SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Sending an Email to an IPv4 Address https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/ SMS Phone-Verified Account Services https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html Xenomorph Android Banking Trojan https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html Modified CryptBot Infostealer Going After Crypto Wallets https://asec.ahnlab.com/en/31802/ Clarification for Adobe Magento Vulnerabilties https://helpx.adobe.com/security/products/magento/apsb22-12.html

Remcos RAT Delivered Through Doube Compressed Archive https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/ Cassandra User-Defined Functions Remote Code Execution https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/ Apple T2 Weakness https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/ snap priviledge escalation https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt

Hackers Attach Malicious .exe Files to Teams Conversations https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations Thunderbird Patches https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/ Cisco Secure Email Gateway Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/ Exploit for Magento Vulnerability (CVE-2022-24086) Available https://twitter.com/ptswarm/status/1494240197915123713 More Packet Fu With Zeek https://isc.sans.edu/forums/diary/More+packet+fu+with+zeek/28350/

Astaroth (Guildma) Infection https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/ Atlassian Jira Updates https://jira.atlassian.com/browse/CONFSERVER-66550 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0004.html FBI Warns of BEC Using Virtual Meeting Platforms https://www.ic3.gov/Media/Y2022/PSA220216

Who Are Those Bots? https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/ SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/ Details About Western Digital MyCloud Flaw https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/ Nooie Baby Monitor Vulnerabilities https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-nooie-baby-monitor/

Reminder: Decoding TLS Client Hello to Non TLS Servers https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/ Magento 2 Critical Vulnerability https://sansec.io/research/magento-2-cve-2022-24086 BigSur/Catalina Mystery Update https://support.apple.com/en-us/HT201222 MacOS Monterey Patch and Microsoft Defender https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793 Google Chrome 0-Day Fixed https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html Moxa MXview Vulnerabilities and Patch https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/

CinaRAT Delivered Through HTML ID Attributes https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/ Windows Defender ASR Blocks LSASS Credential Stealing https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem Brave Blocking Credential Leaking Extension https://www.theregister.com/2022/02/12/facebook_god_mode/ Project Zero Summary of Zero Day Bugs https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html

iOS/iPadOS/macOS/Safari 0-Day Vulnerability in WebKit https://support.apple.com/en-us/HT213091 Zyxel Network Storage Devics Hunted By Mirai Variant https://isc.sans.edu/forums/diary/Zyxel+Network+Storage+Devices+Hunted+By+Mirai+Variant/28324/ WMIC Removal https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-deprecated-features Zoom Uses Microphone after Meeting is Over https://community.zoom.com/t5/Meetings/Why-is-the-Zoom-app-listening-on-my-microphone-when-not-in-a/td-p/29019 Evidence Planted to Implicate Innocent Activists https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/

Example of Cobalt Strike form Emotet Infection https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Intel Updates https://www.intel.com/content/www/us/en/security-center/default.html NaturalFreshMall: A Mass Store Attack https://sansec.io/research/naturalfreshmall-mass-hack

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2022+Patch+Tuesday/28316/ Google Cloud Virtual Machine Threat Detection https://cloud.google.com/security-command-center/docs/concepts-vm-threat-detection-overview Android Patches https://source.android.com/security/bulletin/2022-02-01 SAP Patches https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022 Podcast 13 Year Anniversary https://isc.sans.edu/podcastdetail.html?id=25