SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Emptying the Phishtank: Are WordPress Sites the Mosquitoes of the Internet https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/ Mailchimp Breach Used to Target Trezor Users https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/ Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning https://github.blog/2022-04-04-push-protection-github-advanced-security/ TruffleHog v3 https://trufflesecurity.com/blog/introducing-trufflehog-v3 Russian Certificates (chinese article) https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/

GitLab Critical Security Release https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ ViaSat KA-SAT Network Cyber Attack https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/ MacOS Bug Enables Phishing https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users PHP Supply Chain Attack on PEAR https://blog.sonarsource.com/php-supply-chain-attack-on-pear

Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/ Apple Patches 0 Day Vulnerability https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/ Wyze Cam Vulnerabilities https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf Zyxel Security Advisory https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml

Java Springtime Confusion: What Vulnerabilty are We Talking About https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/ Quickie: Parsing XLSB Documents https://isc.sans.edu/forums/diary/Quickie+Parsing+XLSB+Documents/28496/ Pwning 3CX Phone Management Backends from the Internet https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88

More Fake/Typosquatting Twitter Accounts Asking for Ukraine Cryptocurrency Donations https://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Donations/28492/ Mitigating Attacks Against Uninterruptible Power Supply Devices https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf MFA Bypass Attacks https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html Google Advertises Mars Stealer https://blog.morphisec.com/threat-research-mars-stealer Hackers Gaining Power of Subpoena Via Fake "Emergency Data Requests" https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/

BGP Hijacking of Twitter Prefix by RTComm.ru https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/ DDoS Against Sites in Ukraine https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/ Sophos Patches https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce Sonicwall Patches https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003 opnsense CARP protocol routing error https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7

XLSB Files Because Binary is Stealthier Than XML https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/ Dirty Pipe Container Escape PoC https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/ PHP filter_var Shenanigans https://pwning.systems/posts/php_filter_var_shenanigans/ OpenBSD slaacd vuln https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html Google Chrome Update https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html

Malware Delivered Through Free Sharing Tool https://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/ Western Digital PR4100 NAS Vulnerabilty https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/ Crypto malware in patched wallets targeting Android and iOS devices https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/ Lapsus$ Arrest https://www.bbc.com/news/technology-60864283 https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind?sref=ylv224K8 Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical

Mars Stealer https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/ Okta Update https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/ Microsoft Lapsus$ Update https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ npm Attack Targeting Azure Developers https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/

Statement by President Biden: What you need to do (or not do) https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/ ASUS Cyclops Blink Advisory https://www.asus.com/content/ASUS-Product-Security-Advisory/ HP Vulnerabilities https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780 Sophos UTM Updates https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710 MacOS GIMMICK Malware https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/ Octa Breached By Lapsus https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/ https://twitter.com/BillDemirkapi/status/1506107157124722690