ISC StormCast for Tuesday, May 23rd, 2023
Probes for recent ABUS Security Camera Vulnerability
https://isc.sans.edu/diary/Probes%20for%20recent%20ABUS%20Security%20Camera%20Vulnerability%3A%20Attackers%20keep%20an%20eye%20on%20everything./29870
.ZIP Domains Confuse Virustotal
https://twitter.com/imohanasundaram/status/1660678184977805316
Synology DSM 6.2 Patch
https://www.synology.com/en-global/security/advisory/Synology_SA_22_25
Jenkins Fixes Multiple Plugin Vulnerabilities
https://www.jenkins.io/security/advisory/2023-05-16/
PyPi Suspension Lifted
https://status.python.org/incidents/qy2t9mjjcc7g
Nissan Sylphy Classic Key Vulnerability
https://vulmon.com/vulnerabilitydetails?qid=CVE-2023-33281
ISC StormCast for Monday, May 22nd, 2023
Another Malicious HTA File Analysis – Part 3
https://isc.sans.edu/forums/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%203/29678/
When the Phisher Messes Up With Encoding
https://isc.sans.edu/diary/When%20the%20Phisher%20Messes%20Up%20With%20Encoding/29864
PyPi Suspends New Users and Projects
https://status.python.org/incidents/qy2t9mjjcc7g
PGP Signatures on PyPi: Worse than useless
https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless
RATs found hiding in the npm attic
https://www.reversinglabs.com/blog/rats-found-hiding-in-the-npm-attic
ISC StormCast for Friday, May 19th, 2023
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Updates%20Everything/29860
A Quick Survey of .zip Domains
https://isc.sans.edu/diary/A%20Quick%20Survey%20of%20.zip%20Domains%3A%20Your%20highest%20risk%20is%20running%20into%20Rick%20Astley./29858
Dell NetWorker Security Update
https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability?lwp=rt
KeePass 2.X Master Password Dumper
https://github.com/vdohney/keepass-password-dumper
ISC StormCast for Thursday, May 18th, 2023
Increase in Malicious RAR SFX Files
https://isc.sans.edu/forums/diary/Increase%20in%20Malicious%20RAR%20SFX%20files/29852/
FriendlyName Buffer Overflow in Wemo Smartplug
https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/
Wago License Page Exploit
https://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution/
Routers Turned Into Proxies
https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
ISC StormCast for Wednesday, May 17th, 2023
Signals Defense With Faraday Bags
https://isc.sans.edu/forums/diary/Signals%20Defense%20With%20Faraday%20Bags%20%26%20Flipper%20Zero/29840/
Microsoft Sharepoint Scans Password Protected Files
https://infosec.exchange/@threatresearch/110373860063222707#
Critical Sandbox Escape Vulnerability in VM2
https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5
Geacon Brings Cobalt Strike Capabilities to MacOS Threat Actors
https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/
ISC StormCast for Tuesday, May 16th, 2023
Ongoing Facebook Phishing campaign Without a Sender and (almost) without Links
https://isc.sans.edu/diary/Ongoing%20Facebook%20phishing%20campaign%20without%20a%20sender%20and%20%28almost%29%20without%20links/29848
Intel Microcode Updates Do Not Patch Vulnerability
https://www.theregister.com/2023/05/15/intel_mystery_microcode/
Fake Trezor Hardware Crypto Wallet
https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/
TP-Link Archer AX-21 Command Injection CVE-2023-1389 Exploited
https://www.fortiguard.com/threat-signal-report/5157/tp-link-archer-ax-21-command-injection-vulnerability-cve-2023-1389-exploited-in-the-wild
Intelligence and business risk integration in corporate security
Intelligence-related activities found within today’s global security programs aids in the protection of people, physical assets, finances and intellectual property.
ISC StormCast for Monday, May 15th, 2023
The .zip gTLD: Risks and Opportunities
https://isc.sans.edu/forums/diary/The+zip+gTLD+Risks+and+Opportunities/29838/
Brave Forgetful Browsing
https://brave.com/privacy-updates/25-forgetful-browsing/
Intel Mystery Microcode Patch
https://www.phoronix.com/news/Intel-12-May-2023-Microcode
Netgear Updates
https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348
Synology Updates
https://www.synology.com/en-global/security/advisory/Synology_SA_23_04
https://claroty.com/team82/research/chaining-five-vulnerabilities-to-exploit-netgear-nighthawk-rax30-routers-at-pwn2own-toronto-2022
ISC StormCast for Friday, May 12th, 2023
Geolocating IPs is Harder Than You Think
https://isc.sans.edu/diary/Geolocating%20IPs%20is%20harder%20than%20you%20think/29834
Pre-Infected Mobile Phones
https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/
Dragos Breach
https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/
AndoryuBot Targets Ruckus Admin RCE Vulnerability
https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
