show episodes
 
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
 
Loading …
show series
 
Python Abusing the Windows GUI https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/ Malicious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/ Attacking With WebView2 Applications https://mrd0x.com/attacking-with-webview2-applications/ Bronz…
 
Python GUI Malware; Pasting Malcode; WebView2 Risks; Pretend Ransomware Python Abusing the Windows GUI https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/ Malicious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/ Attacking With WebView2 Ap…
 
Malicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/ Keeping PowerShell: Security Measures to Use and Embrace https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220…
 
Coin Stealing Powershell; NSA PS Guidance; MageCart Update; Script Kiddies Hacked; Israeli Air Raid Sirens Hacked; Malicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/ Keeping PowerShell: Security Measures to Use and Embrace https:/…
 
Experimental New Domain / Domain Age API https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.forescout.com/resources/ot-icefall-report/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/ Does Acrobat Reader Unload Injection of…
 
Domain Age API; OT Vulnerablities; Cloudflare Outage; Acrobat Blocks AV; 7zip MOTW; Experimental New Domain / Domain Age API https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.forescout.com/resources/ot-icefall-report/ Cloudflare Outage https://blog.cloud…
 
Odd TCP Fast Open Packets https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1001/DFSCoerce https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429 …
 
TCP Fast Open Oddities; DFSCoerce NTLM Relay; Windows ARM Update; Safari Exploit; MSIE Remnants; Odd TCP Fast Open Packets https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1001/DFSCoerce https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-r…
 
Critical Vulnerability in Splunk Enterprise Deployment Server Functionality https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/ Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/…
 
Splunk Vulnerability; Matanbuchus Malware; Office 365 Ransomware Critical Vulnerability in Splunk Enterprise Deployment Server Functionality https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/ Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike https://isc.sans.edu/forums/diary…
 
Houdini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/ Drifting Cloud: Zero-Day Sophos Firewall Exploitation https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/ Exploiting a Heap Overflow …
 
Houdini is Back; Drifting Cloud; FreeBSD Wifi Xploit; Csico Email Insecurity; Fastjson RCE Houdini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/ Drifting Cloud: Zero-Day Sophos Firewall Exploitation https://www.volexity.com/blog/2022/06/15/driftingcloud…
 
Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/ Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/ Cloud Middleware …
 
Terraforming Honeypots; Zimbra Vulnerability; Cloud Middleware; Windows NFS Details; Citrix ADC; Nexans Switches Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/ Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection h…
 
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html SynLapse Vulnerability https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Hertzbleed Attack https://www.hertzbleed.com…
 
Microsoft Patch Tuesday; Adobe Patches; Synlaps Azure Vuln; Hetzbleed Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html SynLapse Vulnerability https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-v…
 
Translating Saitama's DNS Tunneling https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/ Travis CI Logs Expose Users to Cyber Attacks https://blog.aquasec.com/travis-ci-security Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunt…
 
Decoding Saitama; Travis CI Leaks; Syslogk Rootkit; Mitel Backdoor Translating Saitama's DNS Tunneling https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/ Travis CI Logs Expose Users to Cyber Attacks https://blog.aquasec.com/travis-ci-security Linux Threat Hunting: "Syslogk" a kernel rootkit found under development …
 
EPSScall: An Exploit Prediction Scoring System App https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/ PACMan Attack https://pacmanattack.com https://twitter.com/wdormann/status/1535245913857351680 Carrier LenelS2 HID Mercury access panel vulnerability https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01 …
 
Exploit Prediction; PACMAN Attack; Carrier Access Panels; Malicious PyPi; EPSScall: An Exploit Prediction Scoring System App https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/ PACMan Attack https://pacmanattack.com https://twitter.com/wdormann/status/1535245913857351680 Carrier LenelS2 HID Mercury access pane…
 
TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/ Zyxel Security Advisory https://www.zyxel.com/s…
 
QBot/TA570 Follina Attempt; Facebook Phishing; Zyxel Adv; Fijuisu Centricstor Vuln; Meeting Owl Vuln TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/blog/blog/phishing-tactics…
 
SANS RSA Panel (sorry, video no longer available) Atlassian Confluence Attacks https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/ Fake CClenaer Malvertisements https://blog.avast.com/fakecrack-campaign Weakness in Verbatim Keypad Secure USB Drive https://blog.syss.com/posts/hacking-usb-flash-dr…
 
SANS RSA Panel; More Confluence; Fake CCleaner; Vebatim USB Drive Weakness SANS RSA Panel (sorry, video no longer available) Atlassian Confluence Attacks https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/ Fake CClenaer Malvertisements https://blog.avast.com/fakecrack-campaign Weakness in Verbat…
 
The Trouble With Microsoft's Troubleshooters https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd QBot Uses Follina https://twitter.com/threatinsight/status/1534227444915482625 Deadbolt Ransomware https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html Google A…
 
DogWalk Windows 0-Day; QBot uses Follina; Deadbolt Update; Android Patches The Trouble With Microsoft's Troubleshooters https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd QBot Uses Follina https://twitter.com/threatinsight/status/1534227444915482625 Deadbolt Ransomware https://www.trendmicro.com/en_us/research/22/f/clo…
 
MS-MSDT RTF Maldocs Analysis oledump Plugins https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/ Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/ Unpatc…
 
Follina Analysis Helper; Obscured Phishing; Unpatched Horde RCE; Passwordstate Looses Priv. Key MS-MSDT RTF Maldocs Analysis oledump Plugins https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/ Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners https://cloudsek.com/whitepapers_reports/cybercriminals-exp…
 
Sandbox Evasion... With Just a Filename! https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/ Atlassian Exploit Released https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/ GitLab Critical Security Release https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab…
 
Simple Analysis Evasion; Confluence Exploit; Gitlab Patch; u-boot Vuln; Unisoc Vuln Sandbox Evasion... With Just a Filename! https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/ Atlassian Exploit Released https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/ GitLab Critical Security R…
 
Quick Answers in Incident Response RECmd.exe https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/ Zero-Day Exploitation of Atlassian Confluence https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/ https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-113037714…
 
Intro to RECmd.exe; Confluence 0-Day; JetPort Backdoor; Elasticsearch Wiper; Quick Answers in Incident Response RECmd.exe https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/ Zero-Day Exploitation of Atlassian Confluence https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/ https://c…
 
HTML Phishing Attachments - Now With Anti-Analysis Features https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/ Unofficial Patch for CVE-2022-30190 (Follina) https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html Windows Search Vulnerability https://www.bleepingcomputer.com/news/se…
 
Loading …

Quick Reference Guide

Copyright 2022 | Sitemap | Privacy Policy | Terms of Service
Google login Twitter login Classic login