SANS Internet Storm Center Daily Network Security and Computer Security Podcast

Malicious 3CX Dekstop App Update Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY 3CX Update: https://www.3cx.com/blog/news/desktopapp-security-aler...

https://isc.sans.edu/podcastdetail.html?id=8434

Extracting Multiple Streams From OLE Files https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688 3CXDesktop App Compromise https://www.crowdstrike.com/blog/crowd...

https://isc.sans.edu/podcastdetail.html?id=8432

Network Data Collector Placement Makes a Difference https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664 Throttling and Blocking Email from Persisten...

https://isc.sans.edu/podcastdetail.html?id=8430

Another Malicious HTA File Analysis Part 1 https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674 Apple Updates Everything https://isc.sans.edu/diary/Apple%...

https://isc.sans.edu/podcastdetail.html?id=8428

Update for Windows Snipping Tool https://isc.sans.edu/diary/Microsoft%20Released%20an%20Update%20for%20Windows%20Snipping%20Tool%20Vulnerability/29670 GitHub Rotates SSH Keys https://github.blo...

https://isc.sans.edu/podcastdetail.html?id=8426

Cropping and Redacting Images Safely https://isc.sans.edu/diary/Cropping%20and%20Redacting%20Images%20Safely/29666 Untitled Goose Tool https://github.com/cisagov/untitledgoosetool Veeam Vulne...

https://isc.sans.edu/podcastdetail.html?id=8424

Windows Snipping Tool Privacy Bug: Inspecting PNG Files https://isc.sans.edu/diary/Windows%2011%20Snipping%20Tool%20Privacy%20Bug%3A%20Inspecting%20PNG%20Files/29660 Acropalypse Detection and S...

https://isc.sans.edu/podcastdetail.html?id=8422

String Obfuscation: Character Pair Reversal https://isc.sans.edu/diary/String%20Obfuscation%3A%20Character%20Pair%20Reversal/29654 Windows 11 Snipping Tool Privacy Bug https://www.bleepingcompu...

https://isc.sans.edu/podcastdetail.html?id=8420

From Phishing Kit to Telegram ... or Not https://isc.sans.edu/diary/From%20Phishing%20Kit%20To%20Telegram...%20or%20Not!/29650 Emotet uses OneNote https://cofense.com/blog/emotet-sending-malici...

https://isc.sans.edu/podcastdetail.html?id=8418

Old Backdoor, New Obfuscation https://isc.sans.edu/diary/Old%20Backdoor%2C%20New%20Obfuscation/29646 Samsung Exynos Chip Vulnerability https://googleprojectzero.blogspot.com/2023/03/multiple-in...

https://isc.sans.edu/podcastdetail.html?id=8416

Simple Shellcode Dissection https://isc.sans.edu/diary/Simple%20Shellcode%20Dissection/29642 Threat Actors Exploit Progress Telerik Vulnerablity https://www.cisa.gov/news-events/cybersecurity-a...

https://isc.sans.edu/podcastdetail.html?id=8414

IPFS Phishing and the need for correctly set HTTP security headers https://isc.sans.edu/diary/IPFS%20phishing%20and%20the%20need%20for%20correctly%20set%20HTTP%20security%20headers/29638 Exploi...

https://isc.sans.edu/podcastdetail.html?id=8412

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20March%202023%20Patch%20Tuesday/29634 Adobe Cold Fusion and Magento (Adobe Commerce) patches https://helpx.adobe.com/security/produ...

https://isc.sans.edu/podcastdetail.html?id=8410

SVB Scams and New Domain Registrations https://isc.sans.edu/diary/Incoming%20Silicon%20Valley%20Bank%20Related%20Scams/29630 CISA Adds Older PLEX and VMWare Vulnerablities to Known-Exploited Li...

https://isc.sans.edu/podcastdetail.html?id=8408

AsynRAT Trojan - Bill Payment (Pago de la factura) https://isc.sans.edu/diary/AsynRAT+Trojan+Bill+Payment+Pago+de+la+factura/29626 Mirai Payload Generator https://isc.sans.edu/diary/Overview%20...

https://isc.sans.edu/podcastdetail.html?id=8406

Suspected Chinese Campaign to Persist on SonicWall Devices https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall Old Cyber Gang Uses New Crypted - ScrubCrypt https://www.f...

https://isc.sans.edu/podcastdetail.html?id=8404

Increase in exploits against Joomla (CVE-2023-23752) https://isc.sans.edu/diary/Increase%20in%20exploits%20agains%20Joomla%20%28CVE-2023-23752%29/29614 Jenkins RCE Vulnerability https://blog.aq...

https://isc.sans.edu/podcastdetail.html?id=8402

Hackers Love This VSCode Extension: What You Can Do to Stay Safe https://isc.sans.edu/diary/Hackers%20Love%20This%20VSCode%20Extension%3A%20What%20You%20Can%20Do%20to%20Stay%20Safe/29610 Protec...

https://isc.sans.edu/podcastdetail.html?id=8400

Scanning s3 Buckets https://isc.sans.edu/diary/Scanning%20s3%20buckets/29606 HiatusRAT Router Malware https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/ SonicWall ...

