Look for any podcast host, guest or anyone

Showing episodes and shows of

Johannes B. Ullrich

Shows

MENOMIO - Der Podcast für glückliche Wechseljahre

MENOMIO - Der Podcast für glückliche Wechseljahre35_Verhütung in den Wechseljahren: Im Gespräch mit Johannes Ott In dieser Episode spricht Daniela mit Johannes Ott, Leiter der klinischen Abteilung für gynäkologische Endokrinologie am AKH Wien. Im Fokus steht die Verhütung in den Wechseljahren – ein Thema, das viele Frauen verunsichert. Johannes Ott erklärt, warum auch in der Perimenopause Verhütung notwendig sein kann, welche hormonellen und nicht-hormonellen Methoden es gibt und worauf man dabei achten sollte. Außerdem beleuchtet er die Auswirkungen hormoneller Verhütungsmethoden auf die Wechseljahre und wie individuelle Bedürfnisse berücksichtigt werden können. Themen der Folge: Verhütung in den Wechseljahren: Warum Verhütung in der Perimenopa...2024-04-2643 min $Football Hautnah! - ELF, GFL & NFL aus Coach\'s-Sicht$ Football Hautnah! - ELF, GFL & NFL aus Coach's-SichtGespräche mit AFVD + ELF News & Jan Ullrich - Wie gefährlich ist Doping? (#95).00:00 Challenge bis Weihnachten – Was passt zu dir? 07:55 Jan Ullrich – Wie gefährlich ist Doping? 21:48 Johannes hatte seinen letzten Arbeitstag im Großkonzern 26:45 Power House Camp bei Martin im Fitnessstudio 34:22 Martin‘s Gespräch mit neuem AFVD Präsidium & GFL News 40:50 ELF News – Spielerwechsel & neue US-Coaches 50:00 49ers gegen Eagles – Martin’s Erkenntnisse aus der Coaches Cam ----------- Schicke uns gerne deine Fragen. Kontaktiere uns hier (auch via Sprachnachricht) & weitere Infos zu Martin und Johannes oder dem CTK Sportpark: https://linktr.e...2023-12-071h 03 $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday January 18th, 2022Smarter Log4Shell; Special MSFT Update; Cisco CCMP Patch; Zoho Patch; Google Chrome Private Network Restriction Log4Shell Attacks Getting Smarter https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/ Microsoft Releases Special Update to Deal with January Update Fail https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/ Cisco Unified Contact Center Management Portal and Unifed Contact Center Domain Manager Privilege Escalation Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4 Zoho Critical Security Patch Released in Desktop Central and Desktop Central MSP https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022 Google Chrome...2022-01-1805 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday January 17th, 2022NTFS Alt. Data Streams; MSFT Resumes Windows Updates; Safari IndexDB Leak; Use of Alternate Data Streams in Research Scans https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/ Microsoft Resumes Windows Server 2019 Cumulative Updates https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/ Safari Index DB Leak https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/ keywords: safari; indexdb; microsoft; windows server; 2019; updates; ads; ntfs 2022-01-1705 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday January 14th, 2022MSFT Patch Issues; Jenkins Advisory; Qakbot Decryptor; Android 2G Disable; MSFT Defender Weakness MSFT Patch Issues https://borncity.com/win/2022/01/12/patchday-windows-8-1-server-2012-r2-updates-11-januar-2022-mgliche-boot-probleme/ https://support.microsoft.com/en-us/topic/january-11-2022-kb5009624-monthly-rollup-23f4910b-6bdd-475c-bb4d-c0e961aff0bc https://support.microsoft.com/en-us/topic/january-11-2022-kb5009595-security-only-update-060870c2-ad08-40e5-b000-a9f6d40c0831 Jenkins Security Advisory 2022-01-1 https://www.jenkins.io/security/advisory/2022-01-12/ Qakbot Configuration Decryptor https://github.com/drole/qakbot-registry-decrypt Android allows Disabling 2G https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Weakness in Microsoft...2022-01-1405 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday January 13rd, 2022CVE-2020-21907 http.sys update; SonicWall Vuln Details; iOS/iPadOS Update; RDP Vuln Details; RATs vs Cloud A Quick CVE-2022-21907 FAQ https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234/ Details Released Regarding Patched Sonicwall Vulnerabilities https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/ iOS/iPad OS Fixing HomeKit Vulnerability / Private Relay issues https://support.apple.com/en-us/HT201222 https://www.macrumors.com/2022/01/12/apple-icloud-private-relay-ios-15-2/ Atticking RDP From Inside https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside Nanocore, Netwire and AsyncRAT Spreading Campaign Uses Public Cloud Infrastructre https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html...2022-01-1305 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday January 12nd, 2022MSFT Patch Tuesday (#wormable #http.sys vuln); Adobe Updates Microsoft Patch Tuesday - January 2022 https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/ Adobe Updates https://helpx.adobe.com/security.html keywords: microsoft; patch tuesday; wormable; http.sys; adobe; reader; acrobat 2022-01-1206 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday January 11st, 2022macOS "powerdir" vuln; URL Parser Vulns; npm libs sabotaged New MacOS Vulnerability Could Lead to Unauthorized User Data Access https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access Exploiting URL Parsers https://claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf NPM libs "colors" and "faker" sabotaged by developer https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ keywords: npm; colors; faker; url parsers; macos; powerdir; tcc 2022-01-1105 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday January 10th, 2022Cobalt Strike via MSBuild; H2 JNDI Vuln; Trojanized dnSpy; Fin7 BadUSB Extracting Cobalt Strike Beacons from MSBuild Scripts https://isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/ The JNDI Strikes Back: Unauthenticated RCE in H2 Database Console https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ Trojanized dnSpy app drops malware cocktail https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/ FIN7 Attackers Sending Malicious USB Sticks https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/ keywords: fin7; usb; badusb; rubberducky; dnspy; malware; cryptowallet; jndi; h2; database; cobalt stike; msbuild 2022-01-1005 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday January 7th, 2022Malware Targeting Chinese; Google Docs Comment Abuse; Google Voice Auth Scam Malicious Python Script Targeting Chinese People https://isc.sans.edu/forums/diary/Malicious+Python+Script+Targeting+Chinese+People/28220/ Google Docs Comment Exploit Allows for Distribution of Phishing and Malware https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware Google Voice Authentication Scams https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-against-google-voice-authentication-scams Norton Crypto Miner https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx keywords: python; china; chinese; google; docs; comments; phshing; voice; norton; miner 2022-01-0705 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday January 6th, 2022Malware Code Reuse; ZLoader Exploiting Signature Bug; VMWare CD-Rom Vuln; Honda Y2K22 Bug Code Reuse in the Malware Landscape https://isc.sans.edu/forums/diary/Code+Reuse+In+the+Malware+Landscape/28216/ ZLoader Campaign Exploiting Signature Verification Bug https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/ VMWare Virtual CD-Rom Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0001.html Honda Y2k22 Bug https://www.bleepingcomputer.com/news/technology/honda-acura-cars-hit-by-y2k22-bug-that-rolls-back-clocks-to-2002/ keywords: honda; y2k22; malware; code reuse; zloader; signatures; vmware; cd-rom 2022-01-0605 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday January 5th, 2022BlockInput; Windows Server RDP Patch; Malicious Telegram Installer; Web Skimmer vs. Real Estate A Simple Batch File That Blocks People https://isc.sans.edu/forums/diary/A+Simple+Batch+File+That+Blocks+People/28212/ Windows Server Remote