SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Exploring Fernet encryption in malware and the introduction of Xavier's malware analysis tool, along with analyzing malware files through hash values and VirusTotal lookup. Plus, the significance of updating software to fix exploited vulnerabilities in Adobe's ColdFusion and open fire chat software, and the latest version of XLoader, a Mac malware that spreads via software update tricks.

Discussion on the increase in scans for open proxies and exploitation of VANTE Sentry vulnerability. Issues with logging in and vulnerability in mutual TLS implementation are also explored.

Topics discussed include a Zalando phishing incident leading to a remote access tool, a vulnerability in WinRAR, Hotmail SPF errors causing spam false positives, DLL hijacking in the Asian gambling sector, and Google Chrome's new security feature for malicious extensions.

This podcast discusses command line parsing issues in Linux, a tampering technique in iOS 16, attacks on LinkedIn accounts, and privacy concerns related to robot vacuums.

Discussion on malicious modules in PowerShell Gallery and the importance of accurate timekeeping. Increase in targeted QR code attacks and the release of a Citrix ADC scanner tool by Mandiant.

This podcast covers security vulnerabilities in macOS Ventura's background task manager, including a bypass method, and a stack-based buffer overflow vulnerability in Eventy Avalanche. It also discusses vulnerabilities in Synology Cloud's quick connect feature and a warning from the FBI about fake cryptocurrency apps.

Discussion on PDFID false positives and a Microsoft vulnerability patch. Patch for power management systems used in data centers and vulnerabilities in CyberPower and Dataprobe. Ford's car Wi-Fi vulnerability with a buffer overflow issue in the Texas Instrument module.

Show Me All Your Windows https://isc.sans.edu/diary/Show%20me%20All%20Your%20Windows!/30116 Zero Touch Pwn https://blog.syss.com/posts/zero-touch-pwn/ Maginot DNS Spoofing Attack https://www.usenix.org/conference/usenixsecurity23/presentation/li-xiang

Some things never change, such as SQL Authentication "Encryption" https://isc.sans.edu/diary/Some%20things%20never%20change%20%3F%20such%20as%20SQL%20Authentication%20%3Fencryption%3F/30112 Defender Pretender: When Windows Defender Updates Become a Security Risk https://www.blackhat.com/us-23/briefings/schedule/#defender-pretender-when-windows-defender-updates-become-a-security-risk-32706 Dell Compellent Hardcoded Key https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities Vulnerabilities in Sogou Keyboard https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/

Tunnelcrack VPN Vulnerability https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf Mozilla VPN Vulnerablity https://www.openwall.com/lists/oss-security/2023/08/03/1 Non English Exchange Server Patch Issues https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/bc-p/3894481/highlight/true VSCode Token Security https://cycode.com/blog/exposing-vscode-secrets/ Weekly Updates for Google Chrome https://security.googleblog.com/2023/08/an-update-on-chrome-security-updates.html