Scans for Apache OfBiz
https://isc.sans.edu/diary/Scans%20for%20Apache%20OfBiz/30784
Wall-Escape (CVE-2024-28085)
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
Recent “MFA Bombing” Attacks Targeting Apple Users
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/

Read More

New tool: linux-pkgs.sh
https://isc.sans.edu/forums/diary/New%20tool%3A%20linux-pkgs.sh/30774/
Suspicious NuGet package grabs data from industrial systems
https://www.reversinglabs.com/blog/suspicious-nuget-package-grabs-data-from-industrial-systems
Preventing Cross Service UDP Loops in QUIC
https://bughunters.google.com/blog/5960150648750080/preventing-cross-service-udp-loops-in-quic
ShadowRay Attacks AI Workloads Actively Exploited in the Wild
https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
TheMoon Malware Infects 6,000 ASUS Routers in 72 Hours for Proxy Service
https://www.bleepingcomputer.com/news/security/themoon-malware-infects-6-000-asus-routers-in-72-hours-for-proxy-service/

Read More

Tool updates: le-hex-to-ip.py and sigs.py
https://isc.sans.edu/diary/Tool%20updates%3A%20le-hex-to-ip.py%20and%20sigs.py/30772
Apple Updates for MacOS, iOS/iPadOS, visionOS;
https://isc.sans.edu/diary/Apple%20Updates%20for%20MacOS%2C%20iOS%20iPadOS%20and%20visionOS/30778
Fake Python Infrastructure
https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
OpenVPN Update
https://openvpn.net/community-downloads/

Read More

1768.py’s Experimental Mode
https://isc.sans.edu/diary/1768.py%27s%20Experimental%20Mode/30770
CISCP Advisory on Application-Layer Loop DoS
https://docs.google.com/document/d/1KByZzrdwQhrXGPPCf9tUzERZyRzg0xOpGbWoDURZxTI/edit
Fixes for Windows Server LSASS Memory Leak
https://www.catalog.update.microsoft.com/Search.aspx?q=2024-03%20Cumulative%20Update

Read More

Geofeed
https://isc.sans.edu/forums/diary/Whois%20%22geofeed%22%20Data/30766/
Apple Updates
https://support.apple.com/en-us/HT201222
Apple Bug
https://gofetch.fail/
GitHub Copilot AutoFix
https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/
Fortinet PoC
https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/
Ivanti Standalone Sentry
https://forums.ivanti.com/s/article/KB-CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US

Read More

Scans for the Fortinet FortiOS CVE-2024-21762 Vulnerability
https://isc.sans.edu/diary/Scans%20for%20Fortinet%20FortiOS%20and%20the%20CVE-2024-21762%20vulnerability/30762
Microsoft Reminder: It is Tax Season (at least in the US)
https://www.theregister.com/2024/03/20/its_tax_season_and_scammers/
Abusing DHCP Administrators Group for Privilege Escalation in Windows Domains;
https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains

Read More

Attacker Hunting Firewalls
https://isc.sans.edu/diary/Attacker%20Hunting%20Firewalls/30758
Fortigate Vulnerability Exploit Available
https://github.com/h4x0r-dz/CVE-2024-21762
IC3 Annual Report 2023
https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
Issues with macOS 14.4 Update
https://www.macrumors.com/2024/03/18/do-not-update-macos-sonoma-14-4/

Read More

Microsoft announced deprecation of 1024 bit RSA Keys
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#deprecated-features
Chrome Real-Time Safe Browsing Protection
https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
Fortra FileCatalyst Vulnerability CVE-2024-25153
https://www.fortra.com/security/advisory/fi-2024-002
Spring Security CVE-2024-22257
https://spring.io/security/cve-2024-22257/
TrendNet TWEW-827DRU Router Vulnerability CVE-2024-28353 CVE-2024-28354
https://warp-desk-89d.notion.site/TEW-827DRU-5c40fb20572148f0b00f329d69273791

Read More