.edu
]]> 6:02 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5189 #SNMP Pw0n3ge; Yahoo! Answers For Bots; Unpatched DLink Router Vuln Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #SNMP Pw0n3ge; Yahoo! Answers For Bots; Unpatched DLink Router Vuln https://traffic.libsyn.com/securitypodcast/5189.mp3 https://isc.sans.edu/podcastdetail/5189 Fri, 30 Sep 2016 01:35:02 GMT https://isc.sans.edu/forums/diary/SNMP+Pwn3ge/21533/
Yahoo! Anwers Used in Command and Control Networks
http://researchcenter.paloaltonetworks.com/2016/09/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/
Dlink Router Includes Stupid Simple UDP Backdoor
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
Hikvision XXE Vulnerability
https://medium.com/@iraklis/an-unlikely-xxe-in-hikvisions-remote-access-camera-cloud-d57faf99620f#.qukzihoew
]]> 5:23 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5187 Rig Exploit Kit; osquery for Windows; Update Cowrie; BIND&Cisco DoS Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Rig Exploit Kit; osquery for Windows; Update Cowrie; BIND&Cisco DoS https://traffic.libsyn.com/securitypodcast/5187.mp3 https://isc.sans.edu/podcastdetail/5187 Wed, 28 Sep 2016 23:45:02 GMT https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+from+the+Afraidgate+Campaign/21531/
Facebook Releases osquery for Windows
https://blog.trailofbits.com/2016/09/27/windows-network-security-now-easier-with-osquery/
Update Cowrie and "New" Default Password used in Internet Wide Scans
https://isc.sans.edu/ssh.html?pw=xc3511
BIND Name Server Update
https://kb.isc.org/article/AA-01393/74/CVE-2016-2775%3A-A-query-name-which-is-too-long-can-cause-a-segmentation-fault-in-lwresd.html
Various Cisco DoS Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=NonCisco#~Vulnerabilities
]]> 5:07 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5185 Memory #Forensics Tricks; #IoT #DDoS; Google #CSP Tools; #Microsoft Cloud Fuzzer Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Memory #Forensics Tricks; #IoT #DDoS; Google #CSP Tools; #Microsoft Cloud Fuzzer https://traffic.libsyn.com/securitypodcast/5185.mp3 https://isc.sans.edu/podcastdetail/5185 Wed, 28 Sep 2016 01:20:01 GMT https://isc.sans.edu/forums/diary/Back+in+Time+Memory+Forensics/21527/
Cameras Responsible For Large DDoS Attacks
https://twitter.com/olesovhcom/status/779297257199964160
Google Releases CSP Support Tools
https://csp-evaluator.withgoogle.com
https://chrome.google.com/webstore/detail/csp-mitigator
Microsoft Launches "fuzzing-as-a-service"
https://www.microsoft.com/en-us/springfield/
]]> 5:08 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5183 Decompiling PCode; #StartCom/#Wosign CAs in Trouble; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Decompiling PCode; #StartCom/#Wosign CAs in Trouble; https://traffic.libsyn.com/securitypodcast/5183.mp3 https://isc.sans.edu/podcastdetail/5183 Mon, 26 Sep 2016 22:15:02 GMT https://isc.sans.edu/forums/diary/VBA+and+Pcode/21521/
Lenovo To Add FIDO Compliant Fingerprint Reader
http://www.theregister.co.uk/2016/09/26/intel_and_lenovo_give_the_finger_to_passwords_with_fido/
More Details On Simpler Password Hasing in iOS 10
https://twitter.com/thorsheim/status/779207177416351744
Mozilla to Remove WoSign and StartCom From Trusted List
https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview
]]> 6:07 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5181 Analyzing Malicious .PUB Files; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Analyzing Malicious .PUB Files; https://traffic.libsyn.com/securitypodcast/5181.mp3 https://isc.sans.edu/podcastdetail/5181 Mon, 26 Sep 2016 11:55:02 GMT https://isc.sans.edu/forums/diary/PUB+Analysis/21517/
iOS 10 Backup Passwords Easier to Crack
http://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/
Windows 10 Certificate Pinning of Microsoft Domains
http://hexatomium.github.io/2016/09/24/hidden-w10-pins/
IBM Geoblocking Fail For Australian Census
http://www.aph.gov.au/DocumentStore.ashx?id=124f22ba-caaa-46ff-899d-7d96851fee3e&subId=414127
97% Of Fortune 1000 Companies Have Leaked Credentials
http://info.digitalshadows.com/rs/457-XEY-671/images/CompromisedCredentials-LearnFromtheExposureoftheWorlds1000BiggestCompanies-Download.pdf
]]> 5:42 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5179 #openssl update; Biometric ATM Skimmer Prototypes; #Yahoo! Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #openssl update; Biometric ATM Skimmer Prototypes; #Yahoo! https://traffic.libsyn.com/securitypodcast/5179.mp3 https://isc.sans.edu/podcastdetail/5179 Thu, 22 Sep 2016 23:55:01 GMT https://isc.sans.edu/forums/diary/OpenSSL+Update+Released/21509/
ATM Skimmer Prototypes To Collect Fingerprints
https://securelist.com/files/2016/09/16_09_en.pdf
Yahoo! Breach Leaks 500M User's Data
https://yahoo.tumblr.com/post/150781911849/an-important-message-about-yahoo-user-security
]]> 5:25 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5177 #Locky Update; #ASMI bypass; #Cloudflare #SSL Rewrite Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Locky Update; #ASMI bypass; #Cloudflare #SSL Rewrite https://traffic.libsyn.com/securitypodcast/5177.mp3 https://isc.sans.edu/podcastdetail/5177 Wed, 21 Sep 2016 22:25:01 GMT https://isc.sans.edu/forums/diary/Those+neverending+waves+of+Locky+malspam/21505/
Windows Anti Malware Scan Interface (AMSI)
http://www.labofapenetrationtester.com/2016/09/amsi.html
Cloudflare Intorducing SSL Re-Write
https://blog.cloudflare.com/opportunistic-encryption-bringing-http-2-to-the-unencrypted-web/
Australian Police Warns of Malicious USB Sticks
https://www.vicpolicenews.com.au/news/harmful-usb-drives-found-in-letterboxes
]]> 5:54 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5175 #macos Siera Released; BackConnect BGP Hijacks; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #macos Siera Released; BackConnect BGP Hijacks; https://traffic.libsyn.com/securitypodcast/5175.mp3 https://isc.sans.edu/podcastdetail/5175 Wed, 21 Sep 2016 00:15:02 GMT https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/

BackConnect BGP Hijacks
http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/
Metasploit Vulnerablity
https://github.com/justinsteven/advisories/blob/master/2016_metasploit_rce_static_key_deserialization.md
]]> 4:57 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5173 Taking Over Facebook Pages; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Taking Over Facebook Pages; https://traffic.libsyn.com/securitypodcast/5173.mp3 https://isc.sans.edu/podcastdetail/5173 Tue, 20 Sep 2016 01:10:02 GMT http://arunsureshkumar.me/index.php/2016/09/16/facebook-page-takeover-zero-day-vulnerability/
Exchange Auto-Discovery Vulnerability
http://www.theregister.co.uk/2016/09/19/ms_exchange_alleged_bug/
Spyware Apps Targeting Travelers Removed From Goolge App Store
https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
Firefox Will Patch HSTS Vulnerability
https://threatpost.com/mozilla-patching-firefox-certificate-pinning-vulnerability/120694/
OpenSSL Patch Pre-Announcement
https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html
]]> 5:39 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5171 Cisco IKEv1 Advisory; 64Bit Conversion Woes; Intercepting OS X Passwords; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Cisco IKEv1 Advisory; 64Bit Conversion Woes; Intercepting OS X Passwords; https://traffic.libsyn.com/securitypodcast/5171.mp3 https://isc.sans.edu/podcastdetail/5171 Mon, 19 Sep 2016 01:45:02 GMT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
Intercepting OS X Passwords
https://www.scriptjunkie.us/2016/09/intercepting-passwords-to-escalate-privileges-on-os-x/
Vulnerabilities Introduced By Converting 32 Bit to 64 Bit