Desktop Emergency Update https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#2772 Malicious Telegram Installer Includes Purple Fox Rootkit https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit Web Skimmer Campaign Targets Real Estate Websites https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/ keywords: web skimmer; telegram; windows server; blockinput 2022-01-0505 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday January 4th, 2022Fake AV Phish; Trend Micro Bug; E-Commerce Bots; iOS Homekit DoS McAfee Phishing Campaign with a Nice Fake Scan https://isc.sans.edu/forums/diary/McAfee+Phishing+Campaign+with+a+Nice+Fake+Scan/28208/ Trend Micro Apex One Patch https://success.trendmicro.com/solution/000289996 E-commerce Bots Using Cheap Domain Registration Services https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/ iOS Homekit DoS Vulnerability https://trevorspiniolas.com/doorlock/doorlock.html keywords: ios; homekit; dos; trend micro; apex; ecommerce; bots; mcafee; phish 2022-01-0405 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday January 3rd, 2022Exchange Server Y2k+22; Agent Tesla Updates; SSD Firmware Tampering; iLO Bleed; Exchange Server Year 2022 Bug https://isc.sans.edu/forums/diary/Exchange+Server+Email+Trapped+in+Transport+Queues/28204/ https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447 Agent Tesla Updates https://isc.sans.edu/forums/diary/Agent+Tesla+Updates+SMTP+Data+Exfiltration+Technique/28190/ https://isc.sans.edu/forums/diary/Do+you+want+your+Agent+Tesla+in+the+300+MB+or+8+kB+package/28202/ Forensics Issues and Techniques to Improve Security in SSD with Flex Capacity Feature https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf iLO Bleed Attack https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a...2022-01-0307 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday December 30th, 2021Log4j Summary; MSFT Defender Log4j False Pos; T-Mobile SIM Swapping; Fisher Price Phone Flaw Log4j 2 Security Vulnerabilities Update Guide https://isc.sans.edu/forums/diary/Log4j+2+Security+Vulnerabilities+Update+Guide/28188/ Microsoft Defender Log4j False Positives https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-log4j-scanner-triggers-false-positive-alerts/ T-Mobile SIM Swapping Alerts https://www.bleepingcomputer.com/news/security/t-mobile-says-new-data-breach-caused-by-sim-swap-attacks/ Fisher Price Bluetooth Phone Privcy Flaw https://www.pentestpartners.com/security-blog/audio-bugging-with-the-fisher-price-chatter-bluetooth-telephone/ keywords: fisher price; bluetooth; t-mobile; sim swapping; log4j; microsoft; defender 2021-12-3004 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday December 29th, 2021One More #Log4j Vuln; LotL Classifiers; LastPass Credentials Stuffing Log4j Vulnerablity CVE-2021-44832 https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 LotL Classifiers https://isc.sans.edu/forums/diary/LotL+Classifier+tests+for+shells+exfil+and+miners/28184/ LastPass Credential Stuffing https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/ keywords: log4j, log4shell, lastpass, lotl, lolbins; cve-2021-44832 2021-12-2904 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday December 28th, 2021Cobaltstrike via MSBuild; Bypassing MacOS Gatekeeper; Spider-Miner Attackers are Abusing MSBuild to Evade Defenses and Implant Cobalt Strike Beacons https://isc.sans.edu/forums/diary/Attackers+are+abusing+MSBuild+to+evade+defenses+and+implant+Cobalt+Strike+beacons/28180/ Bypassing File Quarantine, Gatekeeper and Notarization Requirements https://objective-see.com/blog/blog_0x6A.html Spider-Miner: Trojanized Version of Spiderman No Way Home https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/ keywords: spider man; miner; monero; macos; notarization; gatekeeper; quarantine; MSBuild; Cobalt Strike 2021-12-2804 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday December 27th, 2021#log4j/#log4shell and IMDS + more Crypto Miners; MSFT Vuln/Malicious Driver Reporting; Azure Source Code Leak Log4j/Log4Shell and Cloud Internal Meta Data Services https://isc.sans.edu/forums/diary/log4shell+and+cloud+provider+internal+meta+data+services+IMDS/28168/ https://isc.sans.edu/forums/diary/Defending+Cloud+IMDS+Against+log4shell+and+more/28170/ Log4j/Log4Shell Pushing Crypto Miner https://isc.sans.edu/forums/diary/Example+of+how+attackers+are+trying+to+push+crypto+miners+via+Log4Shell/28172/ Microsoft Vulnerable and Malicious Driver Reporting Center https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/ Azure Source...2021-12-2705 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday December 23rd, 2021Forensics Challenge Solution; CAB-less 40444; COVID Home Test Weakness Forensics Challenge Solution https://isc.sans.edu/forums/diary/December+2021+Forensic+Contest+Answers+and+Analysis/28160/ CAB-less 40444 https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/ Ellume COVID Home Test Weakness https://github.com/FSecureLABS/Ellume-COVID-Test_Research-Files keywords: covid; ellume; cab-less; cve-2021-40444; forensic challenge 2021-12-2304 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday December 22nd, 2021More Undetectes PS Droppers; Apache Patches; Auerswald PBX Backdoor; Garrett Metal Detectors More Undetected PowerShell Droppers https://isc.sans.edu/forums/diary/More+Undetected+PowerShell+Dropper/28158/ Apache Patches https://httpd.apache.org/security/vulnerabilities_24.html Auerswald COMpact Multiple Backdoors https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/-auerswald-compact-multiple-backdoors Vulnerabilities in Garrett Metal Detectors https://blog.talosintelligence.com/2021/12/vuln-spotlight-garrett-metal-detector.html#more keywords: garrett; metal detectors; auerswald; pbxs; dropper; powershell; antivirus;2021-12-2205 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday December 21st, 2021Agent Tesla Code Reuse; VMWare Workspace ONE; KNXlock PowerPoint Atachments: Agent Tesla and Code Reuse in Malware https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/ VMWare Workspace ONE Patch / log4j status https://www.vmware.com/security/advisories.html Attacks Against Building Automation https://limessecurity.com/en/knxlock/ keywords: knxlock; building automation; knx; vmware; powerpoint; tesla 2021-12-2105 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday December 20th, 2021Automating Public DNS Changes; Office 2021 VPA Version; More #Log4j/Log4Shell fun Disaster Recovery Automation Using Public DNS APIs https://isc.sans.edu/forums/diary/DR+Automation+Using+Public+DNS+APIs/28146/ Office 2021: VBA Project Version https://isc.sans.edu/forums/diary/Office+2021+VBA+Project+Version/28150/ Log4j Updates https://www.blumira.com/analysis-log4shell-local-trigger/ https://logging.apache.org/log4j/2.x/security.html keywords: log4j; log4shell; office 2021; vba versions; disaster recovery; dns; dr 2021-12-2006 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday December 17th, 2021Contact Form Campaigns; BT vs. WiFi; Lenovo IMController; Log4j update #log4j #log4shell #lenovo How the "Contact Forms" Campaign Tricks People https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/ Bluetooth Used to Extract WiFi Secrets https://arxiv.org/pdf/2112.05719.pdf Lenovo Privilege Escalation Vulnerability https://support.lenovo.com/cy/en/product_security/len-75210 https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/ Log4j Updates https://github.com/cisagov/log4j-affected-db https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 https://twitter.com/sans_isc/status/1471611522694717445 keywords: log4j...2021-12-1707 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday December 16th, 2021Undetected Powershell Backdoor; Adobe Update; RDP Client Deserialization Vuln; webkit vs PS4 Undetected Powershell Backdoor https://isc.sans.edu/forums/diary/Simple+but+Undetected+PowerShell+Backdoor/28138/ Adobe Security Updates https://helpx.adobe.com/security.html Remote Deserialization Bug in Microsoft RDP Client