SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Who Put the "Dark" in DarkVNC? https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210 sigstore General Availability https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/ https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/ URLScan.io's SOAR Spot: Chatty Security Tools Leaking Private Data https://positive.security/blog/urlscan-data-leaks Checkmk: Remote Code Execution by Chaining Multiple Bugs https://blog.sonarsource.com/checkmk-rce-chain-1/

OpenSSL 3.0 Punycode Vulnerability Fix https://isc.sans.edu/forums/diary/Critical+OpenSSL+30+Update+Released+Patches+CVE20223786+CVE20223602/29208 https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

NMAP without NMAP - Port Testing and Scanning with PowerShell https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202 ConnectWise Recover and R1Soft Server Backup Critical Vulnerability https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html LODEINFO 2022 Abusing Security Software https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/ Spring Security Vulnerability https://tanzu.vmware.com/security/cve-2022-31692

Supersizing you DUO and 365 Integration https://isc.sans.edu/forums/diary/Supersizing%20your%20DUO%20and%20365%20Integration/29194/ TCP/IP Vulnerability CVE-2022 34718 PoC Restoration and Analysis https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf Juniper SSLVON / JunOS RCE Vulnerabilities https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/ Raspberry Robin Update https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/

Upcoming Critical OpenSSL Vulnerability: What will be Affected? https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192 Apple Updates https://support.apple.com/en-us/HT201222 Fodcha Botnet Reaches 1Tbps https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/ https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/

Why is My Cat Using Baidu And Other IoT DNS Oddities https://isc.sans.edu/forums/diary/Why+is+My+Cat+Using+Baidu+And+Other+IoT+DNS+Oddities/29188 OpenSSL Critical Flaw to Be Patched https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html MacOS Ventura Blocks Security Tools https://www.wired.com/story/apple-macos-ventura-bug-security-tools/ Critical VMWare Security Tools https://www.vmware.com/security/advisories/VMSA-2022-0027.html

Massing Cryptomining Operation via Github Actions https://sysdig.com/blog/massive-cryptomining-operation-github-actions/ Daixin Team Ransomware Targeting Healthcare Providers https://www.ic3.gov/Media/News/2022/221021.pdf Cisco Anyconnect Client Exploited in the Wild https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj SQLite Vulnerability Details https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/

C2 Communications Through Outlook.com https://isc.sans.edu/forums/diary/C2+Communications+Through+outlookcom/29180 Apple Patches Everything October 2022 Edition https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything%3A%20October%202022%20Edition/29182/ Cisco ISE Patch https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM Dormant Colors Live Campaign With Over 1m Data Stealing Extensions Installed https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849

Sczriptzzbn Inject Pushes Malware for NetSupport RAT https://isc.sans.edu/forums/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170/ rtfdump find options https://isc.sans.edu/forums/diary/rtfdumps+Find+Option/29174 Exploited Windows Zero Day Lets JavaScript Files Bypass Security Warnings https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/ A study of malicious CVE proof of concept exploits in GitHub https://arxiv.org/pdf/2210.08374.pdf F5 Patches https://support.f5.com/csp/article/K11830089 https://support.f5.com/csp/article/K30425568 Synology Updates https://www.synology.com/en-global/security/advisory/Synology_SA_22_17

Forensic Value of Prefetch https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/ Microsoft TLS Fix https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5 CISA Releases ScubaGear to Audit M365 https://github.com/cisagov/ScubaGear HTTP/3 Connection Contamination https://portswigger.net/research/http-3-connection-contamination