SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Hiding in Hex https://isc.sans.edu/diary/Hiding%20in%20Hex/30322 Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2023.html Citrix Vulnerability Exploited CVE-2023-4966 https://www.mandiant.com/resources/blog/remediation-netscaler-adc-gateway-cve-2023-4966 Exposed Jupyter Notebooks Exploited https://www.cadosecurity.com/qubitstrike-an-emerging-malware-campaign-targeting-jupyter-notebooks/

Topics discussed include changes to SMS delivery and its effects on MFA and phishing, a fake traffic ticket scam with QR codes, a vulnerability in Synology NAS, and a vulnerability in Milesight routers.

Are Typos Still relevant As An Indicator of Phishing https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316 Active Exploitation of Cisco ISO XE Software Web Management User Interface Vuln https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/ Mail traffic to cancelled domain names https://www.sidn.nl/en/nl-domain-name/mail-traffic-to-cancelled-domain-names SAMBA Update https://www.samba.org/samba/history/security.html

What's Normal: Odd Mac Addresses https://isc.sans.edu/forums/diary/What's%20Normal%3A%20MAC%20Addresses/30310/ Domain Name Used as Password Captured by DShield Sensor https://isc.sans.edu/forums/diary/Domain%20Name%20Used%20as%20Password%20Captured%20by%20DShield%20Sensor/30312/ PoC Exploit for CVE-2023-41993 https://github.com/po6ix/POC-for-CVE-2023-41993 AvosLocker Ransomware Details https://www.cisa.gov/sites/default/files/2023-10/aa23-284a-joint-csa-stopransomware-avoslocker-ransomware-update.pdf DarkGate Spreading via Skype and Teams https://www.trendmicro.com/en_ph/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html

SeroXen RAT in Typosquatted NuGet Packages https://blog.phylum.io/phylum-discovers-seroxen-rat-in-typosquatted-nuget-package/ Hexadecimal IP Addresses https://asec.ahnlab.com/en/57635/ Juniper Vulnerabilities https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories] Unpatched Squid Vulnerabilities https://joshua.hu/squid-security-audit-35-0days-45-exploits BSIDES Jacksonville https://bsidesjax.org

CVE-2023-22515 Activately Exploited https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html curl SOCKS5 oversized hostname vulnerability CVe-2023-38545 https://isc.sans.edu/diary/CVE-2023-38545%3A%20curl%20SOCKS5%20oversized%20hostname%20vulnerability.%20How%20bad%20is%20it%3F/30304 Adobe Acrobat Vulnerablity Actively Exploited CVE-2023-21608 https://www.cisa.gov/news-events/alerts/2023/10/10/cisa-adds-five-known-vulnerabilities-catalog Google Makes Passkey the Default https://blog.google/technology/safety-security/passkeys-default-google-accounts/ VBScript Deprecated from Windows https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features

http2 rapid reset https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ microsoft patch tuesday https://isc.sans.edu/diary/October%202023%20Microsoft%20Patch%20Tuesday%20Summary/30300

SIP file format and Mhcard attacks, obfuscation techniques in firewalls, and vulnerabilities in Sophos and WatchGuard

Binary IPv6 Address Conversion https://isc.sans.edu/diary/Binary%20IPv6%20Addresses/30290 Wireshark Updates https://www.wireshark.org/ Improved GitHub Secret Scanning https://github.blog/2023-10-04-introducing-secret-scanning-validity-checks-for-major-cloud-services/ Prerooted Android Devices https://arstechnica.com/security/2023/10/thousands-of-android-devices-come-with-unkillable-backdoor-preinstalled/ curl update https://github.com/curl/curl/discussions/12026

Topics discussed include the decoding of IP addresses, Cisco vulnerability, malicious Python packages, obfuscation techniques in packages, and Super Micro vulnerabilities.