Monday, September 25, 2023
SANS ISC

ISC StormCast for Monday, September 25th, 2023

Scanning for Laravel - a PHP Framework for Web Artisants
SANS ISC

ISC StormCast for Friday, September 22nd, 2023

Apple Patches Three 0-Days https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238 WebP Vulnerability https://blog.isosceles.com/the-webp-0day/ MOVEit Transfer
SANS ISC

ISC StormCast for Thursday, September 21st, 2023

What's Normal: DNS TTL Values https://isc.sans.edu/forums/diary/What's%20Normal%3F%20DNS%20TTL%20Values/30234/ CISA Highlights Snatch Ransomware
SANS ISC

ISC StormCast for Wednesday, September 20th, 2023

Obfuscated Scans For Older Adobe Experience Manager Vulnerabilities https://isc.sans.edu/diary/Obfuscated%20Scans%20for%20Older%20Adobe%20Experience%20Manager%20Vulnerabilities/30230 Trend
SANS ISC

ISC StormCast for Tuesday, September 19th, 2023

Internet Wide Multi VPN Search from Single /24 Network https://isc.sans.edu/diary/Internet%20Wide%20Multi%20VPN%20Search%20From%20Single%20%2024%20Network/30226
SANS ISC

ISC StormCast for Monday, September 18th, 2023

When MFA isn't actually MFA https://retool.com/blog/mfa-isnt-mfa/ QNAP Patches https://www.qnap.com/en/security-advisories?ref=security_advisory_details Chrome
SANS ISC

ISC StormCast for Friday, September 15th, 2023

DShield and eqmu Sitting in a Tree: L-O-G-G-I-N-G https://isc.sans.edu/diary/DShield%20and%20qemu%20Sitting%20in%20a%20Tree%3A%20L-O-G-G-I-N-G/30216 Uncursing
SANS ISC

ISC StormCast for Thursday, September 14th, 2023

Backdoored Free DownloadManager https://securelist.com/backdoored-free-download-manager-linux-malware/110465/ Foxit PDF Reader Updates https://www.foxit.com/support/security-bulletins.html macOS
SANS ISC

ISC StormCast for Wednesday, September 13th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20September%202023%20Patch%20Tuesday/30214 OpenSSL 1.1.1 End of Life https://www.openssl.org/blog/blog/2023/09/11/eol-111/
SANS ISC

ISC StormCast for Tuesday, September 12th, 2023

Apple Patches Older Operating Systems https://isc.sans.edu/diary/Apple%20fixes%200-Day%20Vulnerability%20in%20Older%20Operating%20Systems/30210 Wi-Fi Enabled Practical Keystroke
SANS ISC

ISC StormCast for Monday, September 11th, 2023

Augmenting Honeypot Logs https://isc.sans.edu/diary/%3FAnyone%20get%20the%20ASN%20of%20the%20Truck%20that%20Hit%20Me%3F!%3F%3A%20Creating%20a%20PowerShell%20Function%20to%20Make%203rd%20Party%20API%20Calls%20for%20Extending%20Honeypot%20Information%20%5BGuest%20Diary%5D/30204 More details about Apple 0-day https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
SANS ISC

ISC StormCast for Friday, September 8th, 2023

Apple Patches 0-Days https://isc.sans.edu/diary/30200 https://support.apple.com/en-us/HT201222 iOS Fleezeware/Scareware https://isc.sans.edu/diary/Fleezeware%20Scareware%20Advertised%20via%20Facebook%20Tags%3B%20Available%20in%20Apple%20App%20Store/30198 Aruba Vulnerabilities
SANS ISC

ISC StormCast for Thursday, September 7th, 2023

Security Related DNS Records https://isc.sans.edu/diary/Security%20Relevant%20DNS%20Records/30194 Microsoft Reveleas Details about Key
SANS ISC

ISC StormCast for Wednesday, September 6th, 2023

Common Usernames Submitted to Honeypots https://isc.sans.edu/diary/Common%20usernames%20submitted%20to%20honeypots/30188 TPM LUKS Bypass https://pulsesecurity.co.nz/advisories/tpm-luks-bypass
SANS ISC

ISC StormCast for Tuesday, September 5th, 2023

What is the Origin of Passwords Submitted to Honeypots https://isc.sans.edu/diary/What%20is%20the%20origin%20of%20passwords%20submitted%20to%20honeypots%3F/30182
The Hacker News

From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese

Tibetan, Uyghur, and Taiwanese individuals and organizations are the targets of a persistent campaign orchestrated by a threat actor codenamed EvilBamboo to gather sensitive information. "The attacker has created fake Tibetan websites, along with social media profiles, likely used to deploy browser-based...
SecurityWeek

In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover

A critical vulnerability in the TeamCity CI/CD server could allow unauthenticated attackers to execute code and take over vulnerable servers. The post In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover appeared first on SecurityWeek.
SecurityWeek

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks

Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks.  The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek.
Infosecurity Magazine

BEC Scammer Pleads Guilty to Part in $6m Scheme

Nigerian was extradited to the US from Canada
Infosecurity Magazine

Researchers Spot Novel “Deadglyph” Backdoor

Malware is linked to UAE-backed spies