SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Recent talks highlight the Gafgyt botnet targeting routers, stressing the importance of updated firmware and strong passwords. Healthcare systems are under attack, showcasing vulnerabilities linked to third-party vendors. Additionally, North Korea's Sapphire Sleet is on the prowl, using fake job portals to exploit developers. Insights into OpenVPN Access Server vulnerabilities remind us that staying informed is crucial in this ever-evolving cyber landscape.

Discover the dark world of code injection as experts reveal how vulnerabilities can be exploited in Windows systems. Learn about the alarming tactics of the CLOP ransomware gang, highlighting the urgent need for software updates. Stay informed with critical cybersecurity updates, including a significant fix for WS FTP and a warning about a malvertising campaign posing risks. Plus, don’t overlook the vulnerabilities linked to Apache Arrow involving the PyError Python module. It's a must-listen for anyone interested in cyber safety.

Discover the chilling world of phishing campaigns, where attackers cleverly disguise their tactics to mimic legitimate marketing. Uncover the vulnerabilities in Azure Automation Services that allowed cryptocurrency miners to exploit systems through faulty Python script management. Also, learn about the latest security enhancements in Windows 11, including crucial updates to SMB and NTLM protocols, as well as a newly identified vulnerability that could jeopardize network security.

Discover the new world of DNS with designated resolvers and their implications for security and privacy. Learn about BlueNoroff, a malware targeting macOS users in cryptocurrency scams. Dive into Microsoft's advanced Authenticator features designed to enhance security by default. Join the conversation about the evolving landscape of cybersecurity and share your own experiences for a richer community interaction.

Explore the latest cyber threats as the hosts dive into the exploitation of Confluence CVE-2023-22518. Discover vulnerabilities in Veeam's monitoring tools and QNAP's network devices, underscoring the critical need for timely system updates. The conversation highlights the significance of proactive cybersecurity measures to minimize risks and protect data from emerging threats.

New Microsoft Exchange Zero Days https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/ StripedFly: Perennially Flying under the Radar https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/ Send My: Sending Data over Apple's Find My Network https://github.com/positive-security/send-my

Quick Tip for Artificially Inflated PE Files https://isc.sans.edu/diary/Quick%20Tip%20For%20Artificially%20Inflated%20PE%20Files/30370 Apache ActiveMQ Flaw Exploited https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/ Critical Firepower Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN Dozens of npm Packages Caught Attempting to Deploy Reverse Shell https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/

Malware Dropped Through a ZPAQ Archive https://isc.sans.edu/forums/diary/Malware%20Dropped%20Through%20a%20ZPAQ%20Archive/30366/ CVSS 4.0 Now Official https://www.first.org/cvss/v4-0/index.html MOZI Botnet Killswitch https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/ URL Shorteners in .us https://securityonline.info/infoblox-uncovers-malicious-wave-in-us-domain-registrations/ Impersonating Slack Users https://falconspy.org/redteam/tradecraft/2023/10/05/2023-10-05-Slack-Impersonation.html

Multiple Layers of Anti-Sandboxing Techniques https://isc.sans.edu/diary/Multiple%20Layers%20of%20Anti-Sandboxing%20Techniques/30362 CVE-2023-22518 Improper Authorization Vulnerability in Confluence Data Center and Server https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html Malvertisement Promotes Malicious PyCharm Version https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza Thorn SFTP Gateway Java Deserialization RCE CVE-2016-1000027 CVE-2023-47174 https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/

Flying under the Radar: The Privacy Impact of Mulicast DNS https://isc.sans.edu/forums/diary/Flying%20under%20the%20Radar%3A%20The%20Privacy%20Impact%20of%20multicast%20DNS/30358/ Kubernetes ingress-nginx vulnerability https://github.com/kubernetes/ingress-nginx/issues/10571 Google Chrome HTTPS Upgrade https://github.com/dadrian/https-upgrade/blob/main/explainer.md Wordpad POC CVE-2023-36563 https://www.dillonfrankesecurity.com/posts/cve-2023-36563-wordpad-analysis/