SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Follina Update https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/ https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694/ Open Automation Software Platform Vulnerability https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html Over 3.6 million MySQL servers found exposed on the Internet https://www.bleepingcomputer.com/news/security/over-36-million-mysql-servers-found-exposed-on-the-internet/

New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/

Huge Signed PE Files https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/ VMWare Authentication Bypass PoC https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/ Quanta Server BMC Vulnerability https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/ Windows 11 and Server 2022 Update Prevent Trend Micro Ransomware Protection https://success.trendmicro.com/dcx/s/solution/000291066?language=en_US Nate Street: Advancing SIEM Log Management Strategies through Vendor-Agnostic Measurement https://www.sans.edu/cyber-research/38685/

Using NMAP to Assess Hosts in Load Balanced Clusters https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/ Attacker Modifying Libraries Claims "Research" https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/ Heroku GitHub Integration Re-Enabled Again https://blog.heroku.com/github-integration-update Serious security vulnerablity in Tails 5.0 https://tails.boum.org/security/prototype_pollution/index.en.html Google Chrome Update https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html

ctx Python Library Updated with "Extra" Features https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/ Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ VMWare Exploit About to Be Released https://twitter.com/Horizon3Attack/status/1528935531333177344 Zyxel Firewalls, AP Controllers, APs Patch https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml

Attacker Scanning for jQuery-File-Upload https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/ Oracle Security Alert Advisory - CVE-2022-21500 https://www.oracle.com/security-alerts/alert-cve-2022-21500.html How to find NPM dependencies vulnerable to account hijacking https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/ Pre-hijacked accounts https://arxiv.org/pdf/2205.10174.pdf

A "Zip Bomb" to Bypass Security Controls & Sandboxes https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/ Cisco IOS XR Software Health Check Open Port Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK pwn2own Vancouver 2022 Results https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#three Malicious PyPi Packages Drop Cobalt Strike https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux Security Advisory for BR200, BR500 and PSV-2021-0286 https://kb.netgear.com/000064712/Security-Advisory-for-Multiple-Security-Vulnerabilities-on-BR200-and-BR500-PSV-2021-0286

Bumblebee Malware from TransferXL URLs https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/ Microsoft Out-of-Band Update fixes Authentication Issues https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services Sonicwall Patch for SMA 1000 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010 QNAP NAS Deadbolt Ransomware https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas-and-update-qts-to-the-latest-available-version 380,000 open Kubernetes API Servers https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/ Doj Annnounces New Polciy for Charging Cases under the Computer Fraud and Abuse Act https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act

VMWare Flaws https://core.vmware.com/vmsa-2022-0014-questions-answers-faq https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/ Tesla BLE Proximity Authentication Vulnerable to Relay Attacks https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/ Credit Card Scraping via Malicious PHP Code https://www.ic3.gov/Media/News/2022/220516.pdf Microsoft updating Delegated Admin Privileges https://docs.microsoft.com/en-gb/partner-center/announcements/2022-may#13

Use Your Browser Internal Password Vault... or Not? https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/ SQL Server Brute Forcing https://twitter.com/MsftSecIntel/status/1526680337216114693 UpdateAgent Adapts Again https://www.jamf.com/blog/updateagent-adapts-again/ Updated Exploited Vulnerabilities https://www.cisa.gov/uscert/ncas/current-activity/2022/05/10/cisa-adds-one-known-exploited-vulnerability-catalog