https://isc.sans.edu/podcastdetail.html?id=8398

SANS.edu Commencement https://www.linkedin.com/feed/update/urn:li:activity:7037794067266625536/ SCARLETEEL: Operation Leverating Terraform, Kubernetes and AWS for data theft https://sysdig.com/...

https://isc.sans.edu/podcastdetail.html?id=8396

YARA: Detect the Unexpected https://isc.sans.edu/diary/YARA%3A%20Detect%20The%20Unexpected%20.../29598 Drone Security and the Mysterious Case of DJI's DroneID https://github.com/RUB-SysSec/Dron...

https://isc.sans.edu/podcastdetail.html?id=8394

Python Infostealer Targeting Gamers https://isc.sans.edu/diary/Python%20Infostealer%20Targeting%20Gamers/29596 DNS Abuse Techniques Matrix https://www.first.org/global/sigs/dns/DNS-Abuse-Techni...

https://isc.sans.edu/podcastdetail.html?id=8392

BB11 Distribution Qakbot (Qbot) activity https://isc.sans.edu/diary/BB17%20distribution%20Qakbot%20%28Qbot%29%20activity/29592 LastPass Incident Details https://support.lastpass.com/help/incide...

https://isc.sans.edu/podcastdetail.html?id=8390

Phishing Again and Again https://isc.sans.edu/diary/Phishing%20Again%20and%20Again/29588 Unlocked Phone Stealing https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-...

https://isc.sans.edu/podcastdetail.html?id=8388

URL Files and WebDav used for IcedId Bockbot Infection https://isc.sans.edu/diary/URL%20files%20and%20WebDAV%20used%20for%20IcedID%20%28Bokbot%29%20infection/29578 oledump msi file plugin https...

https://isc.sans.edu/podcastdetail.html?id=8386

Updated Exchange AV Guidance https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464 Best Practices for Securing Your Home Netw...

https://isc.sans.edu/podcastdetail.html?id=8384

Internet Wide Scan Fingerprinting Confluence Servers https://isc.sans.edu/diary/Internet%20Wide%20Scan%20Fingerprinting%20Confluence%20Servers/29574 Apple Updates Advisories https://support.app...

https://isc.sans.edu/podcastdetail.html?id=8382

Phishing Page Branded with Your Corporate Website https://isc.sans.edu/diary/Phishing%20Page%20Branded%20with%20Your%20Corporate%20Website/29570 Fortinet FortiNAC CVE-2022-39952 Deep-Dive and I...

https://isc.sans.edu/podcastdetail.html?id=8380

OneNote Suricata Rules https://isc.sans.edu/diary/OneNote%20Suricata%20Rules/29564 New IIS Backdoor https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis...

https://isc.sans.edu/podcastdetail.html?id=8378

Phishing Emails to out Handlers Inbox https://isc.sans.edu/diary/Spear%20Phishing%20Handlers%20for%20Username%20Password/29560 Twitter Alters 2FA https://blog.twitter.com/en_us/topics/product/2...

https://isc.sans.edu/podcastdetail.html?id=8376

HTML Phishing Attachment with Browser-in-the-Browser Technique https://isc.sans.edu/diary/HTML%20phishing%20attachment%20with%20browser-in-the-browser%20technique/29556 Windows Server 2022 Migh...

https://isc.sans.edu/podcastdetail.html?id=8374

DNS Recon Redux https://isc.sans.edu/diary/DNS%20Recon%20Redux%20-%20Zone%20Transfers%20%28plus%20a%20time%20machine%29%20for%20When%20You%20Can%27t%20do%20a%20Zone%20Transfer/29552 GitHub Copi...

https://isc.sans.edu/podcastdetail.html?id=8372

Microsoft February 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20February%202023%20Patch%20Tuesday/29548 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Inte...

https://isc.sans.edu/podcastdetail.html?id=8370

Apple Patches Exploited Vulnerablity https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/29544 Venmo Phishing Abusing LinkedIn "slink" https://isc.sans.edu/diary/Venmo+Phishi...

https://isc.sans.edu/podcastdetail.html?id=8368

Obfuscated Deactivation of Script Block Logging https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538 PCAP Data Analysis with Zeek https://isc.sans.edu/diar...

https://isc.sans.edu/podcastdetail.html?id=8366

A Backdoor with Smart Screenshot Capability https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534 KeePass Patches Issue Allowing Password Export https://keepass...

https://isc.sans.edu/podcastdetail.html?id=8364

Simple HTML Phishing via Telegram Bot https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/ Recovering from ESXiArgs Ransomware https://www.cisa.gov/uscert/nc...

https://isc.sans.edu/podcastdetail.html?id=8362

A Survey of Bluetooth Vulnerabilities Trends https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522 OpenSSL Vulnerabilities / Patches htt...

https://isc.sans.edu/podcastdetail.html?id=8360

Earthquake Scams https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518 APIs Used By Bots to Detect Public IP Addresses https...

https://isc.sans.edu/podcastdetail.html?id=8358

Assemblyline as a Malware Analysis Sandbox https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510 GoAnywhere MFT zero-day Exploited https://www.rapid7.com/blog/po...

https://isc.sans.edu/podcastdetail.html?id=8356

Rotating Packet Captures with pfSense https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500 BEC Group Incorporates Secondary Impersonated Personas https://intelligence....

