SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Sysmon 11.10 and ADS Logging https://isc.sans.edu/forums/diary/Sysmon+and+Alternate+Data+Streams/26292/ Paloalto PAN-OS SAML Vulnerability https://security.paloaltonetworks.com/CVE-2020-2021 Cisco Telnet Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html

MacOS 11 Security Changes https://www.sentinelone.com/blog/macos-big-sur-9-big-surprises-for-enterprise-security/ Certificate Lifetime Limited to 1 Year Starting September https://chromium.googlesource.com/chromium/src/+/ae4d6809912f8171b23f6aa43c6a4e8e627de784 https://support.apple.com/en-us/HT211025 https://lists.cabforum.org/pipermail/servercert-wg/2020-June/002000.html

Recordings of the Tech Tuesday Workshop https://isc.sans.edu/forums/diary/Tech+Tuesday+Recap+Recordings+Part+2+Installing+the+Honeypot+release/26280/ https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A Credit Card Skimmers Hide Code in Favicon EXIF Data https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/ GeoVision Scanners Vulnerabilities https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html Docker Images Containing Cryptojacking Malware https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/ SANS.edu Student Karim Lalji: https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640

Using Shell Links as zero-touch downloaders and to initiate network connections https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26276/ Chrome Updates Released https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html QNAP Updates for Helpdesk https://www.qnap.com/de-de/security-advisory/qsa-20-03 Magento Update https://helpx.adobe.com/security/products/magento/apsb20-41.html Attacks Against Microsoft Exchange Servers https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/

Analysis Of Traffic Targeting CyberBunker IP Space https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/ Microsoft Offering Enterprise Security Products for Linux/Android https://techcommunity.microsoft.com/t5/microsoft-defender-atp/announcing-microsoft-defender-atp-for-android/ba-p/1480787 https://techcommunity.microsoft.com/t5/microsoft-defender-atp/microsoft-defender-atp-for-linux-is-now-generally-available/ba-p/1482344 Microsoft Safe Documents https://techcommunity.microsoft.com/t5/microsoft-365-blog/safe-documents-is-generally-available/ba-p/1480401

Comparing Office Documents with WinMerge https://isc.sans.edu/forums/diary/Comparing+Office+Documents+with+WinMerge/26268/ VMWare Tools and Microsoft Office Updates for macOS https://www.vmware.com/security/advisories/VMSA-2020-0014.html https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1225 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1226 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1229 Remote Code Execution Vulnerability in Bitdefender https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/ Google Analytics Used to Exfiltrate Data https://www.perimeterx.com/tech-blog/2020/bypassing-csp-exflitrate-data/

Sigma Rules! The Generic Signature Format for SIEM Systems https://isc.sans.edu/forums/diary/Sigma+rules+The+generic+signature+format+for+SIEM+systems/26258/ Pi Zero Honeypot https://isc.sans.edu/forums/diary/Pi+Zero+HoneyPot/26260/ Ransomware Operators Lurk on Your Network https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/ Discord Modified to Steal Accounts https://www.bleepingcomputer.com/news/security/discord-modified-to-steal-accounts-by-new-nitrohack-malware/

Broken Phishing Accidentially Exploiting Outlook Zero-Day https://isc.sans.edu/forums/diary/Broken+phishing+accidentally+exploiting+Outlook+zeroday/26254/ Webcast: https://www.sans.org/webcasts/sansatmic-catch-release-phishing-techniques-good-guys-115430 Cisco Updates Treck IP Stack: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC All Advisories: https://tools.cisco.com/security/center/publicationListing.x Netgear httpd Firmware Upload Stack-based Buffer Overflow RCE Vulnerability https://blog.grimm-co.com/2020/06/soho-device-exploitation.html Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935

Odd Protest Spam (Scam?) Targeting Atlanta Police Foundation https://isc.sans.edu/forums/diary/Odd+Protest+Spam+Scam+Targeting+Atlanta+Police+Foundation/26248/ Zoom Publishes End-to-End Encryption Whitepaper https://github.com/zoom/zoom-e2e-whitepaper Linux ACPI Bug Defeats UEFI Secure Boot https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935

Sextortion to the Next Level https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/ TMobile Outage Due to Configuration Error https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/ Vulnerability Analysis of 2500 Docker Hub Images https://arxiv.org/pdf/2006.02932.pdf Track IP Stack Contains Multiple Vulnerabilities https://www.kb.cert.org/vuls/id/257161