ISC StormCast for Friday, October 28th, 2022
Upcoming Critical OpenSSL Vulnerability: What will be Affected?
https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192
Apple Updates
https://support.apple.com/en-us/HT201222
Fodcha Botnet Reaches 1Tbps
https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/
https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/
ISC StormCast for Thursday, October 27th, 2022
Why is My Cat Using Baidu And Other IoT DNS Oddities
https://isc.sans.edu/forums/diary/Why+is+My+Cat+Using+Baidu+And+Other+IoT+DNS+Oddities/29188
OpenSSL Critical Flaw to Be Patched
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
MacOS Ventura Blocks Security Tools
https://www.wired.com/story/apple-macos-ventura-bug-security-tools/
Critical VMWare Security Tools
https://www.vmware.com/security/advisories/VMSA-2022-0027.html
ISC StormCast for Wednesday, October 26th, 2022
Massing Cryptomining Operation via Github Actions
https://sysdig.com/blog/massive-cryptomining-operation-github-actions/
Daixin Team Ransomware Targeting Healthcare Providers
https://www.ic3.gov/Media/News/2022/221021.pdf
Cisco Anyconnect Client Exploited in the Wild
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
SQLite Vulnerability Details
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
AliveCor KardiaMobile
Post Content
ISC StormCast for Tuesday, October 25th, 2022
C2 Communications Through Outlook.com
https://isc.sans.edu/forums/diary/C2+Communications+Through+outlookcom/29180
Apple Patches Everything October 2022 Edition
https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything%3A%20October%202022%20Edition/29182/
Cisco ISE Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM
Dormant Colors Live Campaign With Over 1m Data Stealing Extensions Installed
https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849
ISC StormCast for Monday, October 24th, 2022
Sczriptzzbn Inject Pushes Malware for NetSupport RAT
https://isc.sans.edu/forums/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170/
rtfdump find options
https://isc.sans.edu/forums/diary/rtfdumps+Find+Option/29174
Exploited Windows Zero Day Lets JavaScript Files Bypass Security Warnings
https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/
A study of malicious CVE proof of concept exploits in GitHub
https://arxiv.org/pdf/2210.08374.pdf
F5 Patches
https://support.f5.com/csp/article/K11830089
https://support.f5.com/csp/article/K30425568
Synology Updates
https://www.synology.com/en-global/security/advisory/Synology_SA_22_17
B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus (Update A)
This advisory contains mitigations for Cross-site Scripting, Open Redirect, XPath Injection, Session Fixation, Use of a One-way Hash without a Salt, Relative Path Traversal, Improper Verification of Cryptographic Signature, Improper Privilege Management, Use of Hard-coded Credentials, Active Debug Code, and Improper Access Control vulnerabilities in B. Braun’s SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus.
ISC StormCast for Friday, October 21st, 2022
Forensic Value of Prefetch
https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/
Microsoft TLS Fix
https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5
CISA Releases ScubaGear to Audit M365
https://github.com/cisagov/ScubaGear
HTTP/3 Connection Contamination
https://portswigger.net/research/http-3-connection-contamination
ISC StormCast for Thursday, October 20th, 2022
Are Internet Scanning Services Good or Bad for You?
https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164
FBI Warns of Student Loan Foregiveness Scams
https://www.ic3.gov/Media/Y2022/PSA221018
Fully Undetectable Powershell Backdoor
https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
