ISC StormCast for Wednesday, April 21st, 2021
Pulse Secure VPN 0-Day Exploited https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilities https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/
SN 815: Homogeneity Attacks – Is FLoC All That Bad?, Humble Bundle For Programmers, Chrome 90
Club TWiT details.
Picture of the Week.
The Vivaldi Project's take on FLoC.
Chrome continues to be THE high-value target.
We're at Chrome v90.
Exchange Server Web Shells removed, with DOJ Permission.
WordPress joins the "FLoC No!" chorus.
It's Humble Bundle Book Time.
Closing the Loop.
A quick...
DtSR Episode 443 – TPA Addressing AppSec Tech Debt
Prologue Chris Eng has been elbows deep in software security for a very long time. Times have changed over the last 20 years, as have tools, methods, and outcomes - what hasn't changed is how much security debt we...
Codecov Attack, Major BGP Leak, Lazarus APT, Discord Ransomware, & GEICO Breach – SWN #115
This week, Dr. Doug talks naughty vaccines, Air frying is not frying, BGP is leaking, Codecov, Lazarus, Google Alerts, Nitro Ransomware, & we're joined once more for expert commentary by Jason Wood! Show Notes: https://securityweekly.com/swn115 Visit https://www.securityweekly.com/swn for...
Codecov supply chain attack update. Babuk’s victim service. Catphishing in LinkedIn. Sanctioned company responds. SolarWinds, Exchange compromise TFs stand down. 5 Eyes notes. IoT risk.
Update on the Codecov supply chain attack. The Babuk gang says they’ve debugged their decryptor. MI5 warns of “industrial scale” catphishing in LinkedIn. Positive Technologies responds to US sanctions. The US...
That Will Bite Ya – ASW #147
This week, we welcome Doug Barbin, Managing Partner at Schellman & Company, LLC, to discuss Supply Chain Management! Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an...
ISC StormCast for Tuesday, April 20th, 2021
Hunting Phishing Websites with Favicon Hashes https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/ Nagios XI Vulnerability
Snake Oilers: Greynoise! MergeBase! Votiro!
In this edition of Snake Oilers we’ll be hearing from three...
Codecov may have sustained a supply chain attack. Natanz sabotage update. Big data gangs. Protecting ransomware gangs. Counterretaliation in the SolarWinds affair.
Another supply chain incident surfaces. The Natanz sabotage seems to have landed a punch, but not a knock-out blow against Iran’s nuclear program (and it appears to have been a bomb)....
News & Analysis | No. 277
CISA FBI and NSA Release Five APT29 Targeted Vulnerabilities, FBI Benign Hacking, The US Sanctioned Russia and Expelled Diplomats, Google's Cookie Replacement Not Going Well, NERC says 1/4 of Their Customers Sharing Data Downloaded Solarwinds Hack, Technology News, Human...
Data Breaches vs. Data Leaks, FBI Exchange Server Controversy
This week Tom and Kevin are back with an all new episode! Data breaches vs. recent data leaks, and the controversy over the FBI operation conducted to remove web shells from compromised Microsoft Exchange servers.
** Links mentioned on the...
ISC StormCast for Monday, April 19th, 2021
Decoding Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/ Codecov Breach https://about.codecov.io/security-update/ Google Project
Episode 267 – Does 0day still mean 0day?
Josh and Kurt talk about 0day security vulnerabilities. What are they? What were they? And why the name has taken on a new meaning, and that's OK. Show Notes Hacker History Podcast Chrome 0day NTFS Documentation
Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]
CEO and Founder of Votiro Aviv Grafi shares his story from serving as a member of the IDF's intelligence forces to leading his own venture. Aviv says his service in the...
Weekly Update 239
Presently sponsored by: SecurityFWD. A brand new YouTube show from Varonis. Watch Episode 1: How Far can Wi-Fi Travel?Geez I'm glad the Facebook stuff was the week before this one! With that (mostly) out of the way, we headed...
Social engineering: MINEBRIDGE RAT embedded to look like job résumés. [Research Saturday]
Guest Deepen Desai joins Dave to talk about Zsaler's research "Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures." In Jan 2021, Zscaler ThreatLabZ discovered new instances of...
International reactions to US sanctions against Russia (positively reviewed in Europe and the UK, but panned by Russia). Continuing threats to the cold chain. Natanz back in business? Data breach notes.
The European Union expresses solidarity with the US over the SolarWinds incident. The UK joins the US in attributing the incident to Russia. Russia objects to US sanctions and hints strongly...
S3 Ep28.5: Hacking back – is attack an acceptable form of defence?
Sophos cybersecurity expert Chester Wisniewski provides excellent, topical and timely commentary on the FBI’s recent use of a malware-like method to forcibly clean up hundreds of servers still infected in the Hafnium aftermath.
With Paul Ducklin and Chester Wisniewski
https://nakedsecurity.sophos.com/fbi-hacks-into-hundreds-of-infected-us-servers
Original music...
ISC StormCast for Friday, April 16th, 2021
Why and How You Should be Using an Internal Certificate
Imposing costs and sending signals (and prominently naming Cozy Bear). More speculation about the Natanz explosion. And a shift in the criminal-to-criminal economy.
The US announces a broad range of retaliatory actions designed to “impose costs” on Russia for its recent actions in cyberspace, prominently including both the SolarWinds supply chain compromise and attempts...
3 Zero-Day Exploits Hit SonicWall Enterprises Email Security Appliances
SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild.
Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary...
WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations
If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there...
Japan accuses Chinese military of cyber-attacks on its space agency
200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
Japan accuses Chinese military of cyber-attacks on its space agency
200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
Tool links email addresses to Facebook accounts at scale
Enlarge (credit: Getty Images)
Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...