https://www.tu-braunschweig.de/Medien-DB/sec/pubs/2016-ccs.pdf
HSTS Preload Database and Webservices
https://hstspreload.com
]]> 7:16 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5169 Misc Locky Updates; WebEx Update; Windows Malware Attacking iOS/Android Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Misc Locky Updates; WebEx Update; Windows Malware Attacking iOS/Android https://traffic.libsyn.com/securitypodcast/5169.mp3 https://isc.sans.edu/podcastdetail/5169 Fri, 16 Sep 2016 03:00:02 GMT https://blog.avira.com/locky-ransomware-goes-autopilot/
https://blogs.forcepoint.com/security-labs/locky-distributor-uses-newly-released-quant-loader-sold-russian-underground
https://isc.sans.edu/forums/diary/Is+2+out+of+3+good+enough+for+AntiMalware/21485/
Critical Update For Cisco WebEx Server
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem
Dualtoy Malware Attacks iOS and Android
http://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/
Certificate Pinning Issue in Firefox/Tor Browser
https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.9jnte0u52
]]> 5:50 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5167 Drupal RESTWS Scans; Google.fr #XSS; #VMWare Updates Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Drupal RESTWS Scans; Google.fr #XSS; #VMWare Updates https://traffic.libsyn.com/securitypodcast/5167.mp3 https://isc.sans.edu/podcastdetail/5167 Thu, 15 Sep 2016 01:00:01 GMT https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Drupal+RESTWS+x+Module+Vulnerability/21481/
Google France XSS Vulnerability
https://sysdream.com/news/lab/2016-09-12-cross-site-scripting-vulnerability-found-on-www-google-fr/
Pokemon Go Continues to Lead to Malware
https://securelist.com/blog/mobile/76081/rooting-pokemons-in-google-play-store/
VMWare Update Fixes Escape Vulnerablity
https://www.vmware.com/security/advisories/VMSA-2016-0014.html
]]> 5:11 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5165 Super Patch Tuesday: Microsoft, Adobe, Apple Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Super Patch Tuesday: Microsoft, Adobe, Apple https://traffic.libsyn.com/securitypodcast/5165.mp3 https://isc.sans.edu/podcastdetail/5165 Wed, 14 Sep 2016 04:10:02 GMT https://isc.sans.edu/mspatchdays.html?viewday=2016-09-13
Adobe Air Patches
https://helpx.adobe.com/security/products/air/apsb16-31.html
iOS 10 Update
https://isc.sans.edu/forums/diary/Apple+iOS+10+and+1001+Released/21473/
]]> 9:21 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5163 Free Document Converters Add Malware; check my.cnf ownership; FDE Ransomware Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Free Document Converters Add Malware; check my.cnf ownership; FDE Ransomware https://traffic.libsyn.com/securitypodcast/5163.mp3 https://isc.sans.edu/podcastdetail/5163 Tue, 13 Sep 2016 03:45:02 GMT https://isc.sans.edu/forums/diary/If+its+Free+YOU+are+the+Product/21469/
Weak MySQL Configurations Can Lead To Privilege Escalation
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
Full Disk Encryption Ransomware
https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho?trk=prof-post
]]> 6:15 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5161 Upgrade to MacOS Sierra Security; PCI PTS POI 5.0 Standard; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Upgrade to MacOS Sierra Security; PCI PTS POI 5.0 Standard; https://traffic.libsyn.com/securitypodcast/5161.mp3 https://isc.sans.edu/podcastdetail/5161 Mon, 12 Sep 2016 04:30:02 GMT https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/
PCI PIN Transation Security / Point of Interaction Update
https://www.pcisecuritystandards.org/documents/PCI_PTS_POI_SRs_v5.pdf
IMAPS Scans
https://isc.sans.edu/forums/diary/Ongoing+IMAP+Scan+Anyone+Else/21463/
