ISC StormCast for Tuesday, April 16th, 2024
Quick Palo Alto Networks Global Protect Vulnerablity Update CVE-2024-3400
https://isc.sans.edu/diary/30838
Delinea patches critical vulnerability in secret manager
https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3
Lancom Windows Setup Assistant May Reset Password
https://www.lancom-systems.com/service-support/general-security-information
PHP Patches
https://seclists.org/oss-sec/2024/q2/113
Duo SMS and VoiP Logs Leaked
https://app.securitymsp.cisco.com/e/es?e=2785&eid=opguvrs&elq=bd1c1886a59e40c09915b029a74be94e
Lastpass Stops Deepfake Attack
https://blog.lastpass.com/posts/2024/04/attempted-audio-deepfake-call-targets-lastpass-employee
When solution providers host industry conferences
How to choose which security conferences to attend, exhibit at, or present at depends on many different factors.
ISC StormCast for Friday, April 12th, 2024
BatBadBut: You can’t securely execute commands on Windows
https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
FortiClient Linux Remote Code Execution
https://www.fortiguard.com/psirt/FG-IR-23-087
Apple Threat Notifications and Protecting Against Mercenary Spyware
https://support.apple.com/en-us/102174
New Technique to Trick Developers Detected in an Open Source Supply Chain Attack
https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/
Real-time data and AI are the new weapons against climate disasters
As climate change intensifies extreme weather, the need for intelligent emergency systems becomes even more critical.
Be ready to quickly find a security job
Steps to help ensure a solid backup plan is in place for when security practitioners need to find a new security job quickly.
ISC StormCast for Thursday, April 11th, 2024
Rust Command API code execution vulnerability CVE-2024-24576
https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
Adobe Updates: Magento Adobe Commerce CVE-2024-20759 CVE-2024-20758
https://helpx.adobe.com/security/products/magento/apsb24-18.html
https://helpx.adobe.com/security.html
Fortinet FortiOS And FortiProxy Vulnerability CVE-2023-41677
https://www.fortiguard.com/psirt/FG-IR-23-493
Smoke and Screen Mirrors Signed Backdoor CVE-2024-26234
https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/
ISC StormCast for Wednesday, April 10th, 2024
Microsoft Patches
https://isc.sans.edu/forums/diary/April%202024%20Microsoft%20Patch%20Tuesday%20Summary/30822/
D-Link NAS Backdoor
https://github.com/netsecfish/dlink
LG SmartTV Vulnerabilities
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
ISC StormCast for Tuesday, April 9th, 2024
A Use Case for Adding Threat Hunting to Your Security Operations Team.
https://isc.sans.edu/diary/30816
Notepad++ Parasite Site
https://notepad-plus-plus.org/news/help-to-take-down-parasite-site/
Hugging Face Pickle File Vulnerablities
https://huggingface.co/blog/hugging-face-wiz-security-blog
Google Considers V8 Sandbox no longer experimental
https://v8.dev/blog/sandbox
