SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20December%202022%20Patch%20Tuesday/29336 Apple Patches https://isc.sans.edu/diary/Apple%20Updates%20Everything/29338 Citrix Patches https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/

Quickie: CyberChef Sorting By String Length https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328 FortiOS Buffer Overlow https://www.fortiguard.com/psirt/FG-IR-22-398 A Custom Python Backdoor for VMWare ESXi Servers https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers Fuzzing Ping https://tlakh.xyz/fuzzing-ping.html

Fast Port Scanning in Powershell https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324 Bypassing WAFs with JSON https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf Invisbile npm malware evading security checks https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/ PCI Secre Software Standard V 1.2 https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf VMWare/VCenter Patches https://www.vmware.com/security/advisories/VMSA-2022-0030.html

Finding Gaps in Syslog https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314 Internet Explorer Vulnerabilty used in Malicious Word Document https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/ Zombinder Obfuscation Service used by Ermac https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html Cisco IP Phone Vulnerability CVE-2022-20968 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U daloRADIUS Vulnerablity CVE-2022-23475 https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app/ SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge/

ZeroBot / WSZero IoT Botnet https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities https://blog.netlab.360.com/new-ddos-botnet-wszeor/ Cacti Vulnerability CVE-2022-46169 https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf Wireshark Updates https://www.wireshark.org/docs/relnotes/wireshark-4.0.2.html Apple iCloud Security Improvements https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/

Mirai Botnet and Gafgyt DDoS Team Up https://isc.sans.edu/forums/diary/Mirai%20Botnet%20and%20Gafgyt%20DDoS%20Team%20Up%20Against%20SOHO%20Routers./29304/Gafgyt/Mirai Sample; Packet Tuesday; Packet Tuesday Episode 4: TLS Client Hello https://www.youtube.com/playlist?list=PLs4eo9Tja8biVteSW4a3GHY8qi0t1lFLL Defcon Skimming: A new batch of Web Skimming attacks https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks Fake D-Link Vulnerability used by Moobot https://vulncheck.com/blog/moobot-uses-fake-vulnerability Android Patches CVE-2022-20411 https://source.android.com/docs/security/bulletin/2022-12-01?hl=en

VLCs Check For Updates No Updates https://isc.sans.edu/diary/VLCs+Check+For+Updates+No+Updates/29300 AMI MegaRAC Baseboard Managment Controller Vulnerabilities https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ Netgear IPv6 Firewall Misconfiguration https://medium.com/tenable-techblog/netgear-router-network-misconfiguration-70ac695c81a6 Veritas NetBackup Patch https://www.veritas.com/content/support/en_US/security/VTS22-019

QBot Update https://isc.sans.edu/forums/diary/obama224%20distribution%20Qakbot%20tries%20.vhd%20%28virtual%20hard%20disk%29%20images/29294/ Living of the Land: Unix tools in Windows https://isc.sans.edu/diary/Linux%20LOLBins%20Applications%20Available%20in%20Windows/29296 https://isc.sans.edu/forums/diary/Fingerexe+LOLBin/29298/ CVE-2022-44721 Crowdstrike Falcon Uninstaller https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller Android Platform Key Leak https://twitter.com/MishaalRahman/status/1598426974594433025 GitHub Pipeline Vulnerability https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust

Quarkus Java Framework Vulnerability CVE-2022-4116 https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security https://access.redhat.com/security/cve/CVE-2022-4116 FreeBSD Ping RCE CVE-2022-23093 https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc NVidia GPU Display Driver Vulnerablities CVE-2022-34669 https://nvidia.custhelp.com/app/answers/detail/a_id/5415 TrustCor CA Revoked https://www.washingtonpost.com/technology/2022/11/30/trustcor-internet-authority-mozilla/ Android Platform Certificates Used to Sign Malware https://bugs.chromium.org/p/apvi/issues/detail?id=100

What is the deal wtih these router vulnerabilities https://isc.sans.edu/diary/Whats+the+deal+with+these+router+vulnerabilities/29288/ Apple Updates https://support.apple.com/en-us/HT201222 VLC Media Player Updates CVE-2022-41325 https://www.videolan.org/security/sb-vlc3018.html VIN used to authenticate to Sirius XM Connected Vehicle Services https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/