SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Citrix Scanning https://isc.sans.edu/forums/diary/Active+Exploit+Attempts+Targeting+Recent+Citrix+ADC+Vulnerabilities+CTX276688/26330/ https://www.youtube.com/watch?time_continue=6&v=1_D4_9BKHSc&feature=emb_logo Juniper Patches https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES Google Releases Tsunami Security Scanner https://github.com/google/tsunami-security-scanner SANS.edu Student Billy Wilson: Security Supercomputers with BPF Probes https://www.sans.org/reading-room/whitepapers/detection/securing-soft-underbelly-supercomputer-bpf-probes-39635#__utma=56421037.1361558334.1422039453.1445264258.1445266863.510&__utmb=56421037.17.9.1445268558432&__utmc=56421037&__utmx=-&__utmz=56421037.1444729543.493.57.utmcsr=admin.sans.org|utmccn=%28referral%29|utmcmd=referral|utmcct=/account/madmin/account_manage

Obfuscated Malware https://isc.sans.edu/forums/diary/If+You+Want+Something+Done+Right+You+Have+To+Do+It+Yourself+Malware+Too/26320/ PaloAlto Networks PAN-OS CVE-2020-2034 https://security.paloaltonetworks.com/CVE-2020-2034 Citrix Vulnerability Details (CVE-2020-8194) https://dmaasland.github.io/posts/citrix.html Mozilla Suspending Send Service https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/

F5 Big IP Wrapup https://twitter.com/NCCGroupInfosec/status/1280593966879125504 https://www.sans.org/webcasts/116065 Citrix ADC / Citrix Gateway Patches https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/ Microsoft Releases Free Memory Analysis Service https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/

More BigIP Exploits https://isc.sans.edu/forums/diary/Summary+of+CVE20205902+F5+BIGIP+RCE+Vulnerability+Exploits/26316/ Special F5 BigIP Webcast https://www.sans.org/webcasts/116065 Microsoft ATP Web Content Filtering https://techcommunity.microsoft.com/t5/microsoft-defender-atp/an-update-on-web-content-filtering/ba-p/1505445 Ouch Newsletter: Ransomware https://www.sans.org/security-awareness-training/resources/ransomware Extended Research Feed: Added Net Systems Research https://isc.sans.edu/api/threatcategory/research

F5 BigIP Critical RCE https://support.f5.com/csp/article/K52145254 https://isc.sans.edu/forums/diary/CVE20205902+F5+BIGIP+Exploitation+Attempt/26310/ https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4 https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller Guacamole RDP Gateway Vulnerability https://blog.checkpoint.com/2020/07/02/hole-y-guacamole-fixing-critical-vulnerabilities-in-apaches-popular-remote-desktop-gateway/ Barclays Caught Serving Code from Wayback Machine https://www.theregister.com/2020/07/03/barclays_bank_javascript_wayback_machine/

Alina PoS Malware Exfiltrating Data via DNS https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/ Evil Quest "Ransomware" Update https://objective-see.com/blog/blog_0x59.html IBM Cyber Resilient Organziation Report https://www.ibm.com/account/reg/us-en/signup?formid=urx-45839

Window 10 / 2019 Server Out of Order Patch https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457 MacOS Ransomare Arrives as Fake Little Snitch Software https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/ VPN Privilege Escalation https://0xsha.io/posts/zombievpn-breaking-that-internet-security DNSSEC Phishing Scam https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/

Sysmon 11.10 and ADS Logging https://isc.sans.edu/forums/diary/Sysmon+and+Alternate+Data+Streams/26292/ Paloalto PAN-OS SAML Vulnerability https://security.paloaltonetworks.com/CVE-2020-2021 Cisco Telnet Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html

MacOS 11 Security Changes https://www.sentinelone.com/blog/macos-big-sur-9-big-surprises-for-enterprise-security/ Certificate Lifetime Limited to 1 Year Starting September https://chromium.googlesource.com/chromium/src/+/ae4d6809912f8171b23f6aa43c6a4e8e627de784 https://support.apple.com/en-us/HT211025 https://lists.cabforum.org/pipermail/servercert-wg/2020-June/002000.html

Recordings of the Tech Tuesday Workshop https://isc.sans.edu/forums/diary/Tech+Tuesday+Recap+Recordings+Part+2+Installing+the+Honeypot+release/26280/ https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A Credit Card Skimmers Hide Code in Favicon EXIF Data https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/ GeoVision Scanners Vulnerabilities https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html Docker Images Containing Cryptojacking Malware https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/ SANS.edu Student Karim Lalji: https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640