Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Increase in the number of phishing messages pointing to IPFS and to R2 buckets https://isc.sans.edu/diary/Increase%20in%20the%20number%20of%20phishing%20messages%20pointing%20to%20IPFS%20and%20to%20R2%20buckets/30744 Fortinet New Vulnerabilities https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/ Fortinet Updates https://www.helpnetsecurity.com/2024/03/14/cve-2023-48788-poc/ Arcserve UDP Vulnerability and PoC https://www.tenable.com/security/research/tra-2024-07 Michael Holcomb: Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents https://www.sans.edu/cyber-research/mode-matters-monitoring-plcs-for-detecting-potential-ics-ot-incidents/

Using ChatGPT to Deofuscate Malicious Scripts https://isc.sans.edu/diary/Using%20ChatGPT%20to%20Deobfuscate%20Malicious%20Scripts/30740 Critical Fortinet Vulnerabilities https://fortiguard.fortinet.com/psirt Adobe Security Bulletins https://helpx.adobe.com/security/security-bulletin.html Kubernetes Local Volumes Command Injection Vulnerability https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges

Microsoft Patch Tuesday March 2024 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20March%202024/30736 Death Knell of NVD https://resilientcyber.substack.com/p/death-knell-of-the-nvd Unrestricted file upload vulnerability in ManageEngine Desktop Central https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central Siemens Fire Protection System Updates https://cert-portal.siemens.com/productcert/html/ssa-225840.html

What happens when you accidentially leak your AWS API Keys https://isc.sans.edu/diary/What%20happens%20when%20you%20accidentally%20leak%20your%20AWS%20API%20keys%3F%20%5BGuest%20Diary%5D/30730 How Crypto Imposters are using Calendly to infect Macs with Malware https://cyberguy.com/news/how-crypto-imposters-are-using-calendly-to-infect-macs-with-malware/ https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/ Misconfiguration Manager: Overlooked and Overprivileged https://posts.specterops.io/misconfiguration-manager-overlooked-and-overprivileged-70983b8f350d

Attack Wrangles Thousands of Web Users into a Password Cracking Botnet https://arstechnica.com/security/2024/03/attack-wrangles-thousands-of-web-users-into-a-password-cracking-botnet Cisco VPN Client Vuln https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7 Fortinet Vulnerability Exploited https://bishopfox.com/blog/cve-2024-21762-vulnerability-scanner-for-fortigate-firewalls pgAdmin Path Traversal https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/ Font Vulnerabilities https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/ QNAP Flaws https://securityonline.info/cve-2024-21899-cvss-9-8-critical-qnap-flaw-opens-door-to-hackers/

AWS Deploymnet Risks - Configuration and Credential File Targeting https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20AWS%20Deployment%20Risks%20-%20Configuration%20and%20Credential%20File%20Targeting/30722 Apple Updates https://isc.sans.edu/diary/MacOS%20Patches%20%28and%20Safari%2C%20TVOS%2C%20VisionOS%2C%20WatchOS%29/30726 NSA/CISA Secure Cloud Guides https://media.defense.gov/2024/Mar/07/2003407866/-1/-1/0/CSI-CloudTop10-Identity-Access-Management.PDF https://media.defense.gov/2024/Mar/07/2003407858/-1/-1/0/CSI-CloudTop10-Key-Management.PDF https://media.defense.gov/2024/Mar/07/2003407859/-1/-1/0/CSI-CloudTop10-Managed-Service-Providers.PDF https://media.defense.gov/2024/Mar/07/2003407862/-1/-1/0/CSI-CloudTop10-Secure-Data.PDF https://media.defense.gov/2024/Mar/07/2003407861/-1/-1/0/CSI-CloudTop10-Network-Segmentation.PDF

Scanning and Abusing the QUIC Protocol https://isc.sans.edu/diary/Scanning%20and%20abusing%20the%20QUIC%20protocol/30720 Google Chrome Update https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html Spinning YARN https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/ Teamcity Exploited https://twitter.com/leak_ix/status/1765460190621581347

iOS/iPadOS Updates with Zero Day Fixes https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716 Why Your Firewall Will Kill You https://isc.sans.edu/diary/Why+Your+Firewall+Will+Kill+You/30714/ QEMU Tunnel https://securelist.com/network-tunneling-with-qemu/111803/ VMware Vulnerabilities Patched https://www.vmware.com/security/advisories/VMSA-2024-0006.html

