SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

TA551 Shathak Continues Pushing BazarLoader Leading to Cobalt Strike https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/ New AdLoad Campaign Goes Undetected by XProtect https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/ Android FlyTrap Malware Hitting Facebook Users https://www.ehackingnews.com/2021/08/android-malware-flytrap-hacks-facebook.html 5G Shortcuts allow Evesdropping https://www.wired.com/story/5g-network-stingray-surveillance-non-standalone/ Cloud DNS Service Weeknesses https://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/ Adobe Patches https://helpx.adobe.com/security.html cPanel/WHM Vulnerabilities https://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-cpanel-whm/ Firefox Update Released https://www.mozilla.org/en-US/firefox/91.0/releasenotes/

Microsoft Exchange ProxyShell https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/ Synology Warns of Brute Force Attacks https://www.synology.com/en-global/company/news/article/BruteForce/Synology %20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet Router Auth Bypass https://threatpost.com/auth-bypass-bug-routers-exploited/168491/ Firefox Version 100 Experiment https://bugzilla.mozilla.org/show_bug.cgi?id=1719070 Interaction Less Vulnerabilities in Messaging Apps https://www.ehackingnews.com/2021/08/the-interaction-less-flaws-in-messaging.html HTTP2 Vulnerabilities https://portswigger.net/research/http2#conclusion

Malicious Microsoft Word Remains A Key Infection Vector https://isc.sans.edu/forums/diary/Malicious+Microsoft+Word+Remains+A+Key+Infection+Vector/27716/ Malware Bazaar Daily Download https://isc.sans.edu/forums/diary/MALWARE+Bazaar+Download+daily+malware+batches/27728/ Go/Rust IP Address Validation Vulnerability https://github.com/rust-lang/rust/pull/83652 Facial Recognition "Master Keys" https://arxiv.org/pdf/2108.01077.pdf Pulse Secure Patch Bypass https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858 Hadoop ResourceManager Vulnerability Exploited https://blog.netlab.360.com/wei-xie-kuai-xun-teamtntxin-huo-dong-tong-guo-gan-ran-wang-ye-wen-jian-ti-gao-chuan-bo-neng-li/

Cisco Patches Unauthencticated RCE in RV340/345 devices https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy Telegram Flawed Self Destruct in MacOS https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/telegram-self-destruct-not-always/ Significant Vulnerabilities in MacOS Privacy Protections https://www.darkreading.com/application-security/researchers-find-significant-vulnerabilities-in-mac-os-privacy-protections Windows Hello Bypass https://threatpost.com/microsofts-patch-windows-hello-faulty/168392/ STI Student: James Casteel; Content Security Policy Bypass: Exploiting Misconfigurations https://www.sans.org/white-papers/40380

Pivoting and Hunting for Shenanigans from a Reported Phishing Domain https://isc.sans.edu/forums/diary/Pivoting+and+Hunting+for+Shenanigans+from+a+Reported+Phishing+Domain/27710/ NichStack TCP/IP Vulnerabilities https://jfrog.com/blog/infrahalt-14-new-security-vulnerabilities-found-in-nichestack/ Securing the Cloud https://www.sans.org/newsletters/ouch/securely-using-the-cloud/ Lockbit Recruiting Insiders https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/ Sneaky Phishing Hittin Office 365 Users https://www.ehackingnews.com/2021/08/microsoft-warns-office-365-users-of.html

2FA Issues https://isc.sans.edu/forums/diary/Three+Problems+with+Two+Factor+Authentication/27704/ Crazy Smishing https://isc.sans.edu/forums/diary/Is+this+the+Weirdest+Phishing+SMishing+Attempt+Ever/27706/ Google Chrome Update https://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html https://www.bleepingcomputer.com/news/google/google-chrome-to-no-longer-show-secure-website-indicators/ Google Android Update https://source.android.com/security/bulletin/2021-08-01?hl=en DoD/NSA Publichses Kubernetes Hardening Guides https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF

Unsolicited DNS Queries https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/ Changing BAT Files on the Fly https://isc.sans.edu/forums/diary/Changing+BAT+Files+On+The+Fly/27700/ Empty NPM Package has Over 700,000 Downloads https://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/ Blocking PetitPotam with netsh RPC Filters https://twitter.com/gentilkiwi/status/1421949715986403329 Pneumatic Tube Vulnerabilities https://www.blackhat.com/us-21/briefings/schedule/index.html#a-hole-in-the-tube-uncovering-vulnerabilities-in-critical-infrastructure-of-healthcare-facilities-23546

Infected With a .reg File https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/ Excessive Exchange Permissions (Patched) https://bugs.chromium.org/p/project-zero/issues/detail?id=2186 Node.JS July 2021 Security Releases https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/ Malicious PyPi Packages https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/ REvil / Darkside May be Back as Blackmatter https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/

Malicious Content Delivered Trhough archive.org https://isc.sans.edu/forums/diary/Malicious+Content+Delivered+Through+archiveorg/27688/ A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI https://arxiv.org/abs/2107.12699 Crimea "manifesto" deploys VBA Rat using double attack vectors https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/