https://isc.sans.edu/podcastdetail.html?id=8354

Detecting Malicious OneNote Files https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494 Microsoft Defender Device Isolation for Linux https://techcommunity.microsoft.co...

https://isc.sans.edu/podcastdetail.html?id=8352

DShield Honeypot Setup with pfSense https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490 Threat Actors Abusing Microsoft's "Verified Publisher" Status https://www.proofp...

https://isc.sans.edu/podcastdetail.html?id=8350

Decoding DNS over HTTP(s) Requests https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488 Action Needed for GitHub Desktop and Atom Users https://github.blog/2023-01-30...

https://isc.sans.edu/podcastdetail.html?id=8348

Microsoft Tips to Patch Your Exchange Servers https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001 FCC Treatens to Take Action Against Twilio ove...

https://isc.sans.edu/podcastdetail.html?id=8346

Live Linux IR with UAC https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480 Bitwarden Phishing https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704 https://ww...

https://isc.sans.edu/podcastdetail.html?id=8344

First Malicious OneNote Document https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470 Guidance for Securing Remote Monitoring and Management Software https://media.defens...

https://isc.sans.edu/podcastdetail.html?id=8342

Apple Patch Summary https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/ ManageEngine News; https://github.com/vonahisec/CVE-2022-47966-Sca...

https://isc.sans.edu/podcastdetail.html?id=8340

Who's Resolving This Domain https://isc.sans.edu/forums/diary/Who's%20Resolving%20This%20Domain%3F/29462/ Apple Updates Everything https://support.apple.com/en-us/HT201222 NSA IPv6 Security Gu...

https://isc.sans.edu/podcastdetail.html?id=8338

Imortance of Signing in Windows Environments https://isc.sans.edu/diary/Importance%20of%20signing%20in%20Windows%20environments/29456 FanDuel Discloses Data Breach Caused by Recent Mailchimp Ha...

https://isc.sans.edu/podcastdetail.html?id=8336

SPF and DMARC use on 100k most popular domains https://isc.sans.edu/diary/SPF%20and%20DMARC%20use%20on%20100k%20most%20popular%20domains/29452 Sysmon Exploit Released CVE-2022-41120, CVE-2022-4...

https://isc.sans.edu/podcastdetail.html?id=8334

Malicious Google Ads for Fake Notepad++ Lead to Aurora Stealer https://isc.sans.edu/diary/Malicious%20Google%20Ad%20--%3E%20Fake%20Notepad%2B%2B%20Page%20--%3E%20Aurora%20Stealer%20malware/29448 ...

https://isc.sans.edu/podcastdetail.html?id=8332

Finding that one GPO setting in a pool of hundreds of GPOs https://isc.sans.edu/diary/Finding%20that%20one%20GPO%20Setting%20in%20a%20Pool%20of%20Hundreds%20of%20GPOs/29442 GIT Code Audit https...

https://isc.sans.edu/podcastdetail.html?id=8330

PSA: Why you must run an ad blocker when using Google https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438 NortonLifeLock Password Manage...

https://isc.sans.edu/podcastdetail.html?id=8328

Elon Musk Themed Crypto Scams Flooding YouTube Today https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434 Microsoft Text to Speech Synthesizer htt...

https://isc.sans.edu/podcastdetail.html?id=8326

Prowler v3: AWS & Azure security assessments https://isc.sans.edu/diary/Prowler%20v3%3A%20AWS%20%26%20Azure%20security%20assessments/29430 Certified Pre-Pw0ned Android TV https://github.com/Des...

https://isc.sans.edu/podcastdetail.html?id=8324

Passive Detection of Internet-Connected Systems Affected by Exploited Vulnerabilities https://isc.sans.edu/diary/Passive%20detection%20of%20internet-connected%20systems%20affected%20by%20vulnerab...

https://isc.sans.edu/podcastdetail.html?id=8322

Microsoft January 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420 Cacti Unauthenticated Remote Code Execution https://www.sonarsource.com/blog/c...

https://isc.sans.edu/podcastdetail.html?id=8320

New Year Old Tricks: Hunting for CircleCI Configuration Files https://isc.sans.edu/diary/New%20year%2C%20old%20tricks%3A%20Hunting%20for%20CircleCI%20configuration%20files/29416 Amazon S3 Encry...

https://isc.sans.edu/podcastdetail.html?id=8318

Reversing AutoIT Scripts https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408 Can You Trust Your VSCode Extensions https://blog.aquasec.com/can-you-trust...

https://isc.sans.edu/podcastdetail.html?id=8316

More Brazil Malspam Pushing Astaroth (Guildma) in January 2023 https://isc.sans.edu/forums/diary/More%20Brazil%20malspam%20pushing%20Astaroth%20%28Guildma%29%20in%20January%202023/29404/ Circle...

https://isc.sans.edu/podcastdetail.html?id=8314

Update to RTRBK - Diff and File Dates in PowerShell https://isc.sans.edu/diary/Update%20to%20RTRBK%20-%20Diff%20and%20File%20Dates%20in%20PowerShell/29400 Google Chrome Sunsetting Legacy Window...

https://isc.sans.edu/podcastdetail.html?id=8312

NTP Fingerprinting https://isc.sans.edu/diary/Its%20about%20time%3A%20OS%20Fingerprinting%20using%20NTP/29394 Misc Car Vulnerabilities https://samcurry.net/web-hackers-vs-the-auto-industry/ F...

https://isc.sans.edu/podcastdetail.html?id=8310

Kyverno's container image signature verification bypass https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/ Google Smart Spaeker Vulnerability https://do...

https://isc.sans.edu/podcastdetail.html?id=8308

SPF and DMARC use on GOV domains in different ccTLDs https://isc.sans.edu/forums/diary/SPF+and+DMARC+use+on+GOV+domains+in+different+ccTLDs/29384/ CVE-2022-47939 ksmbd Vulnerability https://ubu...

https://isc.sans.edu/podcastdetail.html?id=8306

Exchange OWASSRF Exploited for Remote Code Execution https://isc.sans.edu/forums/diary/Exchange%20OWASSRF%20Exploited%20for%20Remote%20Code%20Execution/29374/ ksmbd Vulnerability https://www.ze...

https://isc.sans.edu/podcastdetail.html?id=8304

Quick NTP Measurement https://isc.sans.edu/diary/Can%20you%20please%20tell%20me%20what%20time%20it%20is%3F%20Adventures%20with%20public%20NTP%20servers./29368 FBI Favors Ad Blockers https://www...

https://isc.sans.edu/podcastdetail.html?id=8302

Linux File System Monitoring and Actions https://isc.sans.edu/diary/Linux%20File%20System%20Monitoring%20%26%20Actions/29362 Feed of NTP Server IP Addresses https://isc.sans.edu/api/threatlist/...

https://isc.sans.edu/podcastdetail.html?id=8300

Hunting for Mastodon Servers https://isc.sans.edu/diary/Hunting%20for%20Mastodon%20Servers/29358 KB5021233 Blue Screen https://learn.microsoft.com/en-us/windows/release-health/status-windows-10...

https://isc.sans.edu/podcastdetail.html?id=8298

Infostealer Malware with Double Extension https://isc.sans.edu/diary/Infostealer%20Malware%20with%20Double%20Extension/29354 Client Side Encryption For GMail https://workspaceupdates.googleblog...

https://isc.sans.edu/podcastdetail.html?id=8296

Google ads lead to fake software pages pushing IcedID (Bokbot) https://isc.sans.edu/diary/Google%20ads%20lead%20to%20fake%20software%20pages%20pushing%20IcedID%20%28Bokbot%29/29344 HTML smuggle...

https://isc.sans.edu/podcastdetail.html?id=8294

Microsoft Patch Issues: https://support.microsoft.com/en-us/topic/december-13-2022-kb5021249-os-build-20348-1366-d5fe7608-bc9d-4055-a88c-fb2fd3d5fd45 https://techcommunity.microsoft.com/t5/ask-t...

https://isc.sans.edu/podcastdetail.html?id=8292

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20December%202022%20Patch%20Tuesday/29336 Apple Patches https://isc.sans.edu/diary/Apple%20Updates%20Everything/29338 Citrix Patches htt...

https://isc.sans.edu/podcastdetail.html?id=8290

Quickie: CyberChef Sorting By String Length https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328 FortiOS Buffer Overlow https://www.fortiguard.com/psirt/FG-I...

https://isc.sans.edu/podcastdetail.html?id=8288

Fast Port Scanning in Powershell https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324 Bypassing WAFs with ...

https://isc.sans.edu/podcastdetail.html?id=8286

Finding Gaps in Syslog https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314 Internet Explorer Vulnerabilty used in Malicious Word Doc...

https://isc.sans.edu/podcastdetail.html?id=8284

ZeroBot / WSZero IoT Botnet https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities https://blog.netlab.360.com/new-ddos-botnet-wszeor...

https://isc.sans.edu/podcastdetail.html?id=8282

Mirai Botnet and Gafgyt DDoS Team Up https://isc.sans.edu/forums/diary/Mirai%20Botnet%20and%20Gafgyt%20DDoS%20Team%20Up%20Against%20SOHO%20Routers./29304/Gafgyt/Mirai Sample; Packet Tuesday; P...

https://isc.sans.edu/podcastdetail.html?id=8280

VLCs Check For Updates No Updates https://isc.sans.edu/diary/VLCs+Check+For+Updates+No+Updates/29300 AMI MegaRAC Baseboard Managment Controller Vulnerabilities https://eclypsium.com/2022/12/05/...

https://isc.sans.edu/podcastdetail.html?id=8278

QBot Update https://isc.sans.edu/forums/diary/obama224%20distribution%20Qakbot%20tries%20.vhd%20%28virtual%20hard%20disk%29%20images/29294/ Living of the Land: Unix tools in Windows https://isc...

https://isc.sans.edu/podcastdetail.html?id=8276

Quarkus Java Framework Vulnerability CVE-2022-4116 https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security https://access.redhat.com/s...

https://isc.sans.edu/podcastdetail.html?id=8274

What is the deal wtih these router vulnerabilities https://isc.sans.edu/diary/Whats+the+deal+with+these+router+vulnerabilities/29288/ Apple Updates https://support.apple.com/en-us/HT201222 VL...

https://isc.sans.edu/podcastdetail.html?id=8272

LinkedIn Bots https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282 Oracle Fusion Middle Ware Exploited CVE-2021-35587 https://www.cisa.gov/known-exp...

