SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Security Related DNS Records https://isc.sans.edu/diary/Security%20Relevant%20DNS%20Records/30194 Microsoft Reveleas Details about Key Loss https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/ September Android Updates https://source.android.com/docs/security/bulletin/2023-09-01 Google Chrome Update https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html Atlas VPN Tunnel Termination Vulnerability https://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/

Common Usernames Submitted to Honeypots https://isc.sans.edu/diary/Common%20usernames%20submitted%20to%20honeypots/30188 TPM LUKS Bypass https://pulsesecurity.co.nz/advisories/tpm-luks-bypass Cross Tenant Impersonation Prevention and Detection https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection

What is the Origin of Passwords Submitted to Honeypots https://isc.sans.edu/diary/What%20is%20the%20origin%20of%20passwords%20submitted%20to%20honeypots%3F/30182 Creating a YARA Rule to Detect Obfuscated Strings https://isc.sans.edu/diary/Creating%20a%20YARA%20Rule%20to%20Detect%20Obfuscated%20Strings/30186 VMware Aria Operations for Networks Hardcoded Keys 2023-34039 https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/ https://github.com/sinsinology/CVE-2023-34039/ Windows will Disable TLS 1.0/1.1 https://learn.microsoft.com/en-us/windows/release-health/windows-message-center

The podcast discusses the low cost of cybercrime, GitHub Action vulnerabilities, exploitation of Cisco ASA SSL VPNs, Splunk vulnerabilities, and issues with top-level domains. They also talk about simple phishing attacks, the effectiveness of disguised HTML pages, and challenges in supply chain security. Additionally, they mention a recent VPN attack, misconfigurations in top-level domains, and an event announcement.

The hosts discuss hurricane preparedness for home offices and small businesses. They also cover a remote code execution vulnerability in Notepad++. In addition, they talk about recent security vulnerabilities in Winrar and Seven-SIP. Lastly, they touch on the issues with BGP error processing.

Topics discussed include survival time for web sites, PDF/ActiveMime Polyglot Maldocs, RocketMQ vulnerability exploitation, and ManageEngine vulnerability. The podcast also explores the concept of certificate transparency and its implications, as well as a new technique of embedding Word documents in PDFs.

The podcast discusses the WinRAR vulnerability, Juniper's out of cycle fix for OS vulnerabilities, and Microsoft's extended protection for Exchange servers. It also covers the presence of malicious packages in Rust and announces upcoming travel plans to London and a community evening event.

Topics discussed include malware using Postgres for covert communication, tips for identifying network connections, limitations of CVEs and CVSS scoring system, certificate authority revocation, and malicious NPM package.

The podcast covers topics such as creating a 'QWERTY' keyboard walk password generator with ChatGPT, the FBI's warning about persistent barracuda backdoors, and an authentication bypass vulnerability in Ivanti Sentry. It also discusses the dropping of Whiffy Recon WiFi scanning and geolocation malware by Smoke Loader.

Topics discussed include exotic Excel files dropping AgentTesla, WinRAR vulnerability being exploited, Aruba vulnerabilities, new attacks targeting Excel users, Winrar vulnerability exploitation, malware attacks on stock traders, and network vulnerabilities