Through Smart Card Extension https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/ Webkit Bug Exploitable in PS4 https://arstechnica.com/gaming/2021/12/new-ps4-homebrew-exploit-points-to-similar-ps5-hacks-to-come/ keywords: ps4; webkit; rdp; client; adobe; deserialization; powershell; backdoor 2021-12-1605 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday December 15th, 2021Microsoft Patches; Log4j Updates; Log4j Scanner/Patcher; Apple Updates #log4j $log4shell Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/ Log4j Updates https://isc.sans.edu/forums/diary/Log4j+2150+and+previously+suggested+mitigations+may+not+be+enough/28134/ Log4j Scanner https://github.com/dtact/divd-2021-00038--log4j-scanner Apple Updates https://support.apple.com/en-us/HT201222 keywords: apple; log4j; ios; macos; ipados; watchos; tvos; microsoft; patches 2021-12-1505 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday December 14th, 2021Log4Shell "wrapup"; Google Chrome Update; Malicious PyPi Packages Log4Shell Becoming Part of the Day to Day Grind https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/ https://www.youtube.com/watch?v=oC2PZB5D3Ys Google Chrome Update https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html Malicious PyPi Packages https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2 keywords: pypi; backdoor; google chrome; 0day; log4shell; log4j 2021-12-1405 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday December 13rd, 2021Infocon Raised to Yellow for #Log4Shell / #Log4j2 Vulnerablity Remote Code Execution in log4j2 https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/ Log4j Zero Day https://www.lunasec.io/docs/blog/log4j-zero-day/ Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/ Log4Shell Vendor Bulletins https://gist.github.com/SwitHak/b66db3...2021-12-1307 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday December 10th, 2021Discord Phishing; Microtik Issues; log4j RCE 0 Day; Sonicwall SMA 100 Patch Phishing Direct Messages via Discord https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/ Vulnerable Microtik Routers https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/ log4j RCE 0-day https://www.lunasec.io/docs/blog/log4j-zero-day/ Sonicwall SMA 100 Patch https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/ keywords: sonicwall; log4j; rce; 0-day; microtik; phishing; discord 2021-12-1006 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday December 9th, 2021Forensic Challenge; Phishing with MSFT OAuth; Android Patchday December 2021 Forensic Challenge https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/ Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection Android Patch Day https://source.android.com/security/bulletin/2021-12-01?hl=en keywords: android; github; microsoft; forensic; challenge; contest 2021-12-0905 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday December 8th, 2021Webshells; AWS Outages; Kafka Exposed; Windows 10 RCE; Browser XS Bugs Webshells, Webshells everywhere! https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/ AWS Outage https://status.aws.amazon.com Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/ Windows 10 RCE: The exploit is in the link https://positive.security/blog/ms-officecmd-rce XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers https://xsinator.com/paper.pdf keywords: xsinator; cross-site; xs leak; browser; windows 10; rce; link; ms-officemd; kafdrop; kafka; aws; webshells 2021-12-0805 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday December 7th, 2021OOB Networks for Incident Handling; Unitrends Backup Updates; Deanonymizing Tor; The Importance of Out of Band Networks https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/ Kaseya Unitrends Backup Appliance Updates https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 Is KAX17 Performing De-Anonymization Attacks Against Tor Users? https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8 Google Chrome Update No 0-Days https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html keywords: google chrome; kax17; nusenu; twitter; out of band; ransomware 2021-12-0705 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday December 6th, 2021UPX is forever; Airgap Attacks; Ubiquity Insider Extortion The UPX Packer will never die https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/ Survey of Airgap Attacks https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/ Ubiquity Victim of Insider Extortion https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-charged-stealing-confidential-data-and-extorting keywords: upx; airgap; usb; ubiquity; insider 2021-12-0605 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday December 3rd, 2021TA551 Pushing IcedID; pip-audit; Wifi-Router Flaws; #HolidayHack TA551 (Shathak) Pushes IcedID (Bokbot) https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/ pip-audit scanning Python packages for known vulnerabilities https://pypi.org/project/pip-audit/ Wifi Router Flaws https://www.iot-inspector.com/blog/router-security-check-2021/ SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge/ keywords: holiday; hack challenge; wifi; router; pip-audit; ta551; icedid 2021-12-0314 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday December 2nd, 2021Webhook.site Exfiltration; NSS Library Vuln; EwDoor vs. AT&T; JAMF Pro Patch Info-Stealer Using webhook.site to Exfiltrate Data https://isc.sans.edu/forums/diary/InfoStealer+Using+webhooksite+to+Exfiltrate+Data/28088/ Mozilla NSS Library Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=2237 EwDoor Botnet is Attacking AT&T Customers https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/ JAMF Pro 10.32 Patch https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505 keywords: ewdoor; at&t; nss; mozillay; webhook; jamf 2021-12-0206 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday December 1st, 2021Composer vs PHPUnit; Microsoft Defender False Pos; HP Printer Vuln; Win10 Arbitrary File Read Hunting for PHPUnit Installed via Composer https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/ Microsoft Defender Scares Admins with Emotet False Positivies https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/ Printing Shellz HP Printer Vulnerabilities https://blog.f-secure.com/hp-printer-vulnerabilities/?_ga=2.125707850.1160056027.1638325485-2056233716.1638325485 Unpatched Local Privilege Escalation in Mobile Device Management Service https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html keywords: mdm; windows; mobile device management; shellz; hp printer; defender; emotet; phpunit; composer 2021-12-0106 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday November 30th, 2021Wireshark Update; Google Cloud Security; Zoom Patch; Slack vs DNSSEC Wireshark 3.6.0 Released https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/ Google Cloud Security Report https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf Zoom Patch https://explore.zoom.us/en/trust/security/security-bulletin/ Slack DNSSEC Experience Reports https://slack.engineering/what-happened-during-slacks-dnssec-rollout/ keywords: dnssec; slack; zoom; google; cloud; wireshark 2021-11-3005 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday November 29th, 2021Disappearing Phish; Trickbot HTML Resolution Check; QNAP QVR Patch; CronRAT Phishing Pages Hiding Itself Using Dynamically Adjusted IP Based Allow List https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/ Trickbot Phishing Checks Screen Resolution to Evade Researchers https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/ QNAP QVR Patch https://www.qnap.com/de-de/security-advisory/qsa-21-51 CronRAT Malware Hiding in cron https://sansec.io/research/cronrat keywords: cronrat; malware; cron; crontab; qnap; qvr; trickbot; html; resolution; phishing; ip address; allow list; block list 2021-11-2906 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday November 24th, 2021Improved YARA Maldoc Signature; Windows Installer 0-Day; VMWare VCenter Vulnerability YARA Rule for OOXML Maldocs: Less False Positives https://isc.sans.edu/forums/diary/YARA+Rule+for+OOXML+Maldocs+Less+False+Positives/28066/ Zero-Day Windows Installer Exploit https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/ VMWare VCenter Vulnerability and Patch https://www.vmware.com/security/advisories/VMSA-2021-0027.html keywords: vmware; vcenter; windows; installer; exploit; 0day; yara; ooxml; office; maldocs 2021-11-2403 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday November 23rd, 2021Office Macro YARA Rules; Magento Exploits; Exchange PoC (CVE-2021-42321); Windows PrivEsc 0-Day PoC; CloudLinux RCE Simple YARA Rules for Office Maldocs https://isc.sans.edu/forums/diary/Simple+YARA+Rules+for+Office+Maldocs/28062/ Retailers Urged to Patch Magento https://www.theregister.com/2021/11/22/ncsc_magento_updates_black_friday_reminder/ PoC of CVE-2021-42321: pop mspaint.exe on the target https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398 BeC Via Exchange Flaws https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html Windows Priv. Escalation PoC https://github.com/klinix5/InstallerFileTakeOver PHP deserialize vulnerablity in CloudLinux Imunity360...2021-11-2304 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday November 22nd, 2021Hikvision Exploited; Detecting PAM Backdoors Hikvision Security Cameras Potentially Exposed to Remote Code Execution https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/ Detecting PAM Backdoors https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/ Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem https://dl.acm.org/doi/pdf/10.1145/3460120.3484768 CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/ keywords: cve-2021-42306; credmanifest; azure; rusted anchors; ca; web; pki; tls; pam; backdoors; hikvision 2021-11-2205 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday November 19th, 2021JavaScript Delivers Agent Tesla; GitHub vs cookies.sqlite; Fatpipe VPN Exploited; Abusing ClouDNS JavaScript Downloader Delivers Agent Tesla Trojan https://isc.sans.edu/forums/diary/JavaScript+Downloader+Delivers+Agent+Tesla+Trojan/28050/ Exposed Firefox cookies.sqlite Databases https://www.theregister.com/2021/11/18/firefox_cookies_github/ FBI Warns of Fatpipe VPN Exploits https://www.ic3.gov/Media/News/2021/211117-2.pdf Abusing ClouDNS https://blog.netlab.360.com/the-pitfall-of-threat-intelligence-whitelisting-specter-botnet-is-taking-over-top-legit-dns-domains-by-using-cloudns-service/ keywords: cloudns; fbi; fatpipe; firefox; cookies.sqlite; javascript; tesla 2021-11-1906 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday November 18th, 2021DDS Implementation Vuln; Siemens Nucleus TCP/IP Flaws; Netgear UPNP; DDS Protocol Implementation Vulnerabilities https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02 Siemens TCP/IP Flaws https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucleus-tcp-ip-stack/ Netgear UPNP Stack Based Buffer Overflow https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html keywords: netgear; upnp; siemens; tcp/ip; dds;2021-11-1804 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday November 17th, 2021Emotet Returns; NPM Security; Intel CPU Debug Vulnerablity; Router Vulnerablity List Emotet Returns https://isc.sans.edu/forums/diary/Emotet+Returns/28044/ GitHub Improves npm Security https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/ Intel CPU Debug Vulnerability https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-intel-processors-used-in-laptops-cars-and-other-devices/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html Home Router Vulnerability Listing https://modemly.com/m1/pulse keywords: home router; vulnerability; intel; cpu; github; emotet; npm 2021-11-1706 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday November 16th, 2021MSFT Update Fixes Auth Failures; Clipboard AD Passwd Change; Parking Pages Distribute Malware; Rowhamer 4 ever; Microsoft Emergency Update fixes AD Authentication Problems https://support.microsoft.com/en-us/topic/november-14-2021-kb5008601-os-build-14393-4771-out-of-band-c8cd33ce-3d40-4853-bee4-a7cc943582b9 Using Copy Paste to Change Microsoft AD Password https://isc.sans.edu/forums/diary/Changing+your+AD+Password+Using+the+Clipboard+Not+as+Easy+as+Youd+Think/28036/ Parking Pages Used to Distrbute Malware https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/ Blacksmith Revives Rowhamer https://comsec.ethz.ch/research/dram/blacksmith/ keywords: blacksmisth; rowhamer; parking pages; malware; namesilo; mirosoft; ad; password...2021-11-1606 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday November 15th, 2021Not So Fake FBI E-Mails; BASE64 Maldocd Reversing; zoom and vmware update; windows priv esc 0-day Not So Fake FBI E-Mails https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails https://isc.sans.edu/forums/diary/External+Email+System+FBI+Compromised+Sending+Out+Fake+Warnings/28034/ https://twitter.com/spamhaus/status/1459450061696417792 Reversing Obfuscated Maldoc with BASE64 https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030/ Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ VMWare VCenter Update https://www.vmware.com/security/advisories/VMSA-2021-0025.html Windows User Profile 0-Day LPE https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html keywords: lpe...2021-11-1505 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday November 12nd, 2021In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder https://www.sans.org/press/announcements/alan-paller-cyber-security-industry-titan-and-sans-institute-founder-passes-away/ https://isc.sans.edu/forums/diary/In+Memory+of+Alan+Paller/28026/ keywords: alan paller 2021-11-1203 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday November 11st, 2021Shadow IT and Phishing; PaloAlto GlobalProtect Vuln; Citrix DoS Vuln; Shadow IT Makes People More Vulnerable to Phishing https://isc.sans.edu/forums/diary/Shadow+IT+Makes+People+More+Vulnerable+to+Phishing/28022/ PaloAlto Networks GlobalProtect VPN CVE-2021-3064 https://www.randori.com/blog/cve-2021-3064/?i=2 Citrix ADC/Gateway/SD-WAN WANOP Patch https://support.citrix.com/article/CTX330728 HPE Aruba Breach https://www.arubanetworks.com/support-services/security-bulletins/central-incident-faq/ keywords: hpe; aruba; citrix; adc; sd-wan; paloalto; shadow it; phishing 2021-11-1106 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday November 10th, 2021Microsoft Patches; Adobe Patches; BusyBox Patches; Microsoft November 2021 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+November+2021+Patch+Tuesday/28018/ Adobe Patches https://helpx.adobe.com/security.html BusyBox Vulnerabilities https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ keywords: busybox; adobe; microsoft; patches 2021-11-1006 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday November 9th, 2021Abusing Security Tools; ManageEngine ADSelfService Attacks; Machine Learning Image Scaling Attacks (Ab)Using Security Tools & Controls for the Bad https://isc.sans.edu/forums/diary/AbUsing+Security+Tools+Controls+for+the+Bad/28014/ Targeted Attack Campaign Against ManageEngine ADSelfService Plus https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/ Image-Scaling Attacks in Machine Learning https://www.usenix.org/system/files/sec20fall_quiring_prepub.pdf keywords: machine learning; manageengine; adselfservice; abusing; pam 2021-11-0907 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday November 8th, 2021Extracting Cobalt Strike Keys from Memory; xmount; Proactive SIMs; Thunderbird Patches Decyprting Cobalt Strike Traffic With Keys Extracted From Process Memory https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/ XMount for Disk Images https://isc.sans.edu/forums/diary/Xmount+for+Disk+Images/28002/ More Proactive SIMs https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189 Thunderbird Update https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/ keywords: sim; xmount; cobalt strike; thunderbird 