https://isc.sans.edu/podcastdetail.html?id=8270

Ukraine Themed Twitter Spam Pushing iOS Scareware https://isc.sans.edu/diary/Ukraine%20Themed%20Twitter%20Spam%20Pushing%20iOS%20Scareware/29276 Google Maps Privacy Issues https://garrit.xyz/po...

https://isc.sans.edu/podcastdetail.html?id=8268

Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim...

https://isc.sans.edu/podcastdetail.html?id=8266

Lessons Learned from Automatic Failover https://isc.sans.edu/diary/Lessons%20Learned%20from%20Automatic%20Failover%3A%20When%208.8.8.8%20%22disappears%22.%20IPv6%20to%20the%20Rescue%3F/29260 Bi...

https://isc.sans.edu/podcastdetail.html?id=8264

Evil Maid Attacks - Remediation for the Cheap https://isc.sans.edu/diary/Evil%20Maid%20Attacks%20-%20Remediation%20for%20the%20Cheap/29256 F5 Big IP CVE-2022-41622 and CVE-2022-41800 Vulnerabil...

https://isc.sans.edu/podcastdetail.html?id=8262

Packet Tuesday https://packettuesday.com Stealing Passwords From Infosec Mastodon - Without Bypassing CSP https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypas...

https://isc.sans.edu/podcastdetail.html?id=8260

Extracting "HTTP CONNECT" Requests with Python https://isc.sans.edu/diary/Extracting%20%27HTTP%20CONNECT%27%20Requests%20with%20Python/29246 Windows Kerberos Authentication Breaks After Novembe...

https://isc.sans.edu/podcastdetail.html?id=8258

Extracting Information From "logfmt" Files with CyberChef https://isc.sans.edu/diary/Extracting%20Information%20From%20%22logfmt%22%20Files%20With%20CyberChef/29244 Soccer Worldcup Risks https:...

https://isc.sans.edu/podcastdetail.html?id=8256

Do you collect "Observables" or "IOCs" https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238 Android Update fixes Lock Screen Bypass https://source.androi...

https://isc.sans.edu/podcastdetail.html?id=8254

Another Script-Based Ransomware https://isc.sans.edu/diary/Another%20Script-Based%20Ransomware/29234 Apple Security Updates https://support.apple.com/en-us/HT201222 Lenovo UEFI Patch https://...

https://isc.sans.edu/podcastdetail.html?id=8252

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20November%202022%20Patch%20Tuesday/29230 VMWare Workspace One Updates CVE-2022-31686, CVE-2022-31687, CVE-2022-31688 https://www.vmware....

https://isc.sans.edu/podcastdetail.html?id=8250

IPv4 Address Representations https://isc.sans.edu/diary/IPv4%20Address%20Representations/29224 Azure AD Certificate-based Authentication (CBA) on Mobile https://techcommunity.microsoft.com/t5/m...

https://isc.sans.edu/podcastdetail.html?id=8248

Remcos Downloader With Unicode Obfuscation https://isc.sans.edu/diary/Remcos%20Downloader%20with%20Unicode%20Obfuscation/29220 Windows Malware With VHD Extension https://isc.sans.edu/diary/Wind...

https://isc.sans.edu/podcastdetail.html?id=8246

Breakpoints in Burp https://isc.sans.edu/forums/diary/Breakpoints%20in%20Burp/29214/ TA569 Supply Chain Attack Injects JavaScript https://twitter.com/threatinsight/status/1587865920130752515 h...

https://isc.sans.edu/podcastdetail.html?id=8244

Who Put the "Dark" in DarkVNC? https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210 sigstore General Availability https://openssf.org/press-release/2022/10/25/sigstore-announces-...

https://isc.sans.edu/podcastdetail.html?id=8242

OpenSSL 3.0 Punycode Vulnerability Fix https://isc.sans.edu/forums/diary/Critical+OpenSSL+30+Update+Released+Patches+CVE20223786+CVE20223602/29208 https://www.openssl.org/blog/blog/2022/11/01/em...

https://isc.sans.edu/podcastdetail.html?id=8240

NMAP without NMAP - Port Testing and Scanning with PowerShell https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202 ConnectWise Recover and R1Soft Server ...

https://isc.sans.edu/podcastdetail.html?id=8238

Supersizing you DUO and 365 Integration https://isc.sans.edu/forums/diary/Supersizing%20your%20DUO%20and%20365%20Integration/29194/ TCP/IP Vulnerability CVE-2022 34718 PoC Restoration and Analy...

https://isc.sans.edu/podcastdetail.html?id=8236

Upcoming Critical OpenSSL Vulnerability: What will be Affected? https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192 Apple Updates https://suppo...

https://isc.sans.edu/podcastdetail.html?id=8234

Why is My Cat Using Baidu And Other IoT DNS Oddities https://isc.sans.edu/forums/diary/Why+is+My+Cat+Using+Baidu+And+Other+IoT+DNS+Oddities/29188 OpenSSL Critical Flaw to Be Patched https://mt...

https://isc.sans.edu/podcastdetail.html?id=8232

Massing Cryptomining Operation via Github Actions https://sysdig.com/blog/massive-cryptomining-operation-github-actions/ Daixin Team Ransomware Targeting Healthcare Providers https://www.ic3.go...

