Episoder
-
Sysinternals Process Monitor Version 4 Released
https://isc.sans.edu/diary/Sysinternals%27%20Process%20Monitor%20Version%204%20Released/31026
Kaspersky Sanctions
https://home.treasury.gov/news/press-releases/jy2420
Phoenix UEFI Buffer Overflow Affects Wide Range of Systems
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
Ghostscript Update
https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
js2py vulnerability
https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape -
No Excuses: Free Tools to Help Secure Authentication in Ubuntu
https://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024
Handling BOM MIME Files
https://isc.sans.edu/diary/Handling+BOM+MIME+Files/31022
Atlasiun Confluence Data Center and Server Vuln
https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html
Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes
https://modzero.com/en/blog/beyond_the_at_symbol/
VMWare Patches
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 -
Manglende episoder?
-
New NetSupport Campaign Deleivered Through MSIX Packages
https://isc.sans.edu/diary/New%20NetSupport%20Campaign%20Delivered%20Through%20MSIX%20Packages/31018
D-Link Router Backdoor
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398
iTerm2 Vulnerablity
https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html
NextCloud Vulnerability
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c -
Overview of My Tools That Handle JSON Data
https://isc.sans.edu/diary/Overview%20of%20My%20Tools%20That%20Handle%20JSON%20Data/31012
Python Serialization and "Sleepy Pickle"
https://x.com/MarkBaggett/status/1801732554740969561
Detecting Headless Chrome
https://deviceandbrowserinfo.com/learning_zone/articles/detecting-headless-chrome-puppeteer-2024
Detecting Malicious VS Code Extensions
https://medium.com/@amitassaraf/4-6-introducing-extensiontotal-how-to-assess-risk-in-vs-code-extensions-3ac5bfd83fb1
ASUS Router Critical Vulnerability
https://www.asus.com/content/asus-product-security-advisory/ -
The Art of JQ and Command-Line Fu
https://isc.sans.edu/diary/The%20Art%20of%20JQ%20and%20Command-line%20Fu%20%5BGuest%20Diary%5D/31006
Microsoft Outlook Vulnerablity Details
https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability
Keeping our Outlook Personal Email Users Safe
https://techcommunity.microsoft.com/t5/outlook-blog/keeping-our-outlook-personal-email-users-safe-reinforcing-our/ba-p/4164184
Exploiting ML models with pickle file attacks
https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/ -
MSMQ Packets
https://isc.sans.edu/diary/Port%201801%20Traffic%3A%20Microsoft%20Message%20Queue/31004
Adobe Updates
https://helpx.adobe.com/security/products/magento/apsb24-40.html
Black Basta Exploited CVE-2024-26169 Prior to Patch
https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day
Pixel Phone 0-Day Patched
https://source.android.com/docs/security/bulletin/pixel/2024-06-01
-
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202024/31000
JetBrains IntelliJ Based IDE GitHub Plugin Vulnerability
https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/
Veeam Recovery Orchestrator (VRO) vulnerability CVE-2024-29855
https://www.veeam.com/kb4585
Precor Threadmill Vulnerablity
https://securityintelligence.com/x-force/internet-connected-treadmill-vulnerabilities-discovered/ -
Veeam Exploit CVE-2024-29849
https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
SORBS Shutdown
https://www.theregister.com/2024/06/07/sorbs_closed/
Rogue Cell Tower Shut Down in London
https://www.cityoflondon.police.uk/news/city-of-london/news/2024/june/two-people-arrested-in-connection-with-investigation-into-homemade-mobile-antenna-used-to-send-thousands-of-smishing-text-messages-to-the-public/
Malicious Comfyui Modules
https://www.youtube.com/watch?v=ntwGHjBCbeQ -
PHP Unicode Remote Code Execution Exploit
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
PyTorch Distributed RPC Framework Remote Code Execution
https://huntr.com/bounties/39811836-c5b3-4999-831e-46fee8fcade3
https://www.cve.org/CVERecord?id=CVE-2024-5480
Malicious VSCode Extensions Used by Researchers
https://www.bleepingcomputer.com/news/security/malicious-visual-studio-code-extensions-with-millions-of-installs-discovered/ -
Malicious Python Script with a "Best Before" Date
https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20%22Best%20Before%22%20Date/30988
FBI Obtained 7,000 LockBit Ransomware Keys
https://www.fbi.gov/news/speeches/fbi-cyber-assistant-director-bryan-vorndran-s-remarks-at-the-2024-boston-conference-on-cyber-security
Apple Guarantees 5 Years of Security Updates
https://www.androidauthority.com/iphone-software-support-commitment-3449135/
FCC Proposes New Rule for Security Routing
