SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Attack Surface Detection https://isc.sans.edu/forums/diary/Keeping+Track+of+Your+Attack+Surface+for+Cheap/28304/ MFA News https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1.pdf Zimbra Webmail 0-Day Exploited https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/ Cisco RV Series Routers Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Finding elFinder: Who is looking for your files? https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/ IBM Spectrum Protect Plus Container Backup Vulnerabilities https://www.ibm.com/support/pages/node/6540860 https://www.ibm.com/support/pages/node/6552188 Microsoft Update Connectivity https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356 UEFI Bios Vulnerabilities https://www.insyde.com/security-pledge

Windows Privilege Escalation Exploit CVE-2022-21882 https://github.com/KaLendsi/CVE-2022-21882 Fingerprinting Devices Via GPU https://arxiv.org/pdf/2201.09956.pdf SolarMarker Campaign used novel registry changes to establish persistence https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/ Fake Job Ads https://www.ic3.gov/Media/Y2022/PSA220201 Automation is Nice But Don't Replace Your Knowledge https://isc.sans.edu/forums/diary/Automation+is+Nice+But+Dont+Replace+Your+Knowledge/28296/

Be Careful with RPMSG Files https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/ QNAP Auto Update Clarification https://www.qnap.com/en/security-news/2022/descriptions-and-explanations-of-the-qts-quts-hero-recommended-version-feature Samba Vulnerability https://kb.cert.org/vuls/id/119678 Exposed Datacenter Management https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/ Expat Vulnerability https://github.com/libexpat/libexpat/blob/master/expat/Changes

Malicious ISO Embedded in an HTML Page https://isc.sans.edu/forums/diary/Malicious+ISO+Embedded+in+an+HTML+Page/28282/ YARA Console Module https://isc.sans.edu/forums/diary/YARAs+Console+Module/28288/ Attackers Attaching Devices to Azure AD https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/ QNAP Forced Updates https://www.reddit.com/r/qnap/comments/sdsf02/i_just_suffered_what_i_believe_to_be_a_forced/huhfmjc/

Technical Analysis of CVE-2022-22583 https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/ https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28280/ Little Snitch Firewall Bypass https://rhinosecuritylabs.com/network-security/bypassing-little-snitch-firewall/ DazzleSpy Malware https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/ Geoffrey Parker: Building an Intelligent, Automated Tiered Phishing System https://www.sans.edu/cyber-research/building-an-intelligent-automated-tiered-phishing-system-matching-the-message-level-to-user-ability/

Over 20 Thousand Servers Have Their iLO Interfaces exposed to the Internet https://isc.sans.edu/forums/diary/Over+20+thousand+servers+have+their+iLO+interfaces+exposed+to+the+internet+many+with+outdated+and+vulnerable+versions+of+FW/28276/ Apple Patches and Exploits https://support.apple.com/en-us/HT201222 https://www.ryanpickren.com/safari-uxss Let's Encrypt Fixes Problems and Revoces Certificates https://community.letsencrypt.org/t/changes-to-tls-alpn-01-challenge-validation/170427

Local Privilege Escalation Vulnerablity in Polkit's pkexec (CVE-2021-4034) https://isc.sans.edu/forums/diary/Local+privilege+escalation+vulnerability+in+polkits+pkexec+CVE20214034/28272/ Emotet Stops Using 0.0.0.0 in Spambot Traffic https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/ VMWare Warns of Log4j Exploitation https://www.vmware.com/security/advisories/VMSA-2021-0028.html https://www.cynet.com/attack-techniques-hands-on/threats-looming-over-the-horizon/

Moonbound UEFI Malware https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/ Exploit of Sonicwall CVE-2021-20038 https://twitter.com/buffaloverflow/status/1485671824725786633 Dell EMC AppSync Vulnerability https://www.dell.com/support/kbdoc/de-de/000195377/dsa-2022-003-dell-emc-appsync-security-update-for-multiple-vulnerabilities Twitter API Keys Leaked in GitHub https://incognitatech.medium.com/using-twitter-to-notify-careless-developers-the-unorthodox-way-d71478ad367a

Obscure Wininet.dll Feature https://isc.sans.edu/forums/diary/Obscure+Wininetdll+Feature/28262/ Mixed VBA and Excel 4 Macro in Targeted Excel Sheet https://isc.sans.edu/forums/diary/Mixed+VBA+Excel4+Macro+In+a+Targeted+Excel+Sheet/28264/ https://techcommunity.microsoft.com/t5/excel-blog/excel-4-0-xlm-macros-now-restricted-by-default-for-customer/ba-p/3057905 F5 January 2022 Patches https://support.f5.com/csp/article/K40084114 McAfee Privilege Escalation https://kc.mcafee.com/corporate/index?page=content&id=SB10378