https://isc.sans.edu/podcastdetail.html?id=8230

C2 Communications Through Outlook.com https://isc.sans.edu/forums/diary/C2+Communications+Through+outlookcom/29180 Apple Patches Everything October 2022 Edition https://isc.sans.edu/forums/diar...

https://isc.sans.edu/podcastdetail.html?id=8228

Sczriptzzbn Inject Pushes Malware for NetSupport RAT https://isc.sans.edu/forums/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170/ rtfdump find options https://isc.s...

https://isc.sans.edu/podcastdetail.html?id=8226

Forensic Value of Prefetch https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/ Microsoft TLS Fix https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-bui...

https://isc.sans.edu/podcastdetail.html?id=8224

Are Internet Scanning Services Good or Bad for You? https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164 FBI Warns of Student Loan Foregiveness Scams https...

https://isc.sans.edu/podcastdetail.html?id=8222

Python Obfuscation for Dummies https://isc.sans.edu/forums/diary/Python%20Obfuscation%20for%20Dummies/29160/ Oracle October 2022 Critical Patch Update https://www.oracle.com/security-alerts/cpu...

https://isc.sans.edu/podcastdetail.html?id=8220

Fileless Powershell Dropper https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/ Apache Commons Text Vulnerablity https://www.openwall.com/lists/oss-security/2022/10/13/4 ...

https://isc.sans.edu/podcastdetail.html?id=8218

Horizon3 Publishes FortiOS Vulnerablity Details and Exploit https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/ More Exch...

https://isc.sans.edu/podcastdetail.html?id=8216

Alchimist Offensive Framework https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more VM2 Sandbox Vulnerability https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-...

https://isc.sans.edu/podcastdetail.html?id=8214

Adobe October Patch Tuesday https://helpx.adobe.com/sa_en/security/security-bulletin.html Fortinet Guidance https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/ https://isc.sans.edu/forums/di...

https://isc.sans.edu/podcastdetail.html?id=8212

Microsoft October 2022 Patches https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/ SAP Patchday https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&r...

https://isc.sans.edu/podcastdetail.html?id=8210

Wireshark Display Filter Update https://isc.sans.edu/forums/diary/Wireshark+Specifying+a+Protocol+Stack+Layer+in+Display+Filters/29130 Fortinet Vulnerablity Update https://twitter.com/Horizon3A...

https://isc.sans.edu/podcastdetail.html?id=8208

Fortinet Update https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models Zimbra Vulnerability https://twitter.com/iagox86/status/1578084...

https://isc.sans.edu/podcastdetail.html?id=8206

Infosec Calendar https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118 OnionPoison: infected Tor Browser installer distributed through popular YouTube channel https://securel...

https://isc.sans.edu/podcastdetail.html?id=8204

Credential Harvesting with Telegram https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/ Updated Microsoft Exchange Fix https://msrc-blog.microsoft.com/2022/...

https://isc.sans.edu/podcastdetail.html?id=8202

Microsoft Exchange Vulnerability Fix Bypassed https://twitter.com/testanull/status/1576774007826718720 Schneider Electric UMAS Patch Bypass https://securelist.com/the-secrets-of-schneider-elect...

https://isc.sans.edu/podcastdetail.html?id=8200

Microsoft Exchange 0-Day Update https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/ CISA Adds Atlasian Bit...

https://isc.sans.edu/podcastdetail.html?id=8198

PNG Analysis with pngdump.py https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/ Possible Exchange Server 0-Day Vulnerability https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilize...

https://isc.sans.edu/podcastdetail.html?id=8196

10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098 IRS Reports Signi...

https://isc.sans.edu/podcastdetail.html?id=8194

DNS Option 15 and Debugging DNSSEC Errors https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094 Yari: A New Era of Yara Debugging https://engineering.avast.io/yari-a-new...

https://isc.sans.edu/podcastdetail.html?id=8192

Easy Python Sandbox Detection https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090 Hackers use PowerPoint Files for "Mouseover" Malware Delivery https://blog.cluster25.duskrise...

https://isc.sans.edu/podcastdetail.html?id=8190

Kids Like Cookies and Malware Likes them Too https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082 Downloading Files from Removed Domains https://isc.sans.edu/forums/diary/Downl...

https://isc.sans.edu/podcastdetail.html?id=8188

RAT Delivered Through FODHelper https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078 Microsoft Endpoint Configuration Manager Spoofing Vulnerability https://msrc.microsoft.co...

https://isc.sans.edu/podcastdetail.html?id=8186

Phishing Campaigns Use Free Only Resources https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/ Insecure use of tarfile.extract in Python https://bugs...

https://isc.sans.edu/podcastdetail.html?id=8184

Chainsaw: Hunt, search and extract event log records https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066 PDU Exploits past NAT https://claroty.com/team8...

https://isc.sans.edu/podcastdetail.html?id=8182

Preventing ISO Malware https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062 State of Emotet https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compr...

https://isc.sans.edu/podcastdetail.html?id=8180

Word Maldoc With CustomXML and Renamed VBAProject.bin https://isc.sans.edu/diary/Word+Maldoc+With+CustomXML+and+Renamed+VBAProject.bin/29056 2FA on Lock Screens https://www.bbc.com/news/uk-engl...

