SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

When Get-WebRequest Fails You https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/ HP PC BIOS Security Updates https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788 INTEL BIOS Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html Zyxel RCE Vulnerability https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/

TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/ Google Drive Emerges as Top App for Malware Downloads https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/ Vanity URL Abuse https://www.varonis.com/blog/url-spoofing npm Supply Chain Attack Turns Out to be Part of Penetration Test https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/

Microsoft May 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/ Adobe Updates https://helpx.adobe.com/security/security-bulletin.html npm "foreach" package domain takeover https://www.theregister.com/2022/05/10/security_npm_email/

Octopus Backdoor is Back with a New Embedded Obfuscated Bat File https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments CVE-2022-1388 (BIG-IP) Exploits https://twitter.com/sans_isc/status/1523741896707043328 https://github.com/horizon3ai/CVE-2022-1388 Trend Micro False Positive Aftermath https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US Microsoft Azure https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/ https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/

F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388) https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/ QNAP QVR Update https://www.qnap.com/de-de/security-advisory/qsa-22-07 Raspberry Robin Worm https://redcanary.com/blog/raspberry-robin/ rubygems CVE-2022-29176 explained https://greg.molnar.io/blog/rubygems-cve-2022-29176/ What is the simples malware in the world? https://isc.sans.edu/forums/diary/What+is+the+simplest+malware+in+the+world/28620/

Password-protected Excel Spreadsheet Pushes Remcos RAT https://isc.sans.edu/forums/diary/Passwordprotected+Excel+spreadsheet+pushes+Remcos+RAT/28616/ Microsoft, Apple, Google Accelated FIDO Standard Implementation https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/ Heroku Admits Breach https://status.heroku.com/incidents/2413

Finding the Real "Last Patched" Day (Interim Version) https://isc.sans.edu/forums/diary/Finding+the+Real+Last+Patched+Day+Interim+Version/28610/ Fake Windows Updates Install Ransomware https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/ Vulnerablities in Ransomware https://www.malvuln.com Heroku Forces Password Reset https://status.heroku.com/incidents/2413 Cisco Patches Enterprise NFV Infrastructure Software https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9 Big-IP iControl REST Vulnerability https://support.f5.com/csp/article/K23605346

Some Honeypot Updates https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/ TLStorm 2 - NanoSSL TLS Library Misuse https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/ Unpatched DNS Bug in uClibc and uClibc-ng Library https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-DNS-bug-in-popular-c-standard-library-putting-iot-at-risk/ Abusing Security Software to Sideload PlugX and ShadowPad https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/ Microsoft Edge Update Triggers Trend Micro AV https://success.trendmicro.com/forum/s/question/0D54T00001QDqzgSAD/we-are-getting-this-message-from-every-client-since-several-minutesis-it-a-false-positiv-error-or-do-we-have-a-real-trojaner-problem-

Detecting VSTO Office Files with ExifTool https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/ The Gmail SMTP Relay Service Exploit https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit OpenSSF Package Analysis https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/ M1 Prefetcher Data Leak https://www.prefetchers.info

Using Passive DNS Sources for Reconnaissance and Enumeration https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/ Microsoft Edge Secure Network https://support.microsoft.com/en-gb/topic/use-the-microsoft-edge-secure-network-to-protect-your-browsing-885472e2-7847-4d89-befb-c80d3dda6318 Sina Weibo Making Users IPs and Location Public https://www.theregister.com/2022/04/29/weibo_location_services_default/ https://weibo.com/u/1934183965?layerid=4763194269108760 SonicWall Global VPN Client DLL Search Order Hijacking https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036 Zoom Updated https://explore.zoom.us/en/trust/security/security-bulletin/