A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
ISC StormCast for Wednesday, December 13th, 2023
Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202023/30480 Microsoft Warns of Malicious OAUTH Applications https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/ Apache Struts2 Exploit CVE-2023-50164 https://xz.aliyun.com/t/13172
ISC StormCast for Tuesday, December 12th, 2023
What is Sitemap.xml and Why a Pentester Should Care https://isc.sans.edu/diary/What%20is%20sitemap.xml%2C%20and%20Why%20a%20Pentester%20Should%20Care/30472 Apple Patches Everything https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything/30474/ Android Password Manager Auto Spill https://i.blackhat.com/EU-23/Presentations/EU-23-Gangwal-AutoSpill-Zero-Effort-Credential-Stealing.pdf
ISC StormCast for Monday, December 11th, 2023
IPv4 Mapped IPv6 Addresses https://isc.sans.edu/diary/IPv4-mapped%20IPv6%20Address%20Used%20For%20Obfuscation/30466 Honeypots From the Skeptical Beginner to the Tactical Enthusiast https://isc.sans.edu/diary/Honeypots%3A%20From%20the%20Skeptical%20Beginner%20to%20the%20Tactical%20Enthusiast/30468 Bluetooth Weakness CVE-2023-45866 https://github.com/skysafe/reblog/tree/main/cve-2023-45866 Syrus 4 IoT Gateway Vulnerability CVE-2023-6248 https://socradar.io/syrus4-iot-gateway-vulnerability-could-allow-code-execution-on-thousands-of-vehicles-simultaneously-cve-2023-6248/ Microsoft Edge Vulnerability CVE-2023-35618 https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#december-7-2023
ISC StormCast for Friday, December 8th, 2023
5G Vulnerabilities https://isc.sans.edu/diary/5Ghoul%3A%20Impacts%2C%20Implications%20and%20Next%20Steps/30462 Revealing the hidden Risks of QR Codes https://isc.sans.edu/diary/Revealing%20the%20Hidden%20Risks%20of%20QR%20Codes%20%5BGuest%20Diary%5D/30458 Window 10 End of Support https://techcommunity.microsoft.com/t5/windows-it-pro-blog/plan-for-windows-10-eos-with-windows-11-windows-365-and-esu/ba-p/4000414 Apache Struts 2 Vulnerability CVE-2023-50164 https://cwiki.apache.org/confluence/display/WW/S2-066
ISC StormCast for Thursday, December 7th, 2023
Whose packet is is anyway: a new RFC for attribution of internet probes https://isc.sans.edu/forums/diary/Whose%20packet%20is%20it%20anyway%3A%20a%20new%20RFC%20for%20attribution%20of%20internet%20probes/30456/ MLFlow Vulnerability https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security https://mlflow.org/category/news/index.html Abusing STS Tokens https://redcanary.com/blog/aws-sts/ Atlasian Vulnerabilities https://confluence.atlassian.com/security/security-advisories-bulletins-1236937381.html Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge-2023/
ISC StormCast for Wednesday, December 6th, 2023
Cobalt Strike's "Runtime Configuration" https://isc.sans.edu/diary/Cobalt%20Strike%27s%20%22Runtime%20Configuration%22/30426 Adobe ColdFusion Exploit Abused https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a Atos Unify OpenScape Vulnerability https://sec-consult.com/vulnerability-lab/advisory/argument-injection-vulnerability-in-multiple-atos-unify-openscape-products/ ExtremeXOS Vulnerabilities https://rhinosecuritylabs.com/research/extreme-networks-extremexos-vulnerabilities/
ISC StormCast for Tuesday, December 5th, 2023
Zarya Hacktivists: More than just Sharepoint https://isc.sans.edu/diary/Zarya%20Hacktivists%3A%20More%20than%20just%20Sharepoint./30450 ICANN Registration Data Request Service (RDRS) https://rdrs.icann.org/ Android Updates https://source.android.com/docs/security/bulletin/2023-12-01 GitLab Patches https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/
ISC StormCast for Monday, December 4th, 2023
UEFI Exploit via Boot Image https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html Fake Phishing Scan Tricks Users into Installing Backdoor Plugin https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/ Qlik Sense Exploited by Cactus Ransomware https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/ https://www.praetorian.com/blog/qlik-sense-technical-exploit/ VMWare Vulnerability Patched https://www.vmware.com/security/advisories/VMSA-2023-0026.html
ISC StormCast for Friday, December 1st, 2023
Apple Updates https://isc.sans.edu/diary/Apple+Patches+Exploited+WebKit+Vulnerabilitiues+in+iOSiPadOSmacOS/30444 Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today https://isc.sans.edu/forums/diary/Prophetic+Post+by+Intern+on+CVE20231389+Foreshadows+Mirai+Botnet+Expansion+Today/30442/ Zyxel Vulnerabilities https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products Solarwinds Update https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4_release_notes.htm#link3 DNS Looking Glass https://isc.sans.edu/tools/dnslookup/
ISC StormCast for Thursday, November 30th, 2023
Decoding the Patterns: Analzying DShield Honeypot Activity https://isc.sans.edu/diary/Decoding%20the%20Patterns%3A%20Analyzing%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30428 Arcserve Unified Data Protection Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2023-37 Hikvision Vulnerabilities https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/ Assessing Prompt Injection Risks in 200+ Custom GPTs https://arxiv.org/pdf/2311.11538.pdf
ISC StormCast for Wednesday, November 29th, 2023
Pro-Russian Attackers Scanning for Sharepoint Servers to Exploit CVE-2023-29357 https://isc.sans.edu/diary/Pro%20Russian%20Attackers%20Scanning%20for%20Sharepoint%20Servers%20to%20Exploit%20CVE-2023-29357/30436 Microsoft Deprecates Microsoft Defender Application Guard for Office https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features Synology Vulnerability https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 Apache Tomcat Request Smuggling Vulnerability CVE-2023-46589 https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
ISC StormCast for Tuesday, November 28th, 2023
Scans for ownCloud Vulnerability (CVE-2023-49103) https://isc.sans.edu/diary/Scans%20for%20ownCloud%20Vulnerability%20%28CVE-2023-49103%29/30432 Windows Hello Fingerprint Reader Weakness https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/
ISC StormCast for Monday, November 27th, 2023
DShield Birthday https://isc.sans.edu/diary/Happy%20Birthday%20DShield/30420 Mirai uses CVE-2023-1389 https://isc.sans.edu/diary/CVE-2023-1389%3A%20A%20New%20Means%20to%20Expand%20Botnets/30418 More Mirai Vulnerabilities https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days Analyzing OVA Files https://isc.sans.edu/diary/OVA%20Files/30424 Static Code Injections in OpenCart (CVE-2023-47444) https://github.com/opencart/opencart/issues/12947 Holiday Hackchallenge https://www.sans.org/mlp/holiday-hack-challenge-2023/
ISC StormCast for Friday, November 17th, 2023
Beyond -n: Optimizign tcpdump performance https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/ Zimbra 0-day used to target international government organizations https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/ FortiSIEM OS command injection in Report Server https://www.fortiguard.com/psirt/FG-IR-23-135 AI Exploit Collection https://github.com/protectai/ai-exploits CrushFTP Remote Code Execution https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/ Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/
ISC StormCast for Thursday, November 16th, 2023
Redline Dropped Through MSIX Package https://isc.sans.edu/diary/Redline%20Dropped%20Through%20MSIX%20Package/30404 ChatGPT Code Interpreter Security Hole https://www.tomshardware.com/news/chatgpt-code-interpreter-security-hole Directory Traversal in Reactor Netty CVE-2023-34062 https://spring.io/security/cve-2023-34062 Aruba Networking Product Vulnerabilities https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt HARArmor https://harmor.dev/