SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Qiling: A true instrumentable binary emulation framework https://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/ Python "ipaddress" improper input validation https://sick.codes/sick-2021-014/ EXIF Tool Vulnerabilities https://twitter.com/wcbowling/status/1385803927321415687 ABUS Secvest Internet Connected Alarm Systems https://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973 FiveHands Ransomware Installed via SonicWall Flaw https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html

From Python to .Net https://isc.sans.edu/forums/diary/From+Python+to+Net/27366/ PHP Composer Vulnerability https://blog.sonarsource.com/php-supply-chain-attack-on-composer Microsoft Identifies Several Integer Overflow Vulnerablities https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04

Stopping Google FLoC https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/ https://amifloced.org RotaJakiro Backdoor https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/ F5 Big IP Kerberos Spoofing Vulnerablity https://support.f5.com/csp/article/K51213246

Diving into a Singapore Post Phihsing E-Mail https://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/ Two in Five Victims of Online Scam Adverts Do Not Report to Host Platforms https://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/ Microsoft Defender Blocks Cryptojacking Malware https://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/ Linux Privilege Escalation Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211

CAD: .DGN and .MVBA Files analyzed with oledump https://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/ MacOS 0-Day Bug Patched https://objective-see.com/blog/blog_0x64.html https://support.apple.com/en-us/HT201222 Emotet Uninstaller Triggered https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/ HashiCorp Code Signing Key Exposed By Codecov Compromise https://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/

Compact VBA Macros https://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/ Base64 Strings Used in Web Scanning https://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/ Clickstudios Password Manager Compromise https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/ Homebrew Code Execution Vulnerability https://brew.sh/2021/04/21/security-incident-disclosure/ Apple AirDrop Shares Personal Data https://www.informatik.tu-darmstadt.de/fb20/ueber_uns_details_231616.en.jsp

How Safe are Your Docker Images https://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/ Additional SolarWinds Infrastructure https://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/ Cellebrite Exploit https://signal.org/blog/cellebrite-vulnerabilities/ Duo 2FA Bypass https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/

Linux Kernel Maintainer Calls Out "hypocrite commits" by University of Minnesota https://lore.kernel.org/lkml/20210421130105.1226686-38-gregkh@linuxfoundation.org/ https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf QNAP QLocker uses 7-Zip https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/ Chrome O-Day Fixed https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html

Pulse Secure VPN 0-Day Exploited https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilities https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/ Synology Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more Air Fryer Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html

Hunting Phishing Websites with Favicon Hashes https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/ Nagios XI Vulnerability Exploited by Cryptominers https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/ XCSSET Malware Adapting to MacOS 11 and M1 https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html QNAP Patches https://www.qnap.com/de-de/security-advisories?ref=security_advisory_details Juniper Updates https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES