SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Taking a Bite Out of Password Expiry Helpdesk Calls https://isc.sans.edu/diary/Taking%20a%20Bite%20Out%20of%20Password%20Expiry%20Helpdesk%20Calls/29758 3CX Software Supply Chain Compromise https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise Google Ghost Tokens https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/ PyPi Trusted Publishers https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/

Yet Another Google Chrome 0-Day https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html Oracle Critical Patch Update April 2023 https://www.oracle.com/security-alerts/cpuapr2023.html Github Provenance Action for npm Packages https://www.theregister.com/2023/04/19/github_actions_npm_origins/ Microsoft Revises Threat Actor Naming https://learn.microsoft.com/de-de/microsoft-365/security/intelligence/microsoft-threat-actor-naming

UDDIs Are Back: Attackers Rediscovering Old Exploits. https://isc.sans.edu/diary/UDDIs%20are%20back%3F%20Attackers%20rediscovering%20old%20exploits./29754UDDIExplorer; UDDIExplorer; Russian Attacks against Routers https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108 Information Leakage on Discarded Routers https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/

The strange case of the Great Honeypot of China https://isc.sans.edu/diary/The%20strange%20case%20of%20Great%20honeypot%20of%20China/29750 The LockBit ransomware (kinda) comes for macOS https://objective-see.org/blog/blog_0x75.html Google Cloud Used as C&C https://thehackernews.com/2023/04/google-uncovers-apt41s-use-of-open.html

Attack Campaing Tht Uses Fake Google Chrome Errors https://insight-jp.nttsecurity.com/post/102icvb/attack-campaign-that-uses-fake-google-chrome-error-to-distribute-malware-from-com Chromium Publishes Emergency Update https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html LAPS Update Errors https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview Manage Engine Vulnerability https://hnd3884.github.io/posts/CVE-2023-29084-Command-injection-in-ManageEngine-ADManager-plus/

HTTP: What's Left of it and the OCSP Problem https://isc.sans.edu/diary/HTTP%3A%20What%27s%20Left%20of%20it%20and%20the%20OCSP%20Problem/29744 NTP Vulnerability Update https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321 SecurePoint UTM Vulnerability CVE-2023-22897 https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/ https://www.rcesecurity.com/2023/04/securepwn-part-2-leaking-remote-memory-contents-cve-2023-22897/ Google Cloud Assured Open Source Software Services https://cloud.google.com/blog/products/identity-security/google-cloud-assured-open-source-software-service-now-ga

Recent IcedID (Bokbot) activity https://isc.sans.edu/forums/diary/Recent%20IcedID%20%28Bokbot%29%20activity/29740/ Microsoft Message Queue Vulnerabilities Details https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/ NTP Vulnerabilities https://github.com/spwpun/ntp-4.2.8p15-cves https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0938

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20April%202023%20Patch%20Tuesday/29736 Windows LAPS Available as part of Windows https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747 SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Adobe Patches https://helpx.adobe.com/security/security-bulletin.html

Another Malicious HTA File Analysis - Part 2 https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%202/29676 Apple Updates for Older Operating Systems https://support.apple.com/en-us/HT201222 MSI Attack May Affect BIOS Updates https://www.msi.com/news/detail/MSI-Statement-141688 KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023 https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25

Detecting Suspicious API Usage with YARA Rules https://isc.sans.edu/diary/Detecting%20Suspicious%20API%20Usage%20with%20YARA%20Rules/29724 Apple Patching Two 0-Day Vulnerabilities in iOS and macOS https://isc.sans.edu/diary/Apple%20Patching%20Two%200-Day%20Vulnerabilities%20in%20iOS%20and%20macOS/29726 VM2 Sandbox Escape https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023 https://isc.sans.edu/diary/Microsoft%20Netlogon%3A%20Potential%20Upcoming%20Impacts%20of%20CVE-2022-38023/29728