SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

web3 phishing via self-customizign landing pages https://isc.sans.edu/forums/diary/web3+phishing+via+selfcustomizing+landing+pages/28312/ MSFT Blocking Office VBA Malcros https://www.theverge.com/2022/2/7/22922032/microsoft-block-office-vba-macros-default-change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Acronis True Image Update https://security-advisory.acronis.com/updates/UPD-2201-f76f-838c Lockbit 2 IoCs https://www.ic3.gov/Media/News/2022/220204.pdf

Intuit warns of new phishing scams https://security.intuit.com/security-notices IRS working with ID.me https://www.irs.gov/newsroom/new-identity-verification-process-to-access-certain-irs-online-tools-and-services Argo CD Vulnerability https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7 Thermal Imaging of PoE Devices https://isc.sans.edu/forums/diary/Power+over+Ethernet+and+Thermal+Imaging/28308/

Attack Surface Detection https://isc.sans.edu/forums/diary/Keeping+Track+of+Your+Attack+Surface+for+Cheap/28304/ MFA News https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1.pdf Zimbra Webmail 0-Day Exploited https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/ Cisco RV Series Routers Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Finding elFinder: Who is looking for your files? https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/ IBM Spectrum Protect Plus Container Backup Vulnerabilities https://www.ibm.com/support/pages/node/6540860 https://www.ibm.com/support/pages/node/6552188 Microsoft Update Connectivity https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356 UEFI Bios Vulnerabilities https://www.insyde.com/security-pledge

Windows Privilege Escalation Exploit CVE-2022-21882 https://github.com/KaLendsi/CVE-2022-21882 Fingerprinting Devices Via GPU https://arxiv.org/pdf/2201.09956.pdf SolarMarker Campaign used novel registry changes to establish persistence https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/ Fake Job Ads https://www.ic3.gov/Media/Y2022/PSA220201 Automation is Nice But Don't Replace Your Knowledge https://isc.sans.edu/forums/diary/Automation+is+Nice+But+Dont+Replace+Your+Knowledge/28296/

Be Careful with RPMSG Files https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/ QNAP Auto Update Clarification https://www.qnap.com/en/security-news/2022/descriptions-and-explanations-of-the-qts-quts-hero-recommended-version-feature Samba Vulnerability https://kb.cert.org/vuls/id/119678 Exposed Datacenter Management https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/ Expat Vulnerability https://github.com/libexpat/libexpat/blob/master/expat/Changes

Malicious ISO Embedded in an HTML Page https://isc.sans.edu/forums/diary/Malicious+ISO+Embedded+in+an+HTML+Page/28282/ YARA Console Module https://isc.sans.edu/forums/diary/YARAs+Console+Module/28288/ Attackers Attaching Devices to Azure AD https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/ QNAP Forced Updates https://www.reddit.com/r/qnap/comments/sdsf02/i_just_suffered_what_i_believe_to_be_a_forced/huhfmjc/

Technical Analysis of CVE-2022-22583 https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/ https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28280/ Little Snitch Firewall Bypass https://rhinosecuritylabs.com/network-security/bypassing-little-snitch-firewall/ DazzleSpy Malware https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/ Geoffrey Parker: Building an Intelligent, Automated Tiered Phishing System https://www.sans.edu/cyber-research/building-an-intelligent-automated-tiered-phishing-system-matching-the-message-level-to-user-ability/

Over 20 Thousand Servers Have Their iLO Interfaces exposed to the Internet https://isc.sans.edu/forums/diary/Over+20+thousand+servers+have+their+iLO+interfaces+exposed+to+the+internet+many+with+outdated+and+vulnerable+versions+of+FW/28276/ Apple Patches and Exploits https://support.apple.com/en-us/HT201222 https://www.ryanpickren.com/safari-uxss Let's Encrypt Fixes Problems and Revoces Certificates https://community.letsencrypt.org/t/changes-to-tls-alpn-01-challenge-validation/170427

Local Privilege Escalation Vulnerablity in Polkit's pkexec (CVE-2021-4034) https://isc.sans.edu/forums/diary/Local+privilege+escalation+vulnerability+in+polkits+pkexec+CVE20214034/28272/ Emotet Stops Using 0.0.0.0 in Spambot Traffic https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/ VMWare Warns of Log4j Exploitation https://www.vmware.com/security/advisories/VMSA-2021-0028.html https://www.cynet.com/attack-techniques-hands-on/threats-looming-over-the-horizon/