SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A Sextortion E-Mail From ... IT Support?! https://isc.sans.edu/forums/diary/A+sextortion+email+fromIT+support/27682/ AV-Test Compares Android Anti-Virus Software https://www.av-test.org/en/news/15-security-apps-for-android-in-an-endurance-test/ Oscorp evolves into UBEL: Advanced Android Malware https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution QOMPLX Reboots Punkspider https://www.globenewswire.com/da/news-release/2021/07/20/2265860/0/en/QOMPLX-Reboots-Punkspider.html AFRINIC IPv4 Address Heist https://lists.afrinic.net/pipermail/community-discuss/2021-July/004122.html

Details about CVE-2021-30807. (Patch released Monday for MacOS/iOS) https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/ Zimbra 8.8.15 XSS and SSRF Vulnerability https://blog.sonarsource.com/zimbra-webmail-compromise-via-email LockBit Ransomware Uses Group Policies https://www.bleepingcomputer.com/news/security/lockbit-ransomware-automates-windows-domain-encryption-via-group-policies/ Microsoft Extending SafeLinks to Teams https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/microsoft-teams-gets-more-phishing-protection/ba-p/2585559

Recovering Malspam Password https://isc.sans.edu/forums/diary/Failed+Malspam+Recovering+The+Password/27674/ Apple Patches 0-Day https://support.apple.com/en-us/HT201222 Attackers Adopt Exotic Programming Languages https://blogs.blackberry.com/en/2021/07/old-dogs-new-tricks-attackers-adopt-exotic-programming-languages LemonDuck/LemonCat Coinminers Going Multi-OS https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/ GitHub Expending Supply Chain Security Support to Go https://github.blog/2021-07-22-github-supply-chain-security-features-go-community/

PetitPotam ADCS Domain Admin Vulnerability https://isc.sans.edu/forums/diary/Active+Directory+Certificate+Services+ADCS+PKI+domain+admin+vulnerability/27668/ XCSSET Mac Malware Target Google Chrome / Telegram https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html Defunct Video Hosting Site Flooding Normal Websites With Porn https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn

Akamai Outage https://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/ "Summer of SAM" Continues https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujul2021.html Kaseya Decryptor Available https://www.kaseya.com/potential-attack-on-kaseya-vsa/ Jira Data Center and Jira Service Management Data Center Security Advisory https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html Forgot password? Taking over user accounts Kaminsky style https://sec-consult.com/blog/detail/forgot-password-taking-over-user-accounts-kaminsky-style/

Microsoft Published Summer of SAM Guidance https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Apple Patches Everything https://support.apple.com/en-us/HT201222 Formbook/XLoader Malware Ported to Mac https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/ Pulse Secure Backdoors https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices

Windows Registry Hives Permission Problem https://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/ HP Printer Drivers Allows Privilege Escalation https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/ Linux Local Privilege Escalation in Filesystem Layer https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909 FortiManager and FortiAnalyzer Vulnerability https://www.fortiguard.com/psirt/FG-IR-21-067

New Windows Print Spooler Vulnerability - CVE-2021-34481 https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/ iOS/WatchOS/tvOS/Safari Updates https://support.apple.com/en-us/HT201222 iOS Format String Vulnerability Exploitable as RCE https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/ Surfside Condo Collapse Scams https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/

Multiple BaseXX Obfuscations https://isc.sans.edu/forums/diary/Multiple+BaseXX+Obfuscations/27640/ Juniper Patches: Radius Vulnerability https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11180&cat=SIRT_1&actp=LIST fail2ban vulnerability https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm NSO Group Victims Leaked https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/ Dangers of Autofilling Passwords https://marektoth.com/blog/password-managers-autofill/#analysis

USPS Phishing Kit Reporting Data Back Via Telegram https://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/ Sonicwall Warns of Ransomware https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/ WooCommerce Flaw Exploited https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/ KiwiSDR Backdoor https://www.bleepingcomputer.com/news/security/software-maker-removes-backdoor-giving-root-access-to-radio-devices/