https://isc.sans.edu/podcastdetail.html?id=8178

Malicous Word Document With a Frameset https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052 CVE-2022-34721 Exploit https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34...

https://isc.sans.edu/podcastdetail.html?id=8176

Easy Process Injection within Python https://isc.sans.edu/diary/Easy+Process+Injection+within+Python/29048 Queen Elizabeth Related Phishing https://twitter.com/threatinsight/status/157009233998...

https://isc.sans.edu/podcastdetail.html?id=8174

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2022+Patch+Tuesday/29044/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Magento Vendor Fi...

https://isc.sans.edu/podcastdetail.html?id=8172

VirusTotal Result Comparisons for Honeypot Malware https://isc.sans.edu/diary/VirusTotal+Result+Comparisons+for+Honeypot+Malware/29040 Apple Patches https://support.apple.com/en-us/HT201222 L...

https://isc.sans.edu/podcastdetail.html?id=8170

Malware Abusing File Exchange Site https://isc.sans.edu/diary/Phishing+Word+Documents+with+Suspicious+URL/29034 Bypassing GitHub Required Reviewers to Submit Malicious Code https://www.legitsec...

https://isc.sans.edu/podcastdetail.html?id=8168

Analyzing Obfuscated VBS with CyberChef https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/2902 pfBlockerNG Unauthenticated RCE https://www.ihteam.net/advisory/pfblockerng-unaut...

https://isc.sans.edu/podcastdetail.html?id=8166

PHP Deserialization Exploit Attempt https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024 TA505 Group's TeslaGun In-Depth Analysis https://www.prodaft.com/resource/detail/ta505-t...

https://isc.sans.edu/podcastdetail.html?id=8164

Analysis of an Encoded Cobalt Strike Beacon https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014 EvilProxy Phishing-As-A-Service with MFA Bypass https://resecurity.com/b...

https://isc.sans.edu/podcastdetail.html?id=8162

James Webb JPEG With Malware https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010 Windows Defender False Positive https://www.theregister.com/2022/09/05/windows_defender_chrome_false_p...

https://isc.sans.edu/podcastdetail.html?id=8160

Jolokie Scans: Possible Hunt for Vulnerable Apache Geode Servers https://isc.sans.edu/diary/Jolokia+Scans%3A+Possible+Hunt+for+Vulnerable+Apache+Geode+Servers+%28CVE-2022-37021%29/29006 Microso...

https://isc.sans.edu/podcastdetail.html?id=8158

Underscores and DNS: The Privacy Story https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002 iOS 12.5.6 Update https://support.apple.com/en-us/HT201222 Malware Disguised a...

https://isc.sans.edu/podcastdetail.html?id=8156

Two things that will never die: bash scripts and irc https://isc.sans.edu/diary/Two+things+that+will+never+die%3A+bash+scripts+and+IRC%21/28998 Malware using James Webb Telescope images https:/...

https://isc.sans.edu/podcastdetail.html?id=8154

Update: VBA Malcode & UTF7 (APT-C-35) https://isc.sans.edu/diary/Update%3A+VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28994 Twilio Breach used to access 2FA Tokens https://sec.okta.com/scatterswine P...

https://isc.sans.edu/podcastdetail.html?id=8152

Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons https://isc.sans.edu/diary/Dealing+With+False+Positives+when+Scanning+Memory+Dumps+for+Cobalt+Strike+Beacons/2899...

https://isc.sans.edu/podcastdetail.html?id=8150

Taking Apart URL Shorteners https://isc.sans.edu/diary/Taking+Apart+URL+Shorteners/28980 Python Developers Phished for PyPi Credentials https://twitter.com/pypi/status/1562442188285308929 Gro...

https://isc.sans.edu/podcastdetail.html?id=8148

Monster Libra -> IcedID -> Cobalt Strike and DarkVNC https://isc.sans.edu/forums/diary/VNC/28974/ Is Tox the New C&C Method for Coinminers? https://www.uptycs.com/blog/is-tox-the-new-cc-method-...

https://isc.sans.edu/podcastdetail.html?id=8146

Who's Looking at Your security.txt File https://isc.sans.edu/diary/Who%27s+Looking+at+Your+security.txt+File%3F/28972 Assessing Python Malware Detectors with a Benchmark Dataset https://blog.ch...

https://isc.sans.edu/podcastdetail.html?id=8144

32 or 64 Bits Malware https://isc.sans.edu/diary/32+or+64+bits+Malware%3F/28968 Proxies and Configurations Used for Credential Stuffing Attacks https://www.ic3.gov/Media/News/2022/220818.pdf ...

https://isc.sans.edu/podcastdetail.html?id=8142

Brazil malspam pushes Astaroth (Guildma) malware https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962 Android Ring App XSS https://checkmarx.com/blog/amazon-qui...

https://isc.sans.edu/podcastdetail.html?id=8140

Honeypot Attack Summaries with Python https://isc.sans.edu/diary/Honeypot+Attack+Summaries+with+Python/28956 TP-Link Vulnerability https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-...

https://isc.sans.edu/podcastdetail.html?id=8138

A Quick VoIP Experiment https://isc.sans.edu/diary/A+Quick+VoIP+Experiment/28950 Apple Patches Two Exploited Vulnerabilities https://isc.sans.edu/diary/Apple+Patches+Two+Exploited+Vulnerabiliti...

