SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20March%202023%20Patch%20Tuesday/29634 Adobe Cold Fusion and Magento (Adobe Commerce) patches https://helpx.adobe.com/security/products/magento/apsb23-17.html https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Firefox Patches https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/

SVB Scams and New Domain Registrations https://isc.sans.edu/diary/Incoming%20Silicon%20Valley%20Bank%20Related%20Scams/29630 CISA Adds Older PLEX and VMWare Vulnerablities to Known-Exploited List https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/ FortiOS Vulnerability Exploited https://www.fortiguard.com/psirt/FG-IR-22-369

AsynRAT Trojan - Bill Payment (Pago de la factura) https://isc.sans.edu/diary/AsynRAT+Trojan+Bill+Payment+Pago+de+la+factura/29626 Mirai Payload Generator https://isc.sans.edu/diary/Overview%20of%20a%20Mirai%20Payload%20Generator/29624 Multi-Technology Script Leading to Browser Hijacking https://isc.sans.edu/diary/Multi-Technology%20Script%20Leading%20to%20Browser%20Hijacking/29620 OneNote will warn users of embeded content https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=OneNote%2CIn%20development&searchterms=122277 Google Removing Chrome Cleanup Tool https://security.googleblog.com/2023/03/thank-you-and-goodbye-to-chrome-cleanup.html

Suspected Chinese Campaign to Persist on SonicWall Devices https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall Old Cyber Gang Uses New Crypted - ScrubCrypt https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt Home Assistant Supervisor Security Vulnerability https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/ Fake ChatGPT Chrome Extensions https://www.helpnetsecurity.com/2023/03/09/fake-chatgpt-extension/ Criminals Steal Crytocurrency through Play-to-Earn Games https://www.ic3.gov/Media/Y2023/PSA230309

Increase in exploits against Joomla (CVE-2023-23752) https://isc.sans.edu/diary/Increase%20in%20exploits%20agains%20Joomla%20%28CVE-2023-23752%29/29614 Jenkins RCE Vulnerability https://blog.aquasec.com/jenkins-server-vulnerabilities Bitwarden: The Curious Use-Case of Password Pilfering https://flashpoint.io/blog/bitwarden-password-pilfering/ FortiOS Vulnerabilities https://www.fortiguard.com/psirt/FG-IR-23-001 Veeam Backup Vulnerabilities https://www.veeam.com/kb4245

Hackers Love This VSCode Extension: What You Can Do to Stay Safe https://isc.sans.edu/diary/Hackers%20Love%20This%20VSCode%20Extension%3A%20What%20You%20Can%20Do%20to%20Stay%20Safe/29610 Protecting Android Clipboard Content from Unintended Exposure https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/ SYS01 Stealer Targeting Facebook Accounts https://blog.morphisec.com/sys01stealer-facebook-info-stealer

Scanning s3 Buckets https://isc.sans.edu/diary/Scanning%20s3%20buckets/29606 HiatusRAT Router Malware https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/ SonicWall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004 Windows Word RCE Proof-of-Concept https://twitter.com/jduck/status/1632471544935923712 https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md DBatLoader and Remcos RAT https://www.sentinelone.com/blog/dbatloader-and-remcos-rat-sweep-eastern-europe/

SANS.edu Commencement https://www.linkedin.com/feed/update/urn:li:activity:7037794067266625536/ SCARLETEEL: Operation Leverating Terraform, Kubernetes and AWS for data theft https://sysdig.com/blog/cloud-breach-terraform-data-theft/ Preventing Malicious OneNote Files https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/ Redis Miner Leverages Command Line File Hosting Service https://www.cadosecurity.com/redis-miner-leverages-command-line-file-hosting-service/

YARA: Detect the Unexpected https://isc.sans.edu/diary/YARA%3A%20Detect%20The%20Unexpected%20.../29598 Drone Security and the Mysterious Case of DJI's DroneID https://github.com/RUB-SysSec/DroneSecurity Booking.com OAuth Flaw https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com SANS.edu Student Marco Gfeller: Lightweight Python-Based Malware Analysis Pipeline https://www.sans.org/white-papers/lightweight-python-based-malware-analysis-pipeline/

Python Infostealer Targeting Gamers https://isc.sans.edu/diary/Python%20Infostealer%20Targeting%20Gamers/29596 DNS Abuse Techniques Matrix https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix_v1.1.pdf BlackLotus UEFI Bootkit https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/ TCG TPM2.0 implementations vulnerable to memory corruption https://kb.cert.org/vuls/id/782720 Aruba Vulnerability https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt Cisco VoIP Phone WebUI RCE https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP