SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Hackers Love This VSCode Extension: What You Can Do to Stay Safe https://isc.sans.edu/diary/Hackers%20Love%20This%20VSCode%20Extension%3A%20What%20You%20Can%20Do%20to%20Stay%20Safe/29610 Protecting Android Clipboard Content from Unintended Exposure https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/ SYS01 Stealer Targeting Facebook Accounts https://blog.morphisec.com/sys01stealer-facebook-info-stealer

Scanning s3 Buckets https://isc.sans.edu/diary/Scanning%20s3%20buckets/29606 HiatusRAT Router Malware https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/ SonicWall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004 Windows Word RCE Proof-of-Concept https://twitter.com/jduck/status/1632471544935923712 https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md DBatLoader and Remcos RAT https://www.sentinelone.com/blog/dbatloader-and-remcos-rat-sweep-eastern-europe/

SANS.edu Commencement https://www.linkedin.com/feed/update/urn:li:activity:7037794067266625536/ SCARLETEEL: Operation Leverating Terraform, Kubernetes and AWS for data theft https://sysdig.com/blog/cloud-breach-terraform-data-theft/ Preventing Malicious OneNote Files https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/ Redis Miner Leverages Command Line File Hosting Service https://www.cadosecurity.com/redis-miner-leverages-command-line-file-hosting-service/

YARA: Detect the Unexpected https://isc.sans.edu/diary/YARA%3A%20Detect%20The%20Unexpected%20.../29598 Drone Security and the Mysterious Case of DJI's DroneID https://github.com/RUB-SysSec/DroneSecurity Booking.com OAuth Flaw https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com SANS.edu Student Marco Gfeller: Lightweight Python-Based Malware Analysis Pipeline https://www.sans.org/white-papers/lightweight-python-based-malware-analysis-pipeline/

Python Infostealer Targeting Gamers https://isc.sans.edu/diary/Python%20Infostealer%20Targeting%20Gamers/29596 DNS Abuse Techniques Matrix https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix_v1.1.pdf BlackLotus UEFI Bootkit https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/ TCG TPM2.0 implementations vulnerable to memory corruption https://kb.cert.org/vuls/id/782720 Aruba Vulnerability https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt Cisco VoIP Phone WebUI RCE https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP

BB11 Distribution Qakbot (Qbot) activity https://isc.sans.edu/diary/BB17%20distribution%20Qakbot%20%28Qbot%29%20activity/29592 LastPass Incident Details https://support.lastpass.com/help/incident-1-additional-details-of-the-attack https://support.lastpass.com/help/incident-2-additional-details-of-the-attack CISA Red Team Shares Key Findings https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a Jailbreak Chat https://www.jailbreakchat.com

Phishing Again and Again https://isc.sans.edu/diary/Phishing%20Again%20and%20Again/29588 Unlocked Phone Stealing https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a More Fake Authenticator Apps https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/ Zoneminder Vulnerability https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr WebLogic Exploit (not verified) CVE-2023-21839 https://github.com/4ra1n/CVE-2023-21839/blob/master/cmd/main.go

URL Files and WebDav used for IcedId Bockbot Infection https://isc.sans.edu/diary/URL%20files%20and%20WebDAV%20used%20for%20IcedID%20%28Bokbot%29%20infection/29578 oledump msi file plugin https://isc.sans.edu/diary/oledump%20%26%20MSI%20Files/29584 Automatic Disruption of Ransomware and BEC attacks with Microsoft 365 Defender https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatic-disruption-of-ransomware-and-bec-attacks-with/ba-p/3738294 Cisco Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX

Updated Exchange AV Guidance https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464 Best Practices for Securing Your Home Network https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF Attacks on Data Center Organizations https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations NPM Package Phishing https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/ Malicious PyPi Packages https://www.fortinet.com/blog/threat-research/more-supply-chain-attacks-via-new-malicious-python-packages-in-pypi

Internet Wide Scan Fingerprinting Confluence Servers https://isc.sans.edu/diary/Internet%20Wide%20Scan%20Fingerprinting%20Confluence%20Servers/29574 Apple Updates Advisories https://support.apple.com/en-us/HT213606 https://support.apple.com/en-us/HT213605 https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html Questionable two-factor Apps https://twitter.com/mysk_co/status/1627097291063435264 VMWare Carbon Black App Control Vulnerability https://www.vmware.com/security/advisories/VMSA-2023-0004.html