]]> 6:21 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5159 Looking for #SNMP pcaps; #XEN Vulnerabilities; Old Bugs Still Work Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Looking for #SNMP pcaps; #XEN Vulnerabilities; Old Bugs Still Work https://traffic.libsyn.com/securitypodcast/5159.mp3 https://isc.sans.edu/podcastdetail/5159 Thu, 08 Sep 2016 23:35:02 GMT https://isc.sans.edu/forums/diary/Curious+SNMP+Traffic+Spike/21457/
New Version of Wireshark Released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html
XEN Hypervisor Vulnerabilities
https://xenbits.xen.org/xsa/
Google Moving Ahead With HTTP Phaseout
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
Old Windows Media Player DRM Feature Still Used To Install Malware
http://blog.cyren.com/articles/windows-media-player-drm-feature-used-for-malware-delivery-again.html
SEC503 Intrusion Detection in Depth Online Training
https://www.sans.org/vlive/details/sec503-19sep2016-johannes-ullrich-phd
]]> 7:04 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5157 Fortinet Unpatched Priv Esc Flaws; NSM Vulnerabilities Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Fortinet Unpatched Priv Esc Flaws; NSM Vulnerabilities https://traffic.libsyn.com/securitypodcast/5157.mp3 https://isc.sans.edu/podcastdetail/5157 Thu, 08 Sep 2016 00:50:02 GMT https://isc.sans.edu/forums/diary/Updated+DShield+Blocklist/21453/
Fortinet FortiWAN Load Balancer Mulitple Unpatched Vulnerabilities
http://www.kb.cert.org/vuls/id/724487
Rapid7 Published NSM Vulnerabilities
http://www.theregister.co.uk/2016/09/07/natwork_magement_vulns/
OPM Breached by Two Different Attackers
https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf
]]> 5:32 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5155 Google Releases Android Security Update; More Default Keys Then Ever Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Google Releases Android Security Update; More Default Keys Then Ever https://traffic.libsyn.com/securitypodcast/5155.mp3 https://isc.sans.edu/podcastdetail/5155 Tue, 06 Sep 2016 23:40:01 GMT https://source.android.com/security/bulletin/2016-09-01.html
Hard Coded Password / Key Issue Gets Worse
http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html
Snagging Credentials From Locked Machines (Windows and OS X)
https://room362.com/post/2016/snagging-creds-from-locked-machines/
]]> 5:51 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5153 #Trident / #Pegasus Patch for OS X; Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #Trident / #Pegasus Patch for OS X; https://traffic.libsyn.com/securitypodcast/5153.mp3 https://isc.sans.edu/podcastdetail/5153 Tue, 06 Sep 2016 00:20:01 GMT https://support.apple.com/en-us/HT201222
Malware Delivered via ".pub" Files
https://isc.sans.edu/forums/diary/Malware+Delivered+via+pub+Files/21443/
Sophos Anti Virus False Positive Causes Blue Screen of Death
https://community.sophos.com/kb/en-us/125000
Adobe Reviving Flash for Linux
https://blogs.adobe.com/flashplayer/2016/08/beta-news-flash-player-npapi-for-linux.html
Google Patches Nexuse 5X Vulnerability
https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/
]]> 5:13 Security, Network, Technology, Windows, Linux, Apple, iOS, Android, Firewall, cyber, business, cybersecurity, hacking, infosec, it, news, daily, network, security, computer, internet Johannes B. Ullrich, Ph.D. full 5151 Malware Using MaxMind For Host ID/GeoLoc. Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Malware Using MaxMind For Host ID/GeoLoc. https://traffic.libsyn.com/securitypodcast/5151.mp3 https://isc.sans.edu/podcastdetail/5151 Thu, 01 Sep 2016 22:40:02 GMT https://isc.sans.edu/forums/diary/Maxmindcom+Abused+As+AntiAnalysis+Technique/21435/
Content Security Policy of Limited Use in Real World
https://research.google.com/pubs/pub45542.html
CryptWare Bitlocker Enhancement Vulnerability
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160831-0_CryptWare_CryptoPro_Manipulation_of_pre-boot_authentication_v10.txt
Google Releases Chrome 53