Capturing DShield Packets with a LAN Tap https://isc.sans.edu/diary/Capturing%20DShield%20Packets%20with%20a%20LAN%20Tap%20%5BGuest%20Diary%5D/30708 Additional Critical Security Issues Affecting Teamcity https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/ GitHub Push Protection Now On By Default https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/ Android Updates https://source.android.com/docs/security/bulletin/2024-03-01 Linksys E-2000 Vulnerablity https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8

Scanning for Confluence CVE-2022-26134 https://isc.sans.edu/diary/Scanning%20for%20Confluence%20CVE-2022-26134/30704 Exploiting CSP Wildcards for Google Domains https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google Silver SAML: Golden SAML in the Cloud https://www.semperis.com/blog/meet-silver-saml/

Dissecting DarkGate: Module Malware Delivery and Persistence as a Service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Dissecting%20DarkGate%3A%20Modular%20Malware%20Delivery%20and%20Persistence%20as%20a%20Service./30700 Ivanti Incident Response Update https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b Github Flooded with Infected Repos https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack Security Flaws in NoName Doorbell Cameras https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/

Exploit Attempts for Unknown Password Reset Vulnerability https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Unknown%20Password%20Reset%20Vulnerability/30698 StopRansomware: Updated ALPHV Blackcat Advisory https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a GlobalBlock Service To Prevent Trademark abuse https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/

Take Downs and the Rest of Us: Do they matter? https://isc.sans.edu/diary/Take%20Downs%20and%20the%20Rest%20of%20Us%3A%20Do%20they%20matter%3F/30694 Joint Cybersecurity Advisory https://www.ic3.gov/Media/News/2024/240227.pdf SVR Cyber Actors Adapt Tactics for Initial Cloud Access https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/

Utilizing the VirusTotal API to Query Files Uploaded to the DShield Honeypot https://isc.sans.edu/diary/Utilizing%20the%20VirusTotal%20API%20to%20Query%20Files%20Uploaded%20to%20DShield%20Honeypot%20%5BGuest%20Diary%5D/30688 New WiFi Authentication Vulnerabilities Discovered https://www.top10vpn.com/research/wifi-vulnerabilities/ Subdomain Takeover Spam https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935

Update MGLNDD * Scans https://isc.sans.edu/forums/diary/Update%3A%20MGLNDD_*%20Scans/30686/ Simple Anti-Sandbox Technique: Where's the Mouse https://isc.sans.edu/diary/Simple%20Anti-Sandbox%20Technique%3A%20Where%27s%20The%20Mouse%3F/30684 Security Vulnerabilities in Apex Code Could Leak Salesforce Data https://www.varonis.com/blog/apex-code-vulnerabilities IBM Operation Decision Manager Exploit CVE-2024-22319 CVE-2024-22320 https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/ Linux Kernel TLS Vulnerability CVE-2024-26582 https://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh/

Friend, Foe or Something In Between https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Friend%2C%20foe%20or%20something%20in%20between%3F%20The%20grey%20area%20of%20%27security%20research%27/30670 Large AT&T Wireless Network Outage https://isc.sans.edu/diary/Large%20AT%26T%20Wireless%20Network%20Outage%20%23att%20%23outage/30680 Connect Wise Screenconnect Userd by LockBit https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/ SSH Snake Abused in the Wild https://github.com/MegaManSec/SSH-Snake

Phishing Pages Hosted on Archive.org https://isc.sans.edu/forums/diary/Phishing%20pages%20hosted%20on%20archive.org/30676/ ScreenConnect Authentication Bypass Exploit CVE-2024-1709 CVE-2024-1708) https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass iMessage with PQ3 https://security.apple.com/blog/imessage-pq3/

Python InfoStealer Wtih Dynamic Sandbox Detection https://isc.sans.edu/diary/Python%20InfoStealer%20With%20Dynamic%20Sandbox%20Detection/30668 Connectwise Screenconnect Vulnerabilities https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 Remove VMWare Enhanced Authentication Plugin (EAP) VE-2024-22245 CVE-2024-22250 https://kb.vmware.com/s/article/96442 Voltage Noise to Manipulate Wireless Chargers https://arxiv.org/pdf/2402.11423.pdf

Old Mirai New Exploits https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658 KeyTrap PoC Exploit https://github.com/knqyf263/CVE-2023-50387 Google Open Sources Magika File ID System https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html Exploiting Unsynchronised Clocks https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks

SolarWinds Security Advisories https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-3_release_notes.htm Google Chrome Adds Private Network Checks https://chromestatus.com/feature/4869685172764672 Gold Factory iOS Trojan https://www.group-ib.com/blog/goldfactory-ios-trojan/