ISC StormCast for Friday, November 17th, 2023
Beyond -n: Optimizign tcpdump performance
https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/
Zimbra 0-day used to target international government organizations
https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
FortiSIEM OS command injection in Report Server
https://www.fortiguard.com/psirt/FG-IR-23-135
AI Exploit Collection
https://github.com/protectai/ai-exploits
CrushFTP Remote Code Execution
https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/
Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More
https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/
ISC StormCast for Thursday, November 16th, 2023
Redline Dropped Through MSIX Package
https://isc.sans.edu/diary/Redline%20Dropped%20Through%20MSIX%20Package/30404
ChatGPT Code Interpreter Security Hole
https://www.tomshardware.com/news/chatgpt-code-interpreter-security-hole
Directory Traversal in Reactor Netty CVE-2023-34062
https://spring.io/security/cve-2023-34062
Aruba Networking Product Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt
HARArmor
https://harmor.dev/
ISC StormCast for Wednesday, November 15th, 2023
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20November%202023/30400
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
Intel CPU Glitch State Patch
https://lock.cmpxchg8b.com/reptar.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
ISC StormCast for Tuesday, November 14th, 2023
Noticing command control channels by reviewing DNS protocols
https://isc.sans.edu/diary/Noticing%20command%20and%20control%20channels%20by%20reviewing%20DNS%20protocols/30396
Passive SSH Key Compromise via Lattices
https://eprint.iacr.org/2023/1711.pdf
Juniper Vulnerabilities Exploited
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
Tips for safeguarding student data
As is the case with any industry, more technology means more sensitive data stored in online environments, making safeguarding sensitive data, and maintaining privacy more of a priority than ever. As students and teachers increasingly rely on education-specific devices and applications, those users and organizations become more of a target for hackers.
ISC StormCast for Monday, November 13th, 2023
Routers Targeted for Gafgyt Botnet
https://isc.sans.edu/forums/diary/Routers%20Targeted%20for%20Gafgyt%20Botnet%20%5BGuest%20Diary%5D/30390/
ScreenConnect used to Attack Healthcare
https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack
Fake Skills Assessment Portals Associated with Sapphire Sleet
https://twitter.com/MsftSecIntel/status/1722316019920728437
OpenVPN Access Server Vulnerabilities
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
Thou shalt question accepted wisdom
The Ten Commandments of Leadership all contain wisdom and truth, but security leaders should examine them closely rather than adopt them as articles of faith.
ISC StormCast for Friday, November 10th, 2023
Visual Examples of Code Injection
https://isc.sans.edu/diary/Visual%20Examples%20of%20Code%20Injection/30388
SysAid Exploited by Cl0p Ransomware (CVE-2023-47246)
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
WS_FTP Server Update CVE-2023-42659
https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023
Malvertiser copies PC news site to delivery infostealer
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
pyArrow/Apache Arrow Vulnerability
https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
Key elements of a comprehensive K-12 security plan
A look at the key elements of a comprehensive K-12 security plan to mitigate risks, prevent threats, respond to emergencies, and help keep people safe.
