SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html SynLapse Vulnerability https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Hertzbleed Attack https://www.hertzbleed.com

Translating Saitama's DNS Tunneling https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/ Travis CI Logs Expose Users to Cyber Attacks https://blog.aquasec.com/travis-ci-security Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/ Mitel Desk Phone Backdoor https://blog.syss.com/posts/rooting-mitel-desk-phones-through-the-backdoor/

EPSScall: An Exploit Prediction Scoring System App https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/ PACMan Attack https://pacmanattack.com https://twitter.com/wdormann/status/1535245913857351680 Carrier LenelS2 HID Mercury access panel vulnerability https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01 Malicious Python Modules https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/

TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/ Zyxel Security Advisory https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml Fujitsu Centricstor Vulnerability https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/ Meeting Owl Vulnerablities https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf

SANS RSA Panel (sorry, video no longer available) Atlassian Confluence Attacks https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/ Fake CClenaer Malvertisements https://blog.avast.com/fakecrack-campaign Weakness in Verbatim Keypad Secure USB Drive https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/

The Trouble With Microsoft's Troubleshooters https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd QBot Uses Follina https://twitter.com/threatinsight/status/1534227444915482625 Deadbolt Ransomware https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html Google Android Updates https://source.android.com/security/bulletin/2022-06-01?hl=en

MS-MSDT RTF Maldocs Analysis oledump Plugins https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/ Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/ Unpatched Horde Webmail Bug https://blog.sonarsource.com/horde-webmail-rce-via-email/ Clickstudio (Passwordstate) Code Signing Cert Used by Follina Malware https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/

Sandbox Evasion... With Just a Filename! https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/ Atlassian Exploit Released https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/ GitLab Critical Security Release https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ U-Boot Vulnerablities https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ Unisoc Baseband Chip Vulnerability https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/

Quick Answers in Incident Response RECmd.exe https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/ Zero-Day Exploitation of Atlassian Confluence https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/ https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html Korenix Technology JetPort Backdoor https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetport-series/ Elasticsearch Data Wiped https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note

HTML Phishing Attachments - Now With Anti-Analysis Features https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/ Unofficial Patch for CVE-2022-30190 (Follina) https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html Windows Search Vulnerability https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/ Call Forwarding Used to Compromise WhatsApp Accounts https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web Badkeys in Fuji Xerox and Canon Printers https://fermatattack.secvuln.info