2021-11-0805 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday November 5th, 2021October Packets Challenge Solution; Linux Kernel RCE; Cisco Patches; WebAssembly Security October 2021 Forensic Contest Answers and Analysis https://isc.sans.edu/forums/diary/October+2021+Forensic+Contest+Answers+and+Analysis/27998/ CVE-2021-43267: Remote Linux Kernel Heap Overflow in TIPC Module https://www.sentinelone.com/labs/tipc-remote-linux-kernel-heap-overflow-allows-arbitrary-code-execution/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x The Security Risk of Lacking Compiler Protection in WebAssembly https://arxiv.org/abs/2111.01421 keywords: webassembly; cisco; patches; tipc; linux; kernel; overflow; forensic; challenge 2021-11-0507 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday November 4th, 2021Patch Gitlab; More Exchange Action; Blackmatter Shutting Down Again; Android 0-Day Patched Gitlab CVE-2021-22205 Exploited (and often not patched) https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/ New Proxy Shell Exploits Seen Against Exchange https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html Blackmatter Shutting Down Again https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/ Android 0-Day Patched https://source.android.com/security/bulletin/2021-11-01 keywords: Android; 0day; blackmatter; ransomware; proxy shell; exchange; gitlab 2021-11-0405 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday November 3rd, 2021BrakTooth Update; XSS to Root; Pentaho Vuln; Revisiting BrakTooth: Two Months Later https://isc.sans.edu/forums/diary/Revisiting+BrakTooth+Two+Months+Later/27992/ Escalating XSS to Sainthood with Nagios https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html Pentaho Business Analytics Vulnerablity https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf keywords: pentaho; xss; nagios; braktooth; bluetooth 2021-11-0305 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday November 2nd, 2021Hiding Source Code; Detecting Header Smuggling; Kaspersky AWS SES Token Lost Trojan Source: Invisible Vulnerabilities https://www.trojansource.codes/trojan-source.pdf Detecting HTTP Header Smuggling Vulnerabilities https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks Kaspersky Lost Amazon Simple Email Service Token https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing keywords: kaspersky; amazon; simple email service; ses; http; header; smuggling; trojan source; compiler; editor; unicode 2021-11-0207 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday November 1st, 2021RDP Scans; Sysmon Update; Chrome Updates; Android Rooting Malware Remote Desktop Protocol RDP Discovery https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/ Sysmon Update https://isc.sans.edu/forums/diary/Sysinternals+Autoruns+and+Sysmon+updates/27986/ Google Chrome Updates https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html AbstractEmu Malware Roots Android https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign Microsoft Defender For Endpoint Web Content Filtering https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/web-content-filtering-now-generally-available-on-windows/ba-p/2893357 keywords: rdp; sysmon; chrome; android; abstractemd; malware; microsoft; defender;2021-11-0105 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday October 29th, 2021Critical Hikvision Patch; MacOS SIP Vuln; NPM Typosquatting Critical Hikvision Patch https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/ Shrootless Vulnerability in MacOS https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/ More Malicious NPM Libraries https://www.theregister.com/2021/10/27/npm_roblox_ransomware/ keywords: npm; noblox; shrootless; sip; macos; hikvision 2021-10-2805 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday October 28th, 2021OWA Phishing; Apple Fixes iOS 0-Day; Adobe Patches; DoH Pinkbot; Jira Insight Patch Outlook Web Access Phishing https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974/ Apple Security Updates Details Available https://support.apple.com/en-us/HT201222 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html PinkBot Botnet Uses DoH https://blog.netlab.360.com/pinkbot/ Jira Insight Patch https://confluence.atlassian.com/adminjiraserver/jira-service-management-security-advisory-2021-10-20-1085186548.html keywords: jira; insight; h2; pinkbot; dns over https; adobe; apple; udpates; outlook; owa; phishing 2021-10-2705 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday October 27th, 2021Apple Updates; Craigslist Hijack; UltimaSMS Malware; Firefox Proxy Malware Apple Updates Everything (but no details yet) https://support.apple.com/en-sa/HT201222 Craigslist E-Mail Hijack https://www.inky.com/blog/urgency-mail-relay-serve-phishers-well-on-craigslist UltimaSMS Android Malware https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast Firefox Proxy Malware https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ keywords: firefox; update; proxy; ultimasms; android; craigslist; email; apple 2021-10-2605 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday October 26th, 2021Decrypt Cobalt Strike; Critical Discourse Vuln; ua-parser-js malware; BillQuick Ransomware Decrypting Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/ Critical Discourse Vulnerability https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse Discourse Discussion Platform RCE https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq https://0day.click/recipe/discourse-sns-rce/ ua-parser-js malware https://github.com/advisories/GHSA-pjwm-rvh2-c87w Vulnerable Billing Software BillQuick Web Used to Deploy Ransomware https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware keywords: billquick; cobalt strike; ua-parser-js; discourse 2021-10-2504 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday October 25th, 2021Malware Quiz; Odd ZIP Files; Decrypting Cobalt Strike Malware Quiz https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypting Cobalt Strike Configurations Using Known Secret Keys https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/ Tracking BLE Fingerprints https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf GPS Software Bug https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-rollover-bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/ keywords: GPS; Tracking; ble; cobalt strike; zip; malware; packets; quiz; challenge 2021-10-2405 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday October 22nd, 2021Stolen Images Malware; FiveSys Signed Rootkit; Oracle CPU; WinRAR Vuln; Bad NPM Packages Stolen Images Evidence Campaign Pushes Sliver Based Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/ FiveSys Rootkit Signed By Microsoft https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2021.html WinRAR Vulnerability https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/ Crypto Mining npm Libraries https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices keywords: cryptomining; npm; winrar; oracle; cpu; fivesys; windows; microsoft; certificate; sliver; malware 2021-10-2106 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday October 21st, 2021Leaked Covid Certs; Chrome Removes FTP; Squirrel VM Bug; BlackByte Decryptor Thanks to Covid 19: New Types of Documents are Lost in the Wild https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/ Google Chrome 95 Released https://chromestatus.com/roadmap Squirrel VM Bug https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html BlackByte Decryptor Released https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/ https://github.com/SpiderLabs/BlackByteDecryptor keywords: blackbyte; Decryptor; squirrel; vm; games; google; chrome; ftp; covid 19; certificates; vaccination; virustotal 2021-10-2005 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday October 20th, 2021Great CN Firewall Experiment; Fake Gov Sites; TA505 Coming Back; Blackmatter Advise Can You Make the Great Chinese Firewall Work For You https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/ Fake Government Assistance Websites https://www.ic3.gov/Media/Y2021/PSA211015 TA505 Coming Back https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant BlackMatter Ransomware https://us-cert.cisa.gov/ncas/alerts/aa21-291a keywords: blackmatter; ransomware; ta505; government websites; phishing; chinese; firewall 2021-10-1904 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday October 19th, 2021Certificated Auth for C2; PowerShell Patches; JunOS Patches; TianFu Cup Malcious PowerShell Script Using Client Certificate Authentication https://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/ PowerShell Updates https://github.com/PowerShell/Announcements/issues/27 Juniper JunOS Patches https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES TianFu Cup https://tianfucup.com/en/#canjia keywords: junos; tianfu; junipter; powershell; certificates 2021-10-1805 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday October 18th, 2021Apache 2.4.49/50 Exploited; Warranty Repairs; Malicious NFTs; Bitcoins for Ransomware Active Scanning for Apache Vulnerabilities CVE-2021-41773 and 42013 https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/ Warranty Repairs and Non Removable Storage Risks https://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/ Crypto Wallet Compromised on OpenSea NFT Marketplace https://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/ $5.2 Billion worth of Bitcoin Transactions Linked to Ransomware https://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf keywords: bitcoin; ransomware; nft; crypto wallet; opensea; warranty; removable storage; apache; directory traversal 2021-10-1705 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday October 15th, 2021Windows Port Forward; SMTP Brute Forcing; Fake Ad Blocker; Romance Crypto Coin Scam; Sysmon4Linux; VMWare/Foxit Updates Port Forwarding with Windows for the Win https://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/ Please Fix Your E-Mail Brute Forcing Tool https://isc.sans.edu/forums/diary/Please+fix+your+EMail+Brute+forcing+tool/27930/ Ad Blocker Injects Ads https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/ Romance Scams Go After Crypto Currency https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/ Sysmon For Linux https://github.com/Sysinternals/SysmonForLinux Foxit Updates https://www.foxit.com/support/security-bulletins.html VMWare Updates https://www.vmware...2021-10-1406 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday October 13rd, 2021Microsoft Patch Tuesday; Adobe Patches; PyPi Removes Malicious mitmproxy2 Module Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html PyPi Remove mitmproxy2 Module https://twitter.com/maximilianhils/status/1447525552370458625 https://web.archive.org/web/20211012105244/https://gist.github.com/mhils/7ff29d50b25a1c99e06834cf95684333 keywords: pypi; mitmproxy; mitmproxy2; adobe; microsoft; patches 2021-10-1305 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday October 12nd, 2021Odd Web Log Summary; iOS/iPadOS 15.0.2 (0-day); GitKraken weak keys; Lets Encrypt Outage Non HTTP Requests Hitting Web Server https://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/ Apple Updates iOS/iPadOS to 15.0.2 https://saaramar.github.io/IOMFB_integer_overflow_poc/ https://support.apple.com/en-us/HT212846 Weak SSH Keys Used with GitKraken https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/ Let's Encrypt Outage https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6164b5af714e1f053880ba0c keywords: letsencrypt; gitkraken; keypair; ssh keys; apple; ios; ipados; 15.0.2; http requests 2021-10-1205 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday October 11st, 2021WebLogic Xploits; Sorting Things; Telegram Auto-Delete; MSFT Disabling Excel 4.0 Macros; Scanning for Previous Oracle WebLogic Vulnerabilities https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/ Sorting Things Out - Sorting Data by IP Address https://isc.sans.edu/forums/diary/Sorting+Things+Out+Sorting+Data+by+IP+Address/27916/ https://gitlab.com/slackermedia/bashcrawl Telegram Does Not Remove Auto-Deleted Messages from Cache https://habr.com/en/post/580582/ Microsoft To Disable Excel 4.0 Macros By Default https://twitter.com/GelosSnake/status/1446192775087722497 https://m365admin.handsontek.net/macro-settings-update-to-disable-excel-4-0-macros-by-default/ keywords: weblogic; oracle; sort; bash; telegram; excel;2021-10-1105 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday October 8th, 2021Hunting IPTV Boxes; Apache 2.4.51 Released; FontOnLake Rootkit; osquery 5; Who is Hunting For Your IPTV Set-Top Box? https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/ Another Update For Apache https://httpd.apache.org Font on Lake Rootkit https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/ osquery 5 with macOS Endpoint Security https://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos keywords: osquery; macos; fontonlake; rootkit; linux; apache; iptv;2021-10-0806 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday October 7th, 2021Apache Flaw Details; VMWare ESXi Ransomware; AT&T SIM Forensics; Google Pushing 2SV Apache 2.4.49 Directory Traversal Vulnerability https://isc.sans.edu/forums/diary/Apache+2449+Directory+Traversal+Vulnerability+CVE202141773/27908/ Python Ransomware Targeting ESXi Server https://www.sophos.com/en-us/press-office/press-releases/2021/10/sophos-researchers-uncover-new-python-ransomware-targeting-an-esxi-server-and-virtual-machines.aspx AT&T SIM Forensics https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c Google Making Additional 2FA Push https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/ keywords: Google; 2FA; AT&T; SIM; Forensics; Python; ESXi; VMWare; Ransomware; Apache 2021-10-0705 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday October 6th, 2021Looking Glass; Facebook Postmortem; Apache 2.4.49 Vuln; Windows 11/2022 Released Looking Glass Sites https://isc.sans.edu/forums/diary/Looking+Glasses+Debugging+Network+Connectivity+Issues/27904/ Facebook Postmortem https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/ Apache 2.4.49 Directory Traversal Vulnerability https://blog.sonatype.com/apache-servers-actively-exploited-in-wild-importance-of-prompt-patching Windows 11 Released https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work/ https://www.microsoft.com/en-us/download/details.aspx?id=55319 keywords: windows 11; apache 2.4.49; path traversal; facebook; looking glass 2021-10-0605 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday October 5th, 2021Facebook Outage; Dark Botnet Update; Apache Airflow Credential Leakage #facebookout #airflow #bgp Facebook Outage https://isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/ Boutique "Dark" Botnet Hunting for Crumbs https://isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/ Apache Airflow May Leak Credentials https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/ keywords: apache; airflow; dark.iot; dark; botnet; facebook; outage; bgp; dns 2021-10-0505 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday October 4th, 2021cvtres.exe Malicious Use; More Chrome Patches; Security Awareness Month; Gatekeeper Bypass; A New Tool To Add to Your LOLBAS List: cvtres.exe https://isc.sans.edu/forums/diary/New+Tool+to+Add+to+Your+LOLBAS+List+cvtresexe/27892/ Google Chrome Continuing Updates https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop Cyber Security Awareness Month https://www.sans.org/security-awareness-training/resources/ https://isc.sans.edu/tag.html?tag=csam FCC Attempts to Fight SIM Swapping https://docs.fcc.gov/public/attachments/DOC-376199A1.pdf MacOS Gatekeeper Bypass https://labs.f-secure.com/blog/the-discovery-of-cve-2021-1810/ keywords: macos; gatekeeper...2021-10-0405 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday October 1st, 2021Visa/Apple Express Transit Relay; FluBot Fake Updates; Azure Brute-Forceing; Domain Dumpster Diving @sans_edu Visa/Apple Express Transit Relay Attack https://www.bbc.com/news/technology-58719891 FluBot Offering Fake FlutBot Protection https://twitter.com/CERTNZ/status/1443701853665980440 Undetected Azure Active Directory Brute-Force Attacks https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks SANS.edu Student Christopher DeWees: Expired Domain Dumpster Diving https://www.sans.edu/cyber-research/40505/ keywords: sans.edu; dewees; domains; expired; azure; active directory; brute forcing; flubot; visa; apple; express transit 2021-10-0115 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday September 30th, 2021gpsd Bug; Airtag XSS; CISA/NSA VPN Guidance; Facebook Opensourcing Mariana Trench Keeping Track of Time: Network Time Protocol and GPSD Bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/ Apple Airtags Stored XSS https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216 CISA/NSA Guidance To Configure VPNs https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF Facebook Open Sourcing "Mariana Trench" Tool To Analyze Android and Java Apps https://engineering.fb.com/2021/09/29/security/mariana-trench/ keywords: facebook; mariana trench; android; vpn; apple; airtag; xss; ntp; gps 2021-09-3005 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday September 29th, 2021Current TLS/SSL Versions; Malicious Browser Crypto Wallets; Easier Exchange Emergency Mitigations TLS 1.3 and SSL: The Current State of Affairs https://isc.sans.edu/forums/diary/TLS+13+and+SSL+the+current+state+of+affairs/27882/ EFF Discontinues HTTPS Everywhere Plugin https://www.eff.org/deeplinks/2021/09/https-actually-everywhere Malicious CryptoCoin Wallet https://discourse.mozilla.org/t/got-hacked-by-the-add-on-called-safepal-wallet/85797 Microsoft Automates Exchange Mitigations https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155 keywords: exchange; mitigations; cryptocoin; safepol; eff; https; tls;2021-09-2905 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday September 28th, 2021Trend Micro ServerProtct Auth Bypass; Let's Encrypt Root Expiration; ERMAC Android Malware; QNAP Vulns; Trend Micro ServerProtect Authentication Bypass Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-21-1115/ Let's Encrypt Root CA Expiration https://community.letsencrypt.org/t/production-chain-changes/150739 ERMAC Android Malware https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html QNAP Vulnerabilities https://www.qnap.com/en/security-advisory/QSA-21-35 keywords: trend micro; let's encrypt; ermac; qnap 2021-09-2805 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday September 27th, 2021Mobile Device Inventory; Autodiscover Attacks; iOS 3x0Day; Cisco CAPWAP Vuln; Sonicall SMA 100 Patch Mobile Device Inventory via Active Sync https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+Users+Mobile+Devices+Simple+Inventory/27868/ Autodiscover Attacks https://autodiscover-vulnerable-tlds.com https://wiki.mozilla.org/Public_Suffix_List https://www.guardicore.com/labs/autodiscovering-the-great-leak/ Three More 0-Day Vulnerabilities in iOS https://habr.com/en/post/579714/ original russian version: https://habr.com/en/post/579716/ Cisco CAPWAP Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf Sonicwall SMA 100 Series Vulnerablity https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/ keywords: sonicwall...2021-09-2606 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday September 24th, 2021VBA Creates Excel4 Downloader; WPBT Unpatched Flaw; Patch for Older iOS/macOS; Broken Digital Signatures Excel Recipe: Some VBA Code with a Touch of Excel4 Macro https://isc.sans.edu/forums/diary/Excel+Recipe+Some+VBA+Code+with+a+Touch+of+Excel4+Macro/27864/ Windows Platform Binary Table Weakness https://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/ Apple Patches Older iOS/MacOS Versions https://support.apple.com/en-us/HT201222 Broken Digital Signatures Used to Foil Malware Detection https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/ keywords: digital signatures; apple; ios; macos; WPBT; excel; macro; excel4 2021-09-2405 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday September 24th, 2021Obfuscated MSHTML Exploits; Exchange Autodiscovery Leak; Nagios Vuln; Apple SDK Removes TLS1.0/1.1 An XML-Obfustcated Office Document (CVE-2021-40444) https://isc.sans.edu/forums/diary/An+XMLObfuscated+Office+Document+CVE202140444/27860/ Exchange Autodiscovering Leaks Credentials https://www.guardicore.com/labs/autodiscovering-the-great-leak/ Nagios Vulnerabilities https://claroty.com/2021/09/21/blog-research-securing-network-management-systems-nagios-xi/ Apple Deprecating TLS 1.0/1.1 https://developer.apple.com/news/?id=bv8ur34d keywords: nagios; exchange; autodiscovery; xml; office; mshtml; word 2021-09-2306 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday September 22nd, 2021iOS 15 Private Relay; macOS Finder Vuln; vCenter Advisory; NetGear Circle Parental Control Vuln; A First Look at Apple's iOS 15 "Private Relay" feature https://isc.sans.edu/forums/diary/A+First+Look+at+Apples+iOS+15+Private+Relay+feature/27858/ macOS Finder Security Feature Bypass Leads to Possible RCE https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/ VMWare vCenter Advisory https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html NetGear Circle Parental Control Vulnerablity https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html keywords: netgear; circle; vmware;vCenter; macos; finder; private relay; ios 15;2021-09-2205 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday September 21st, 2021OMIGOD Scans; Apple Updates; ADSelfService Plus Exploit OMIGOD Exploits Captured in the Wild. https://isc.sans.edu/forums/diary/OMIGOD+Exploits+Captured+in+the+Wild+Researchers+responsible+for+half+of+scans+for+related+ports/27852/ Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari) https://support.apple.com/en-us/HT201222 ManageEngine ADSelfService Plus Exploited https://us-cert.cisa.gov/ncas/alerts/aa21-259a keywords: manageengine; adselfservice; apple; ios; ipados; tvos; watchos; xcode; safari; omigod 2021-09-2106 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday September 20th, 2021iOS Calendar Invites; MSHTML Exploit Docs; Mirai Hunting OMIGOD; Netgear Exploits Malicious Calendar Subscriptions Are Back https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/ Simple Analysis of a CVE-2021-40444 (MSHTML) Document https://isc.sans.edu/forums/diary/Simple+Analysis+Of+A+CVE202140444+docx+Document/27848/ Mirai Botnet Hunting OMIGOD https://twitter.com/1ZRR4H/status/1438580885142507528 https://isc.sans.edu/port.html?port=1270 Exploit for Netgear Flaws Available https://gynvael.coldwind.pl/?id=742 keywords: netgear; mirai; omigod; botnet; mshtml; calendar; ical 2021-09-2005 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday September 17th, 2021Brute Force Phishing; PrintNightmare Patch Stops Printing; Linux Malware on Windows ... and more Phishing 101: why depend on one suspicious message subject when you can use many https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/ PrintNightmare Fix Breaks Network Printing https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/ Malware Taking Advantage of Linux Subsystem for Windows https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/ Travis CI Patch https://travis-ci.community/t/security-bulletin/12081 IBM System x IMM Vulnerability https://support.lenovo.com/es/en/product_security/len-66347 Fake iTerm installing Malware on OS X https...2021-09-1706 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday September 16th, 2021Hancitor MSFT OneDrive; Azure Linux OMIGOD Vulnerability Hancitor Campaign Abusing Microsoft's OneDrive https://isc.sans.edu/forums/diary/Hancitor+campaign+abusing+Microsofts+OneDrive/27838/ "Secret"Agent Exposes Azure Customers To Unauthorized Code Execution https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution keywords: omigod; wiz; azure; linux; omi; vulnerability; hancitor; microsoft; onedrive 2021-09-1605 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday