ISC StormCast for Wednesday, May 4th, 2022
Some Honeypot Updates
https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/
TLStorm 2 – NanoSSL TLS Library Misuse
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/
Unpatched DNS Bug in uClibc and uClibc-ng Library
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-DNS-bug-in-popular-c-standard-library-putting-iot-at-risk/
Abusing Security Software to Sideload PlugX and ShadowPad
https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/
Microsoft Edge Update Triggers Trend Micro AV
https://success.trendmicro.com/forum/s/question/0D54T00001QDqzgSAD/we-are-getting-this-message-from-every-client-since-several-minutesis-it-a-false-positiv-error-or-do-we-have-a-real-trojaner-problem-
FEMA conducts earthquake preparedness tabletop exercise
The Federal Emergency Management Agency (FEMA) is conducting a tabletop exercise on the risks posed by and response to a potential Cascadia Subduction Zone (CSZ) earthquake-tsunami event.
A 3-step approach to cyber defense: Before, during and after a ransomware attack
Formulating a before, during and after approach is key to organizational sanity and survival in a world increasingly dominated by ransomware attacks.
Jason Fickett to lead national cyber strategy at Booz Allen
Jason Fickett is now a leader of Booz Allen’s national cyber strategy, where he will focus on protecting U.S. critical infrastructure federal assets from cyber threats.
ISC StormCast for Tuesday, May 3rd, 2022
Detecting VSTO Office Files with ExifTool
https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/
The Gmail SMTP Relay Service Exploit
https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit
OpenSSF Package Analysis
https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/
M1 Prefetcher Data Leak
https://www.prefetchers.info
Virginia launches crisis management project for school safety
The Virginia Department of Criminal Justice Services (DCJS), the Department of Education and Virginia State Police will collaborate to develop a crisis management program focusing on school safety.
Strategies for supporting security teams
Security leaders are carefully building a culture of support, focused on prioritizing mental health, work-life balance and empathy.
ISC StormCast for Monday, May 2nd, 2022
Using Passive DNS Sources for Reconnaissance and Enumeration
https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/
Microsoft Edge Secure Network
https://support.microsoft.com/en-gb/topic/use-the-microsoft-edge-secure-network-to-protect-your-browsing-885472e2-7847-4d89-befb-c80d3dda6318
Sina Weibo Making Users IPs and Location Public
https://www.theregister.com/2022/04/29/weibo_location_services_default/
https://weibo.com/u/1934183965?layerid=4763194269108760
SonicWall Global VPN Client DLL Search Order Hijacking
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036
Zoom Updated
https://explore.zoom.us/en/trust/security/security-bulletin/
Federal plan outlines US counter-drone measures
The U.S. federal government has released a list of recommendations for counter-drone security measures and legislation at the national level.
