SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Elon Musk Themed Crypto Scams Flooding YouTube Today https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434 Microsoft Text to Speech Synthesizer https://arxiv.org/pdf/2301.02111.pdf Missing Windows Start Menu https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22H2#2998msgdesc

Prowler v3: AWS & Azure security assessments https://isc.sans.edu/diary/Prowler%20v3%3A%20AWS%20%26%20Azure%20security%20assessments/29430 Certified Pre-Pw0ned Android TV https://github.com/DesktopECHO/T95-H616-Malware Revolte Attack https://revolte-attack.net NGFW Data Exfiltration https://cymulate.com/blog/data-exfiltration-firewall/

Passive Detection of Internet-Connected Systems Affected by Exploited Vulnerabilities https://isc.sans.edu/diary/Passive%20detection%20of%20internet-connected%20systems%20affected%20by%20vulnerabilities%20from%20the%20CISA%20KEV%20catalog/29426 Unauthenticed Remote DoS in ksmbd NTLMv2 Authentication https://seclists.org/oss-sec/2023/q1/4 Cisco RV Series Vulnerabilities CVE-2023-20025 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ Gootkit Abusing VLC https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html

Microsoft January 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420 Cacti Unauthenticated Remote Code Execution https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/ On the Security Vulnerabilities of Text-to-SQL Models https://arxiv.org/pdf/2211.15363.pdf

New Year Old Tricks: Hunting for CircleCI Configuration Files https://isc.sans.edu/diary/New%20year%2C%20old%20tricks%3A%20Hunting%20for%20CircleCI%20configuration%20files/29416 Amazon S3 Encrypts New Objects By Default https://aws.amazon.com/blogs/aws/amazon-s3-encrypts-new-objects-by-default/ MatrixSSL Buffer Overflow https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29 Auth0 JsonWebToken Vulnerability CVE-2022-23529 https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/

Reversing AutoIT Scripts https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408 Can You Trust Your VSCode Extensions https://blog.aquasec.com/can-you-trust-your-vscode-extensions A Deep Dive Into Powerat https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi

More Brazil Malspam Pushing Astaroth (Guildma) in January 2023 https://isc.sans.edu/forums/diary/More%20Brazil%20malspam%20pushing%20Astaroth%20%28Guildma%29%20in%20January%202023/29404/ CircleCI Breach https://circleci.com/blog/january-4-2023-security-alert/ Twitter Leak https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/ Slack Source Code Leak https://slack.com/blog/news/slack-security-update Control Web Panel Patch CVE-2022-44877 https://github.com/numanturle/CVE-2022-44877 Turla: A Galaxy of Opportunity https://www.mandiant.com/resources/blog/turla-galaxy-opportunity

Update to RTRBK - Diff and File Dates in PowerShell https://isc.sans.edu/diary/Update%20to%20RTRBK%20-%20Diff%20and%20File%20Dates%20in%20PowerShell/29400 Google Chrome Sunsetting Legacy Windows Support https://support.google.com/chrome/thread/185534985/sunsetting-support-for-windows-7-8-8-1-in-early-2023?hl=en SHC used to compile cryptominer malware https://asec.ahnlab.com/en/45182/ ManageEngine Password Manager Pro SQL Injection https://pitstop.manageengine.com/portal/en/community/topic/manageengine-security-advisory important-security-fix-released-for-manageengine-password-manager-pro-2-1-2023#:~:text=critical%20security%20vulnerability ForiADC Command Injection in Web Interface https://www.fortiguard.com/psirt/FG-IR-22-061 Raspberry Robin Developments https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe

NTP Fingerprinting https://isc.sans.edu/diary/Its%20about%20time%3A%20OS%20Fingerprinting%20using%20NTP/29394 Misc Car Vulnerabilities https://samcurry.net/web-hackers-vs-the-auto-industry/ Flipper Zero Phishing https://twitter.com/AlvieriD/status/1609945425871609858 Trend Micro Patch https://helpcenter.trendmicro.com/en-us/article/TMKA-11252 Packet Tuesday: IP Options https://www.youtube.com/watch?v=HldNL3SLLwM

Kyverno's container image signature verification bypass https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/ Google Smart Spaeker Vulnerability https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html Verizon Decomissions 3G CDMA Network https://www.fiercewireless.com/wireless/verizon-tells-3g-customers-upgrade-they-lose-service EarSpy: Spying Caller Speech and Identity Through Speaker Vibrations https://arxiv.org/pdf/2212.12151.pdf