ISC StormCast for Tuesday, October 11th, 2022
Wireshark Display Filter Update
https://isc.sans.edu/forums/diary/Wireshark+Specifying+a+Protocol+Stack+Layer+in+Display+Filters/29130
Fortinet Vulnerablity Update
https://twitter.com/Horizon3Attack/status/1579285863108087810
BazarCall Social Engineering Tactics
https://www.trellix.com/en-us/about/newsroom/stories/research/evolution-of-bazarcall-social-engineering-tactics.html
RPKI Rate Limiting
https://www.usenix.org/system/files/sec22-hlavacek.pdf
ISC StormCast for Monday, October 10th, 2022
Fortinet Update
https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models
Zimbra Vulnerability
https://twitter.com/iagox86/status/1578084484720734209
https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed
Microsoft Exchange Workaround Improved Again
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Ikea Smart Bulb Exploit
https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/
5 ways AI & access control data can enhance security operations
Here are five ways your security operations center (SOC) can transform access control data into actionable insights.
ISC StormCast for Friday, October 7th, 2022
Infosec Calendar
https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118
OnionPoison: infected Tor Browser installer distributed through popular YouTube channel
https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/
MacOS Architve Utility Vulnerability Details
https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
ISC StormCast for Wednesday, October 5th, 2022
Credential Harvesting with Telegram
https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/
Updated Microsoft Exchange Fix
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
https://www.cisa.gov/uscert/ncas/alerts/aa22-277a
A New Supply Chain Attack on PHP
https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/
BD Totalys MultiProcessor
Post Content
ISC StormCast for Tuesday, October 4th, 2022
Microsoft Exchange Vulnerability Fix Bypassed
https://twitter.com/testanull/status/1576774007826718720
Schneider Electric UMAS Patch Bypass
https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/
Supply Chain Attack via Trojanized Comm100 Chat Installer
https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
Mayo Clinic’s Global Security Team Works Together to Mitigate Risk
Take a look at four women security leaders within Mayo Clinic’s Global Security team and how they propel the healthcare organization forward.
ISC StormCast for Monday, October 3rd, 2022
Microsoft Exchange 0-Day Update
https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106
https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/
CISA Adds Atlasian Bitbucket Vulnerability to Exploited List
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog
Every unsandboxed app has Full Disk Access if Terminal Does
https://lapcatsoftware.com/articles/FullDiskAccess.html
