SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A Little DDoS in the Morning https://isc.sans.edu/diary/A+Little+DDoS+In+the+Morning/28900 Exposed Twitter API Keys https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/ TCL LinkHub Serialization Issues https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html Jenkins Plugin Updates https://www.jenkins.io/security/advisory/2022-07-27/

PDF Analysis Introduction and OpenActions Entries https://isc.sans.edu/diary/PDF+Analysis+Intro+and+OpenActions+Entries/28894 IPFS The New Hotbed of Phishing https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/ Mail Stealing Browser Extension https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/ Lofylife Malicious NPM Packages https://securelist.com/lofylife-malicious-npm-packages/107014/ IP Camera Vulnerability https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/ Nuki Smart Lock Vulnerabilities https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/ Foxit PDF Reader https://www.foxit.com/support/security-bulletins.html

Exfiltrating Data with Bookmarks https://isc.sans.edu/diary/Exfiltrating+Data+With+Bookmarks/28890 Critical Samba Bug Could Let Anyone Become Domain Admin https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/ Apple IP Address Range Hijacked by Rostelecom https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/ Veritas Patches https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 IBM Patches https://www.ibm.com/support/pages/node/6606251 https://www.ibm.com/support/pages/node/6607135

IcedID (BokBot) with Dark VNC and Cobalt Strike https://isc.sans.edu/diary//28884 Web Assembly Crypto Miners https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html Subzero and Knotweed https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/

How is Your macOS Security Posture https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882 Registry file with Executable Payload https://www.x86matthew.com/view_post?id=embed_exe_reg Targeted Phishing of Facebook Business Users https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf Forwarding Address is Hard https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html

PowerShell Script with Fileless Capability https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878 With Management Comes Risk: Finding Flaws in Filewave MDM https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/ CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/

An Analysis of a Discerning Phishing Website https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870 Sonicwall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 Sh*load Exploids Episdoe V: Return of the Error https://dellfer.com/shload-exploits-episode-v-return-of-the-error/

Maldoc with non-ASCII VBA Identifiers https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866 Cisco Security Updates https://tools.cisco.com/security/center/publicationListing.x? Outlook 365 Odd Supicious Login Attempt Warnings https://www.theregister.com/2022/07/21/outlook_sign_ins/ Windows RDP Brute Force Protection https://twitter.com/dwizzzleMSFT/status/1549870156771340288 Microsoft resuming blocking macros https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805

Malicious Python Script Behaving Like a Rubber Ducky https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860 Apple Patches Everything https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862 Confluence Atlasian Hard Coded Password https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html Zyxel Vulnerablity https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml DNS over HTTP/3 https://security.googleblog.com/2022/07/dns-over-http3-in-android.html

Beacon Request https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856 Oracle July 2022 CPU https://www.oracle.com/security-alerts/cpujul2022.html CloudMensis MacOS Spyware https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/ GPS Tracker Vulnerabilities https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf