Tuesday, August 3, 2021
SANS ISC

ISC StormCast for Tuesday, August 3rd, 2021

Unsolicited DNS Queries https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/ Changing BAT Files on the Fly
SANS ISC

ISC StormCast for Sunday, August 1st, 2021

Infected With a .reg File https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/ Excessive Exchange Permissions (Patched)
SANS ISC

ISC StormCast for Friday, July 30th, 2021

Malicious Content Delivered Trhough archive.org https://isc.sans.edu/forums/diary/Malicious+Content+Delivered+Through+archiveorg/27688/ A Large-Scale Security-Oriented Static
SANS ISC

ISC StormCast for Thursday, July 29th, 2021

A Sextortion E-Mail From ... IT Support?! https://isc.sans.edu/forums/diary/A+sextortion+email+fromIT+support/27682/ AV-Test Compares
SANS ISC

ISC StormCast for Wednesday, July 28th, 2021

Details about CVE-2021-30807. (Patch released Monday for MacOS/iOS) https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/ Zimbra
SANS ISC

ISC StormCast for Tuesday, July 27th, 2021

Recovering Malspam Password https://isc.sans.edu/forums/diary/Failed+Malspam+Recovering+The+Password/27674/ Apple Patches 0-Day https://support.apple.com/en-us/HT201222 Attackers Adopt
SANS ISC

ISC StormCast for Monday, July 26th, 2021

PetitPotam ADCS Domain Admin Vulnerability https://isc.sans.edu/forums/diary/Active+Directory+Certificate+Services+ADCS+PKI+domain+admin+vulnerability/27668/ XCSSET Mac Malware Target
SANS ISC

ISC StormCast for Friday, July 23rd, 2021

Akamai Outage https://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/ "Summer of SAM" Continues https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Oracle Critical
SANS ISC

ISC StormCast for Thursday, July 22nd, 2021

Microsoft Published Summer of SAM Guidance https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Apple Patches Everything
SANS ISC

ISC StormCast for Wednesday, July 21st, 2021

Windows Registry Hives Permission Problem https://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/ HP Printer Drivers Allows
SANS ISC

ISC StormCast for Tuesday, July 20th, 2021

New Windows Print Spooler Vulnerability - CVE-2021-34481 https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/ iOS/WatchOS/tvOS/Safari Updates
SANS ISC

ISC StormCast for Monday, July 19th, 2021

Multiple BaseXX Obfuscations https://isc.sans.edu/forums/diary/Multiple+BaseXX+Obfuscations/27640/ Juniper Patches: Radius Vulnerability https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11180&cat=SIRT_1&actp=LIST fail2ban
SANS ISC

ISC StormCast for Friday, July 16th, 2021

USPS Phishing Kit Reporting Data Back Via Telegram https://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/ Sonicwall
SANS ISC

ISC StormCast for Thursday, July 15th, 2021

One way to fail at malspam - give reipients the
SANS ISC

ISC StormCast for Wednesday, July 14th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+July+2021+Patch+Tuesday/27628/ Adobe Patch Tuesday https://helpx.adobe.com/security/products/acrobat/apsb21-51.html ForgeRock OpenAM
SecurityWeek

Mismanagement Driving Cybersecurity Skills Gap: Research

“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.” read more
Google

Linux Kernel Security Done Right

Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
SecurityWeek

SAP Customer Survey Reveals False Sense of Security

Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis. The SAP Security Survey Report 2021 is based on information from over 100 SAP...

BazarCaller – the malware gang that talks you into infecting yourself

Calling someone back feels safer than clicking an unknown link... but it isn't! Remind your friends and family.