Internet Storm Centre Podcast

Microsoft Patch Tuesdayhttps://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408 WiFi Fragmentation Attackshttps://www.fragattacks.com

Validating IP Addresses: Why Encoding Mattershttps://isc.sans.edu/forums/diary/Correctly+Validating+IP+Addresses+Why+encoding+matters+for+input+validation/27404/ Jail Breaking AirTagshttps://twitter.com/ghidraninja/status/1391148503196438529 Malicious Tor Exit Relay Activitieshttps://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df

Who is Probing the Internet for Research Purposeshttps://isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/ Cycle Hunter and tsuNAME DDoS Attackhttps://github.com/SIDN/CycleHunterhttps://tsuname.io/tech_report.pdf Foxit Reader / Phantom PDF Vulnerabilitieshttps://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06 Hypocrit Patches Reviewed By Linux Foundationhttps://lore.kernel.org/lkml/[email protected]/

Scans for Exposed Azure Storage Containershttps://isc.sans.edu/forums/diary/Exposed+Azure+Storage+Containers/27396/ Qualcomm MSM Vulnerabilityhttps://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/ Google to Automatically enroll users in 2SFhttps://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/ New Cellebrite Vulnerabilities Announcedhttps://www.ehackingnews.com/2021/05/new-vulnerabilities-in-cellebrites.html

May 2021 Forensic Contesthttps://isc.sans.edu/forums/diary/May+2021+Forensic+Contest/27386/ Windows Defender Bug Fills Windows 10 Boot Drive with thousands of fileshttps://www.bleepingcomputer.com/news/microsoft/windows-defender-bug-fills-windows-10-boot-drive-with-thousands-of-files/ VMWare vRealize Business for Cloud Patchhttps://kb.vmware.com/s/article/83475 Cisco Updates SD-WAN vManager / HyperFlex HXhttps://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities Security and Privacy Risks of Number Recycling at Mobile Carriers in the UShttps://recyclednumbers.cs.princeton.edu

Android Updatehttps://source.android.com/security/bulletin/2021-05-01?hl=en Dell Privilege Escalation Vulnerabilityhttps://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerabilityhttps://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/ Exim Mail Server Vulnerabilitieshttps://www.qualys.com/2021/05/04/21nails/21nails.txt Quick and Dirty Python: masscanhttps://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/ ICMP Tunnel Backdoorhttps://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/

Apple Patches 2 0-Day Flaws in WebKit affecting iOS/MacOS/WatchOShttps://support.apple.com/en-us/HT201222 PoC Exploit for CVE-2021-28482 (Microsoft Exchange)https://gist.github.com/testanull/9ebbd6830f7a501e35e67f2fcaa57bdahttps://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f Yet Another Processor Side-Channel: Micro-Ops Cacheshttp://www.cs.virginia.edu/venkat/papers/isca2021a.pdf Pulse Secure Updatehttps://blog.pulsesecure.net/pulse-connect-secure-patch-availability-sa44784/

Qiling: A true instrumentable binary emulation frameworkhttps://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/ Python “ipaddress” improper input validationhttps://sick.codes/sick-2021-014/ EXIF Tool Vulnerabilitieshttps://twitter.com/wcbowling/status/1385803927321415687 ABUS Secvest Internet Connected Alarm Systemshttps://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973 FiveHands Ransomware Installed via SonicWall Flawhttps://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html

From Python to .Nethttps://isc.sans.edu/forums/diary/From+Python+to+Net/27366/ PHP Composer Vulnerabilityhttps://blog.sonarsource.com/php-supply-chain-attack-on-composer Microsoft Identifies Several Integer Overflow Vulnerablitieshttps://us-cert.cisa.gov/ics/advisories/icsa-21-119-04

Stopping Google FLoChttps://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/https://amifloced.org RotaJakiro Backdoorhttps://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/ F5 Big IP Kerberos Spoofing Vulnerablityhttps://support.f5.com/csp/article/K51213246

Diving into a Singapore Post Phihsing E-Mailhttps://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/ Two in Five Victims of Online Scam Adverts Do Not Report to Host Platformshttps://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/ Microsoft Defender Blocks Cryptojacking Malwarehttps://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/ Linux Privilege Escalation Vulnerabilityhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1211

CAD: .DGN and .MVBA Files analyzed with oledumphttps://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/ MacOS 0-Day Bug Patchedhttps://objective-see.com/blog/blog_0x64.htmlhttps://support.apple.com/en-us/HT201222 Emotet Uninstaller Triggeredhttps://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/ HashiCorp Code Signing Key Exposed By Codecov Compromisehttps://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/

Compact VBA Macroshttps://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/ Base64 Strings Used in Web Scanninghttps://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/ Clickstudios Password Manager Compromisehttps://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/ Homebrew Code Execution Vulnerabilityhttps://brew.sh/2021/04/21/security-incident-disclosure/ Apple AirDrop Shares Personal Datahttps://www.informatik.tu-darmstadt.de/fb20/ueber_uns_details_231616.en.jsp

How Safe are Your Docker Imageshttps://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/ Additional SolarWinds Infrastructurehttps://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/ Cellebrite Exploithttps://signal.org/blog/cellebrite-vulnerabilities/ Duo 2FA Bypasshttps://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/

Linux Kernel Maintainer Calls Out “hypocrite commits” by University of Minnesotahttps://lore.kernel.org/lkml/[email protected]/https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdfhttps://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf QNAP QLocker uses 7-Ziphttps://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/ Chrome O-Day Fixedhttps://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html

Pulse Secure VPN 0-Day Exploitedhttps://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.htmlhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilitieshttps://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/ Synology Vulnerabilityhttps://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more Air Fryer Vulnerabilityhttps://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html

Hunting Phishing Websites with Favicon Hasheshttps://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/ Nagios XI Vulnerability Exploited by Cryptominershttps://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/ XCSSET Malware Adapting to MacOS 11 and M1https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html QNAP Patcheshttps://www.qnap.com/de-de/security-advisories?ref=security_advisory_details Juniper Updateshttps://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

Decoding Cobalt Strike Traffichttps://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/ Codecov Breachhttps://about.codecov.io/security-update/ Google Project Zero Tweaks Disclosure Ruleshttps://googleprojectzero.blogspot.com EIPStackGroup OpENer Ethernet/IPhttps://us-cert.cisa.gov/ics/advisories/icsa-21-105-02 DNS Problems with Windows 10 Security Updatehttps://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/

Why and How You Should be Using an Internal Certificate Authorityhttps://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/ Vulnerabilities Used By Russian Foreign Intelligence Servicehttps://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ Insecurity URL Handlinghttps://positive.security/blog/url-open-rce SANS Research Paper: Bryan Scarbrough; Malware Detection in Encrypted TLS Traffic Through Machine Learninghttps://www.sans.org/reading-room/whitepapers/artificialintelligence/malware-detection-encrypted-tls-traffic-machine-learning-40185

April 2021 Forensics Quiz Solutionhttps://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Chrome 90 Released (and 0-Day Exploits)https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.htmlhttps://github.com/avboy1337/1195777-chrome0dayhttps://github.com/r4j0x00/exploits/tree/master/chrome-0day SAP Updateshttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 Linux/Mac Malware included in npm Modulehttps://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt Congratulations to the SANS.edu National Cyber League Teams!https://twitter.com/SANS_EDU/status/1382453652602941440