SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Quick NTP Measurement https://isc.sans.edu/diary/Can%20you%20please%20tell%20me%20what%20time%20it%20is%3F%20Adventures%20with%20public%20NTP%20servers./29368 FBI Favors Ad Blockers https://www.ic3.gov/Media/Y2022/PSA221221 Hidden Costs of Parental Control Apps https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/ ProxyNotShell Mitigtation Bypass https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/

Linux File System Monitoring and Actions https://isc.sans.edu/diary/Linux%20File%20System%20Monitoring%20%26%20Actions/29362 Feed of NTP Server IP Addresses https://isc.sans.edu/api/threatlist/ntpservers?json Feed of Mastodon Server IP Addresses https://isc.sans.edu/api/threatlist/mastodon?json Packet Tuesday TLS Server Hello https://www.youtube.com/watch?v=2HymU4dxWEQ Android Preparing Support for Updatable Root Certificates https://blog.esper.io/android-14-updatable-certificates/ Elastic IP Hijacking https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws Microsoft Fixes HyperV issues With Latest Patch https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#2988

Hunting for Mastodon Servers https://isc.sans.edu/diary/Hunting%20for%20Mastodon%20Servers/29358 KB5021233 Blue Screen https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#2986msgdesc Edge Update will disable Internet Explorer in February https://learn.microsoft.com/en-us/deployedge/edge-learnmore-neededge Gatekeeper's Achilles heel: Unearthin a macOS vulnerability https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/ Corsair Bug not causing keystroke logging https://arstechnica.com/gadgets/2022/12/corsair-says-bug-not-keylogger-behind-some-k100-keyboards-creepy-behavior/ SentinelSneak: Malicious PyPi module poses as security software development kit

Infostealer Malware with Double Extension https://isc.sans.edu/diary/Infostealer%20Malware%20with%20Double%20Extension/29354 Client Side Encryption For GMail https://workspaceupdates.googleblog.com/2022/12/client-side-encryption-for-gmail-beta.html Google Releases OSV Scanner https://github.com/google/osv-scanner/releases/tag/v1.0.1 Samba Security Patches https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html Zyxel Router Buffer Overflow https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/

Google ads lead to fake software pages pushing IcedID (Bokbot) https://isc.sans.edu/diary/Google%20ads%20lead%20to%20fake%20software%20pages%20pushing%20IcedID%20%28Bokbot%29/29344 HTML smugglers turn to SVG images https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/ GitHub Improvements https://github.blog/2022-12-14-raising-the-bar-for-software-security-next-steps-for-github-com-2fa/ NIST Retires SHA-1 https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm

Microsoft Patch Issues: https://support.microsoft.com/en-us/topic/december-13-2022-kb5021249-os-build-20348-1366-d5fe7608-bc9d-4055-a88c-fb2fd3d5fd45 https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/so-you-say-your-dc-s-memory-is-getting-all-used-up-after/ba-p/3696318 Critical Remote Code Execution Vulneraiblity in SPNEGO Extended Negotiation Security Mechanism https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/ VMWare EHCI Controller Vulnerability CVE-2022-31705 https://www.vmware.com/security/advisories/VMSA-2022-0033.html Veem Vulnerability now Exploited https://www.veeam.com/kb4288 nuget / npm / pypi used to host phishing pages https://checkmarx.com/blog/how-140k-nuget-npm-and-pypi-packages-were-used-to-spread-phishing-links/

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20December%202022%20Patch%20Tuesday/29336 Apple Patches https://isc.sans.edu/diary/Apple%20Updates%20Everything/29338 Citrix Patches https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/

Quickie: CyberChef Sorting By String Length https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328 FortiOS Buffer Overlow https://www.fortiguard.com/psirt/FG-IR-22-398 A Custom Python Backdoor for VMWare ESXi Servers https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers Fuzzing Ping https://tlakh.xyz/fuzzing-ping.html

Fast Port Scanning in Powershell https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324 Bypassing WAFs with JSON https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf Invisbile npm malware evading security checks https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/ PCI Secre Software Standard V 1.2 https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf VMWare/VCenter Patches https://www.vmware.com/security/advisories/VMSA-2022-0030.html

Finding Gaps in Syslog https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314 Internet Explorer Vulnerabilty used in Malicious Word Document https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/ Zombinder Obfuscation Service used by Ermac https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html Cisco IP Phone Vulnerability CVE-2022-20968 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U daloRADIUS Vulnerablity CVE-2022-23475 https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app/ SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge/