SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Decoding Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/ Codecov Breach https://about.codecov.io/security-update/ Google Project Zero Tweaks Disclosure Rules https://googleprojectzero.blogspot.com EIPStackGroup OpENer Ethernet/IP https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02 DNS Problems with Windows 10 Security Update https://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/

Why and How You Should be Using an Internal Certificate Authority https://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/ Vulnerabilities Used By Russian Foreign Intelligence Service https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ Insecurity URL Handling https://positive.security/blog/url-open-rce SANS Research Paper: Bryan Scarbrough; Malware Detection in Encrypted TLS Traffic Through Machine Learning https://www.sans.org/reading-room/whitepapers/artificialintelligence/malware-detection-encrypted-tls-traffic-machine-learning-40185

April 2021 Forensics Quiz Solution https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Chrome 90 Released (and 0-Day Exploits) https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html https://github.com/avboy1337/1195777-chrome0day https://github.com/r4j0x00/exploits/tree/master/chrome-0day SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 Linux/Mac Malware included in npm Module https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt Congratulations to the SANS.edu National Cyber League Teams! https://twitter.com/SANS_EDU/status/1382453652602941440

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/ NAME:WRECK DNS Vulnerabilities https://www.forescout.com/research-labs/namewreck/

Example of Cleartext Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/ ASA 5506 Series Security Appliances Field Notice https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72019.html Expired Certificate for PulseSecure VPN Devices https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/?kA13Z000000fzbR Pwn2Own Summary https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html Tesla Exploited Via Google Chrome Vulnerability https://leethax0.rs/2021/04/ElectricChrome/

No Python Interpreter? This Simple RAT Installs Its Own Copy https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/ Facebook Mistakingly Suggests Adding Domains To Public Suffix List will Ease Tracking https://publicsuffix.org https://www.facebook.com/business/help/331612538028890?id=428636648170202 Facebook Ads Used to Push Clubhouse Related Malware https://www.ehackingnews.com/2021/04/cybercriminals-used-facebook-ads-to.html Identifying Cobalt Strike DNS Intrastructure https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors

Simple Powershell Ransomware Creating a 7Z Archive of your Files https://isc.sans.edu/forums/diary/Simple+Powershell+Ransomware+Creating+a+7Z+Archive+of+your+Files/27286/ HTML Lego: Hidden Phishing at Free JavaScript Site https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/ Royal FLush: Privilege Escalation Vulnerability in Azure Functions https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm Google Chrome Blocking Port 10080 https://github.com/whatwg/fetch/issues/1191#issuecomment-797659444

WiFi IDS's and Private MAC Addresses https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/ Update on PHP Incident https://externals.io/message/113981 Details about Linux Kernel Bluetooth Vulnerabilities https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html LinkedIn Leak https://www.ehackingnews.com/2021/04/data-stolen-from-500-million-linkedin.html VMWare Carbon Black Cloud Workload Applicatnce Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0005.html Cisco SD-WAN vManage Software Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy

Malspam with Lokibot vs. Outlook and RFCs https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/ SAP Attacks https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications QNAP Upates Older EOL Devices https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322 GIGASET Android Phones Infected by Compromised Update Server https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html

LinkedIn Spear-Phishing Campaign Targets Job Hunters https://threatpost.com/linkedin-spear-phishing-job-hunters/165240/ Malicious Text Files (CVE-2019-8761) https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html Rust Privacy Concerns https://www.bleepingcomputer.com/news/security/most-loved-programming-language-rust-sparks-privacy-concerns/