SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Update: Researchers Scanning the Internet https://isc.sans.edu/diary/Update%3A%20Researchers%20scanning%20the%20Internet/30102 Malicious OpenBullet Configuration Files https://www.kasada.io/threat-intel-openbullet-malware/ Abusing Cloudflare Tunnels https://www.guidepointsecurity.com/blog/tunnel-vision-cloudflared-abused-in-the-wild/

Are Leaked Credential Dumps Used by Attackers? https://isc.sans.edu/diary/Are%20Leaked%20Credentials%20Dumps%20Used%20by%20Attackers%3F/30098 New PaperCut RCE Vulnerability https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/ Microsoft mitigates Power Platform Custom Code information disclosure vulnerability https://msrc.microsoft.com/blog/2023/08/microsoft-mitigates-power-platform-custom-code-information-disclosure-vulnerability/ Microsoft Publishes Token theft Playbook https://learn.microsoft.com/en-us/security/operations/token-theft-playbook

From small LNK to large malicious BAT file with zero VT score https://isc.sans.edu/diary/From%20small%20LNK%20to%20large%20malicious%20BAT%20file%20with%20zero%20VT%20score/30094 Social Engineering via Microsoft Teams https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/ Automating the Search for LOLBAS https://pentera.io/resources/whitepapers/the-lolbas-odyssey-finding-new-lolbas-and-how-you-can-too/ Sneaky Versioning Used to Bypass Scanners https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt Mitel Patches https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008

Zeek and Defender Endpoint https://isc.sans.edu/diary/Zeek%20and%20Defender%20Endpoint/30088 New Ivanti MobileIron Core Vulnerability https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US Salesforce Phishing https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan https://www.mitiga.io/blog/abusing-the-amazon-web-services-ssm-agent-as-a-remote-access-trojan

DNS Over HTTPS Summary https://isc.sans.edu/diary/Summary%20of%20DNS%20over%20HTTPS%20requests%20against%20our%20honeypots./30084 Malware Infects Airgapped Networks https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments Google Deleting Inactive Accounts https://support.google.com/accounts/answer/12418290?visit_id=638264210155158507-1346504535&p=inactive_account_policy_blog&rd=1 Google AMP Service Used for Phishing https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/

Ivanti End Point Manager 2nd Zero Day https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US New Redis Malware Uses Unknown Initial Access Vector https://www.cadosecurity.com/redis-p2pinfect/ https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/ Google Android 0-Day Summary https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html Wiping Sensitive Data from Printers https://psirt.canon/advisory-information/cp2023-003/

USPS Phishing Scam Targeting iOS Users https://isc.sans.edu/forums/diary/USPS+Phishing+Scam+Targeting+iOS+Users/30078/ Do Attackers Pay More Attention to IPv6 https://isc.sans.edu/diary/Do%20Attackers%20Pay%20More%20Attention%20to%20IPv6%3F/30076 Shell Code in Images https://isc.sans.edu/diary/ShellCode%20Hidden%20with%20Steganography/30074 Ivanti Mobileiron Exploit Public https://github.com/vchan-in/CVE-2023-35078-Exploit-POC/blob/main/cve_2023_35078_poc.py

Ubuntu OverlayFS Vulnerability https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability CISA Warns of Insecure Direct Option Reference Vulnerabilities https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a Sophos UTM Patch https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=utm&versionID=9.7 Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt

Suspicious IP Addresses Avoided By Malware Samples https://isc.sans.edu/diary/Suspicious%20IP%20Addresses%20Avoided%20by%20Malware%20Samples/30068 Messaging Layer Security (MLS) Protocol https://datatracker.ietf.org/doc/html/rfc9420 PySecDB: Security Commit Dataset in Python https://github.com/SunLab-GMU/PySecDB MacOS Infostealer https://www.sentinelone.com/blog/apple-crimeware-massive-rust-infostealer-campaign-aiming-for-macos-sonoma-ahead-of-public-release/

Ivanti Patches Endpoint Manager Mobile https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US Atlassian Patches https://confluence.atlassian.com/security/security-bulletin-july-18-2023-1251417643.html AMD Zen-2 Vulnerability https://lock.cmpxchg8b.com/zenbleed.html VMWare CVE-2023-20891 https://socradar.io/vmwares-response-to-the-critical-cve-2023-20891-vulnerability-exposing-cf-api-admin-credentials/