SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Exploratory Data Analysis with CISSM Cyber Attacks Database Part 2 https://isc.sans.edu/diary/Exploratory%20Data%20Analysis%20with%20CISSM%20Cyber%20Attacks%20Database%20-%20Part%202/29828 Microsoft Patched Outlook (actually Windows) vulnerability again https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api Law Enforcement and Intelligence Agencies Disable "Snake" Malware https://media.defense.gov/2023/May/09/2003218554/-1/-1/1/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF Fake System Update Drop Malware https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20May%202023%20Patch%20Tuesday/29826 GitHub "Push Protection" now out of Beta https://github.blog/2023-05-09-push-protection-is-generally-available-and-free-for-all-public-repositories/

QR Codes Used in Fake Parking Tickets and Surveys https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/ Microsoft Edge Update https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel Facebook Sees More Fake ChatGPT https://about.fb.com/news/2023/05/metas-q1-2023-security-reports/ CyberGhost VPN Vulnerability https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/

Quickly Finding Encoded Payloads in Office Documents https://isc.sans.edu/forums/diary/Quickly+Finding+Encoded+Payloads+in+Office+Documents/29818/ Exploratory Data Analysis with CISSM Cyber Attacks Database Part 1 https://isc.sans.edu/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/ Guildma is now Abusing Colorcpl.exe LOLBIN https://isc.sans.edu/forums/diary/Guildma+is+now+abusing+colorcplexe+LOLBIN/29814/ Leaked MSI Keys https://github.com/binarly-io/SupplyChainAttacks/blob/main/MSI/ImpactedDevices.md https://twitter.com/matrosov/status/1654560343295934464 PHP Packages Compromised https://blog.packagist.com/packagist-org-maintainer-account-takeover/

Infostealer Embedded in a Word Document https://isc.sans.edu/diary/Infostealer%20Embedded%20in%20a%20Word%20Document/29810 Cisco SPA-112 Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW Fortinet May Updates https://www.fortiguard.com/psirt?date=05-2023 PaperCut exploitation - A Different Path to Code Execution https://vulncheck.com/blog/papercut-rce

Increased Number of Configuration File Scans https://isc.sans.edu/diary/Increased%20Number%20of%20Configuration%20File%20Scans/29806 Google Enabling Passkeys https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/ Chrome to Drop Lock Icon from HTTPS https://blog.chromium.org/2023/05/an-update-on-lock-icon.html Attack Against AMD TPM Implementation https://arxiv.org/abs/2304.14717

VBA Project References https://isc.sans.edu/diary/VBA%20Project%20References/29800 BGP Message Parsing Vulnerabilities in FRRouting https://www.forescout.com/blog/three-new-bgp-message-parsing-vulnerabilities-disclosed-in-frrouting-software/ JWT ECDSA Algorithm Confusion https://blog.pentesterlab.com/exploring-algorithm-confusion-attacks-on-jwt-exploiting-ecdsa-23f7ff83390f

Passive Analysis of a Phishing Attachment https://isc.sans.edu/diary/%22Passive%22%20analysis%20of%20a%20phishing%20attachment/29798 Apple Rapid Security Response https://www.macrumors.com/2023/05/01/rapid-security-response-16-4-1/ Grafana Security Release https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/ Illumina Vulnerability https://www.fda.gov/medical-devices/letters-health-care-providers/illumina-cybersecurity-vulnerability-affecting-universal-copy-service-software-may-present-risks

Quick IOC Scan With Docker https://isc.sans.edu/diary/Quick%20IOC%20Scan%20With%20Docker/29788 Dobfuscation Scripts When Encodings Help https://isc.sans.edu/diary/Deobfuscating%20Scripts%3A%20When%20Encodings%20Help/29792 Hackers Are Breaking Into AT&T Email Accounts To Steal Cryptocurrency https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/ Trheat Actor Selling New Atomic MacOS AMOS Stealer on Telegram https://blog.cyble.com/2023/04/26/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram/ Zyxel Firewall Vulnerability https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls

Ransomware Gang Exploiting Unpatches Veeam Backup Products https://www.computerweekly.com/news/365535586/Ransomware-gang-exploiting-unpatched-Veeam-backup-products Google Authenticator Sync Encryption https://security.googleblog.com/2023/04/google-authenticator-now-supports.html Keycloak Vulnerability https://out.reddit.com/t3_130km04?url=https%3A%2F%2Fwww.offensity.com%2Fen%2Fblog%2Fuser-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264%2F&token=AQAAjSdLZJTzQM37107hVzYY-tbz6ak81pMNqN9qv3m2SWXEOMIm&app_name=web2x&user_id=33629461&web_redirect=true