Wednesday, April 21, 2021
SANS ISC

ISC StormCast for Wednesday, April 21st, 2021

Pulse Secure VPN 0-Day Exploited https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilities https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/
SANS ISC

ISC StormCast for Tuesday, April 20th, 2021

Hunting Phishing Websites with Favicon Hashes https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/ Nagios XI Vulnerability
SANS ISC

ISC StormCast for Monday, April 19th, 2021

Decoding Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/ Codecov Breach https://about.codecov.io/security-update/ Google Project
SANS ISC

ISC StormCast for Friday, April 16th, 2021

Why and How You Should be Using an Internal Certificate
SANS ISC

ISC StormCast for Thursday, April 15th, 2021

April 2021 Forensics Quiz Solution https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/ Adobe Patch Tuesday
SANS ISC

ISC StormCast for Wednesday, April 14th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/ NAME:WRECK DNS Vulnerabilities https://www.forescout.com/research-labs/namewreck/
SANS ISC

ISC StormCast for Tuesday, April 13th, 2021

Example of Cleartext Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/ ASA 5506
SANS ISC

ISC StormCast for Monday, April 12th, 2021

No Python Interpreter? This Simple RAT Installs Its Own Copy
SANS ISC

ISC StormCast for Friday, April 9th, 2021

Simple Powershell Ransomware Creating a 7Z Archive of your Files
SANS ISC

ISC StormCast for Thursday, April 8th, 2021

WiFi IDS's and Private MAC Addresses https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/ Update on PHP
SANS ISC

ISC StormCast for Wednesday, April 7th, 2021

Malspam with Lokibot vs. Outlook and RFCs https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/ SAP Attacks
SANS ISC

ISC StormCast for Tuesday, April 6th, 2021

LinkedIn Spear-Phishing Campaign Targets Job Hunters https://threatpost.com/linkedin-spear-phishing-job-hunters/165240/ Malicious Text Files
SANS ISC

ISC StormCast for Monday, April 5th, 2021

C2 Activity: Sandboxes or Real Victims https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/ Exploitation of Fortinet
SANS ISC

ISC StormCast for Friday, April 2nd, 2021

April 2021 Forensic Quiz https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/ Coinhive Domains Used to Warn
SANS ISC

ISC StormCast for Thursday, April 1st, 2021

Quick Analysis of a Modular InfoStealer https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/ Google Chrome Update
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...
SC Magazine

With details sparse, vendors scramble to make sense of Biden 100-day grid security plan

The Biden administration launched what it called a “bold” 100-day sprint to improve the cybersecurity of electric utilities on Tuesday. The plan was not released in full to the public, or to many vendors who might be instrumental in...
The Register

China broke into govt, defense, finance networks via zero-day in Pulse Secure VPN gateways? No way

Crucial flaw won't be fixed until next month Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day...