SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

String Obfuscation: Character Pair Reversal https://isc.sans.edu/diary/String%20Obfuscation%3A%20Character%20Pair%20Reversal/29654 Windows 11 Snipping Tool Privacy Bug https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/ Malicious .Net Packages https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/ Spring Framework Vulnerability https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861 Snappy Vulnerability https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc

From Phishing Kit to Telegram ... or Not https://isc.sans.edu/diary/From%20Phishing%20Kit%20To%20Telegram...%20or%20Not!/29650 Emotet uses OneNote https://cofense.com/blog/emotet-sending-malicious-emails-after-three-month-hiatus/ WSUS Update https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment#uup-considerations DOTRUNPEX .Net Injector https://research.checkpoint.com/2023/dotrunpex-demystifying-new-virtualized-net-injector-used-in-the-wild/

Old Backdoor, New Obfuscation https://isc.sans.edu/diary/Old%20Backdoor%2C%20New%20Obfuscation/29646 Samsung Exynos Chip Vulnerability https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html Android Image Cropping Problem https://twitter.com/ItsSimonTime/status/1636857478263750656/photo/1 https://acropalypse.app/ Bitwarden Pins https://ambiso.github.io/bitwarden-pin/

Simple Shellcode Dissection https://isc.sans.edu/diary/Simple%20Shellcode%20Dissection/29642 Threat Actors Exploit Progress Telerik Vulnerablity https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a Abusing Adobe Acrobat Sign to Distribute Malware https://blog.avast.com/adobe-acrobat-sign-malware Zoom Patches https://explore.zoom.us/en/trust/security/security-bulletin/ Array Networks Advisory https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf Aruba Patches https://www.arubanetworks.com/support-services/security-bulletins/

IPFS Phishing and the need for correctly set HTTP security headers https://isc.sans.edu/diary/IPFS%20phishing%20and%20the%20need%20for%20correctly%20set%20HTTP%20security%20headers/29638 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/ CVE-2023-23415 ICMP RCE https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415 Chromium Certificate Proposals https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20March%202023%20Patch%20Tuesday/29634 Adobe Cold Fusion and Magento (Adobe Commerce) patches https://helpx.adobe.com/security/products/magento/apsb23-17.html https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Firefox Patches https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/

SVB Scams and New Domain Registrations https://isc.sans.edu/diary/Incoming%20Silicon%20Valley%20Bank%20Related%20Scams/29630 CISA Adds Older PLEX and VMWare Vulnerablities to Known-Exploited List https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/ FortiOS Vulnerability Exploited https://www.fortiguard.com/psirt/FG-IR-22-369

AsynRAT Trojan - Bill Payment (Pago de la factura) https://isc.sans.edu/diary/AsynRAT+Trojan+Bill+Payment+Pago+de+la+factura/29626 Mirai Payload Generator https://isc.sans.edu/diary/Overview%20of%20a%20Mirai%20Payload%20Generator/29624 Multi-Technology Script Leading to Browser Hijacking https://isc.sans.edu/diary/Multi-Technology%20Script%20Leading%20to%20Browser%20Hijacking/29620 OneNote will warn users of embeded content https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=OneNote%2CIn%20development&searchterms=122277 Google Removing Chrome Cleanup Tool https://security.googleblog.com/2023/03/thank-you-and-goodbye-to-chrome-cleanup.html

Suspected Chinese Campaign to Persist on SonicWall Devices https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall Old Cyber Gang Uses New Crypted - ScrubCrypt https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt Home Assistant Supervisor Security Vulnerability https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/ Fake ChatGPT Chrome Extensions https://www.helpnetsecurity.com/2023/03/09/fake-chatgpt-extension/ Criminals Steal Crytocurrency through Play-to-Earn Games https://www.ic3.gov/Media/Y2023/PSA230309

Increase in exploits against Joomla (CVE-2023-23752) https://isc.sans.edu/diary/Increase%20in%20exploits%20agains%20Joomla%20%28CVE-2023-23752%29/29614 Jenkins RCE Vulnerability https://blog.aquasec.com/jenkins-server-vulnerabilities Bitwarden: The Curious Use-Case of Password Pilfering https://flashpoint.io/blog/bitwarden-password-pilfering/ FortiOS Vulnerabilities https://www.fortiguard.com/psirt/FG-IR-23-001 Veeam Backup Vulnerabilities https://www.veeam.com/kb4245