September 15th, 2021Microsoft Patches; Adobe Patches; Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html keywords: adobe; microsoft; patches 2021-09-1505 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday September 14th, 2021Apple Updates; Gooble Chrome Patches; WooCommerce Currency Conv. Flaw; Apple Updates Everything https://support.apple.com/en-us/HT201222 Citizenlab Discloses NSO Exploit Details https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ Google Chrome Update https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html WooCommerce Multi Currency Plugin Vulnerablity https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/ keywords: woocommerce; currency; plugin; google; chrome; citizenlab; nso; exploit; apple; ios; ipados; watchos; macos 2021-09-1405 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday September 13rd, 2021MSFT DNS Logs to Elastic; MSHTML Exploits; Lock Screen Bypass; Citrix Patches; nodejs tar vuln Shipping Microsoft DNS Logs to Elasticsearch https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/ Exploit Generator for CVE-2021-40444 https://github.com/lockedbyte/CVE-2021-40444 Windows Lock Screen Bypass https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html Citrix Hypervisor Update https://support.citrix.com/article/CTX325319 GitHub Identifies Vulnerable node.js Packages https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/ keywords: github; node.js; citrix; windows; lock screen; mshtml; dns; elasticsearch 2021-09-1305 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday September 10th, 2021ISC/DShield API Updates; MSHTML Vulnerablity Update; GitHub check-spelling Vuln ISC/DShield API Updates https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/ Update on Windows MSHTML Vulnerability https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/ GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md keywords: mshtml; windows; api; threatfead; new domains; github;2021-09-1006 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday September 9th, 2021Protonmail Correction; BazarLoader "Stolen Images"; Thyotic SS; Zoho Vuln; Protonmail Correction https://protonmail.com/blog/climate-activist-arrest/ https://protonmail.com/privacy-policy "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/ Thyotic Secret Server Critical Update https://docs.thycotic.com/ss/11.0.0/release-notes/ss-rn-11-0-000007.md Zoho Vulnerablity Exploited https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html keywords: zoho; thyotic; bazarloader; protonmail; protonvpn 2021-09-0905 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday September 8th, 2021MSHTML 0-Day Exploited; ProtonVPN Privacy; What's App Moderation; Stashing Payload in Log Files (CLFS); Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 ProntonMail/VPN Releasing User's IP Address https://protonmail.com/blog/climate-activist-arrest/ What's App End To End Encryption Questioned (but upheld) https://twitter.com/evacide/status/1435288900587589632?s=20 PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS) https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html keywords: privatelog; stashlog; fireeye; clfs; log files; whats app; protonmail; protonvpn; mshtml; microsoft; cve-2021-40444; activex 2021-09-0805 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday September 7th, 2021Confluence Update; ProxyShell Update; Ghostscript RCE; Confluence Update https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html https://www.jenkins.io/blog/2021/09/04/wiki-attacked/ ProxyShell Update https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ RCE-0-Day for GhostScript 9.50 https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 Netgear Switch Auth Bypass https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145 keywords: netgear; ghostscript; proxyshell; confluence; exchange 2021-09-0705 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday September 3rd, 2021Hurricane Scams; Confluence Attacked; Cisco Ent. NFVIS; GPU Malware; @sans_edu : Cloud Forensics Triage Framework Attackers Will Always Abuse Major Events in our Lifes https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/ Active Exploitation of Confluence Server CVE-2021-26084 https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/ GitHub Removing old Ciphers / Keys https://github.blog/2021-09-01-improving-git-protocol-security-github/ Cisco Enterprise NFV Infrastructure Software Authentication Bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh Hackers are Selling Tool to Hide Malware in GPUs https://www.ehackingnews.com/2021/09/hackers-are-selling-tool-to-hide.html Michael Beck: Cloud...2021-09-0314 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday September 2nd, 2021Java Malware STRRAT; Baby Monitor Exposed; Annke NVR; ProxyWare Abuse STRRAT: A Java Based RAT That Doesn't Care if You Have Java https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/ IPC360 Baby Monitor Vulnerability https://www.bitdefender.com/files/News/CaseStudies/study/402/Bitdefender-PR-Whitepaper-VictureIPC-creat5590-en-EN.pdf Annke Network Video Recorder Vulnerability https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02 ProxyWare Abuse https://blog.talosintelligence.com/2021/08/proxyware-abuse.html keywords: proxyware; annke; video recorder; nvr; baby monitor; ipc360; strrat; java; jre 2021-09-0206 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday September 1st, 2021More Bluetooth Vulns; Fortress Home Sec. Remote Disarm; PostgreSQL set_user BrakTooth: Impacts, Implications and Next Steps https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/ Fortress Home Security System Weakness https://threatpost.com/fortress-home-security-remote-disarmament/169069/ PostgreSQL set_user Module Vulnerability https://www.postgresql.org/about/news/set_user-201-released-2279/ keywords: postgresql; set_user; fortress; braktooth;2021-09-0105 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday August 31st, 2021Crypto Clipboard Fun; Exchange ProxyToken; LockFile Ransomware Cryptocurrency Clipboard Swapper Delivered With Love https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/ ProxyToken Vulnerability in Exchange https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server LockFile Ransomware Evasion Tricks https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html keywords: lockfile; ransomware; proxytoken; exchange; clipboard; crypto; bitcoin 2021-08-3105 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday August 30th, 2021Cosmos DB Vulnerability; Open Redirect Phishing; Parallels Priv Escalation ChaosDB: Azure Cosmos Database Vulnerability https://chaosdb.wiz.io Phishing via Open Redirects https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/ Parallels Vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/208188 https://www.zerodayinitiative.com/advisories/ZDI-21-1000/ keywords: parallels; phishing; redirects; azure; chasodb; cosmos 2021-08-3005 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday August 27th, 2021Cisco Advisories; Geth DoS Vuln; Confluence Patch; VMWare Updates; Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x GETH DoS Vulnerability https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8 Confluence Security Advisory https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html VMWare Updates https://www.vmware.com/security/advisories.html keywords: vmware; updates; confluence; atlassian; geth; dos; cisco; nexus;2021-08-2605 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday August 26th, 2021SPF Survey for .CZ; OpenSSL Update; F5 BigIP Update; SideWalk Backdoor There May Be Many More SPF Records Than We Might Expect https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html F5 Update https://support.f5.com/csp/article/K50974556 https://support.f5.com/csp/article/K41351250 SideWalk Backdoor https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/ keywords: sidewalk; backdoor; f5; big-ip; openssl; spf; cz 2021-08-2505 min