https://www.fcc.gov/document/fcc-proposes-internet-routing-security-reporting-requirements -
WatchGuard VPN Brutefording
https://isc.sans.edu/diary/Brute%20Force%20Attacks%20Against%20Watchguard%20VPN%20Endpoints/30984
TotalRecall Tool To Extract Data from Microsoft Recall
https://github.com/xaitax/TotalRecall
WebEx Flaw
https://www.helpnetsecurity.com/2024/06/05/cisco-webex-cloud-vulnerability/
https://netzbegruenung.de/blog/netzbegruenung-findet-schwachstellen-auch-im-cisco-webex-clouddienst-behoerden-und-unternehmen-in-ganz-europa-betroffen/ (in german) -
A Wireshark Lua Dissector for Fixed Field Length Protocols
https://isc.sans.edu/diary/A%20Wireshark%20Lua%20Dissector%20for%20Fixed%20Field%20Length%20Protocols/30976
COX Cable Modem Admin API Weakness
https://samcurry.net/hacking-millions-of-modems
Malicous Stack Overflow Answers
https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/
Atlasian Confluence Data Center and SErver Remote Code Execution Vuln CVE-2024-21683
https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/ -
K1w1 Infostealer Uses gofile.io for Exfiltration
https://isc.sans.edu/diary/%22K1w1%22%20InfoStealer%20Uses%20gofile.io%20for%20Exfiltration/30972
Kaspersky Linux Malware Scanner
https://www.kaspersky.com/blog/kvrt-for-linux/51375/
Snowflake Incident
https://www.helpnetsecurity.com/2024/06/01/snowflake-breach-data-theft/
HuggingFace Space Secrets Leak
https://huggingface.co/blog/space-secrets-disclosure -
Feeding MISP with OSSEC
https://isc.sans.edu/diary/Feeding%20MISP%20with%20OSSEC/30968
Checkpoint VPN
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
The Pumpkin Eclipse
https://blog.lumen.com/the-pumpkin-eclipse/
Michael Dunking: Detecting Cypher Injection with Open-Source Network Intrusion Detection
https://www.sans.edu/cyber-research/detecting-cypher-injection-with-open-source-network-intrusion-detection/ -
Is that It? Finding the Unknown: Correlations Between Honeypot Logs and PCAPs
https://isc.sans.edu/diary/Is%20that%20It%3F%20%20Finding%20the%20Unknown%3A%20Correlations%20Between%20Honeypot%20Logs%20%26%20PCAPs%20%5BGuest%20Diary%5D/30962
Checkpoint 0-Day
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture
Okta warns of Credential Stuffing Against Customer Identity Cloud
https://sec.okta.com/articles/2024/05/detecting-cross-origin-authentication-credential-stuffing-attacks
Brute Forcing Old Bitcoin Wallet Password
https://www.youtube.com/watch?v=o5IySpAkThg -
Preventing SQL Injection with Python
https://www.youtube.com/watch?v=1cQy9N1Xndk
PoC Exploit for CVE-2024-23108 in Fortinet FortiSIEM
https://www.horizon3.ai/attack-research/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/
ShrinkLocker: Turning BitLocker into ransomware
https://securelist.com/ransomware-abuses-bitlocker/112643/
iconv buffer overflow PoC 2024-2961
https://github.com/ambionics/cnext-exploits/
PoC for Apple Priv. Escalation bug CVE-2024-27842
https://github.com/wangtielei/POCs/tree/main/CVE-2024-27842
https://x.com/WangTielei -
Files with TGZ Extension used as malspam attachements
https://isc.sans.edu/diary/Files%20with%20TXZ%20extension%20used%20as%20malspam%20attachments/30958
Google 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html
Google Stops Trusting Globaltrust CA
https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ
Checkpoint warns of password bruteforcing
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture?campaign=checkpoint&eid=guvrs&advisory=1
SEC522: Defending Web Applications
isc.sans.edu/j/sec522 -
Analysis of 'redtail' file uploads to ISC Honeypot
https://isc.sans.edu/diary/Analysis%20of%20%3Fredtail%3F%20File%20Uploads%20to%20ICS%20Honeypot%2C%20a%20Multi-Architecture%20Coin%20Miner%20%5BGuest%20Diary%5D/30950
Veeam Vulnerablity
https://www.veeam.com/kb4581
C-Root Server Lost Touch With Peers
https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/
Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_US
Justice AV Solutions Software Backdoor
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ -
NMAP Scanning Without Scanning - The ipinfo API
https://isc.sans.edu/diary/NMAP%20Scanning%20without%20Scanning%20%28Part%202%29%20-%20The%20ipinfo%20API/30948
Why Your WiFi Router Doubles As An Apple Airtag
https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551
https://account.microsoft.com/privacy/location-services-opt-out
https://answers.microsoft.com/en-us/windows/forum/all/wifi-sense-my-ssid-includes-optout-why-do-windows/1453142a-755a-476f-aa48-56d05b89e33c
https://www.computerworld.com/article/1484722/here-s-how-to-opt-out-of-google-s-wi-fi-snooping.html
https://www.privacy.org.nz/publications/commissioner-inquiries/google-s-collection-of-wifi-information-during-street-view-filming/ - Vis mere