https://isc.sans.edu/podcastdetail.html?id=8136

VBA Maldoc and UTF7 (APT-C-35) https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946 Disrupting SEABORGIUM's Ongoing Phishing Operations https://www.microsoft.com/security/blog/20...

https://isc.sans.edu/podcastdetail.html?id=8134

Realtek CVE-2022-27255 Followup (snort signature and presentation) https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/2...

https://isc.sans.edu/podcastdetail.html?id=8132

Realtek eCOS SDK SIP ALG Vulnerability https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940 Phishing HTML Attach...

https://isc.sans.edu/podcastdetail.html?id=8130

InfoStealer Script Based on Curl and NSudo https://isc.sans.edu/diary/InfoStealer+Script+Based+on+Curl+and+NSudo/28932 Cisco Breach Details https://blog.talosintelligence.com/2022/08/recent-cyb...

https://isc.sans.edu/podcastdetail.html?id=8128

And Here They Come Again: DNS Reflection Attacks https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928 Rapid 7 Defaultinator https://defaultinator.com Zimbra Mas...

https://isc.sans.edu/podcastdetail.html?id=8126

Microsoft August 2022 Patch Tuesday https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924 AEPIC Leak https://aepicleak.com Adobe security bulletins https://helpx.adobe.com/secu...

https://isc.sans.edu/podcastdetail.html?id=8124

JSON All the Logs! https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920 Microsoft Edge Enhanced Security https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-browse-safer Mali...

https://isc.sans.edu/podcastdetail.html?id=8122

Exim Vulnerability Silently Patched https://github.com/ivd38/exim_overflow DuckDuckGo Stopping Microsoft Tracking Code https://spreadprivacy.com/more-privacy-and-transparency/ Emergency Broad...

https://isc.sans.edu/podcastdetail.html?id=8120

TLP 2.0 is Here https://isc.sans.edu/diary/TLP+2.0+is+here/28914 Hijacking email with Cloudflare Email Routing https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/ r...

https://isc.sans.edu/podcastdetail.html?id=8118

l9explore and LeakIX Internet Wide Recon Scans https://isc.sans.edu/diary/l9explore+and+LeakIX+Internet+wide+recon+scans./28910 Arris / Arris Variant DSL/Fiber Router Critical Vulnerability htt...

https://isc.sans.edu/podcastdetail.html?id=8116

Increase in Chinese "Hacktivism" Attacks https://isc.sans.edu/diary/Increase+in+Chinese+%22Hacktivism%22+Attacks/28906 Zoho Password Manager Exploit https://xz.aliyun.com/t/11578 VMWare Updat...

https://isc.sans.edu/podcastdetail.html?id=8114

A Little DDoS in the Morning https://isc.sans.edu/diary/A+Little+DDoS+In+the+Morning/28900 Exposed Twitter API Keys https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-u...

https://isc.sans.edu/podcastdetail.html?id=8112

PDF Analysis Introduction and OpenActions Entries https://isc.sans.edu/diary/PDF+Analysis+Intro+and+OpenActions+Entries/28894 IPFS The New Hotbed of Phishing https://www.trustwave.com/en-us/res...

https://isc.sans.edu/podcastdetail.html?id=8110

Exfiltrating Data with Bookmarks https://isc.sans.edu/diary/Exfiltrating+Data+With+Bookmarks/28890 Critical Samba Bug Could Let Anyone Become Domain Admin https://nakedsecurity.sophos.com/2022/...

https://isc.sans.edu/podcastdetail.html?id=8108

IcedID (BokBot) with Dark VNC and Cobalt Strike https://isc.sans.edu/diary//28884 Web Assembly Crypto Miners https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html S...

https://isc.sans.edu/podcastdetail.html?id=8106

How is Your macOS Security Posture https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882 Registry file with Executable Payload https://www.x86matthew.com/view_post?id=embed_exe...

https://isc.sans.edu/podcastdetail.html?id=8104

PowerShell Script with Fileless Capability https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878 With Management Comes Risk: Finding Flaws in Filewave MDM https://claroty....

https://isc.sans.edu/podcastdetail.html?id=8102

An Analysis of a Discerning Phishing Website https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870 Sonicwall Vulnerability https://psirt.global.sonicwall.com/vuln-detai...

https://isc.sans.edu/podcastdetail.html?id=8100

Maldoc with non-ASCII VBA Identifiers https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866 Cisco Security Updates https://tools.cisco.com/security/center/publicationListing.x? ...

https://isc.sans.edu/podcastdetail.html?id=8098

Malicious Python Script Behaving Like a Rubber Ducky https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860 Apple Patches Everything https://isc.sans.edu/diary/Ap...

https://isc.sans.edu/podcastdetail.html?id=8096

Beacon Request https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856 Oracle July 2022 CPU https://www.oracle.com/security-alerts/cpujul2022...

https://isc.sans.edu/podcastdetail.html?id=8094

Adding Your Own Keywords to My PDF Tools https://isc.sans.edu/diary/Adding+Your+Own+Keywords+To+My+PDF+Tools/28852 Tor Improvements https://blog.torproject.org/new-release-tor-browser-115/ Tr...

https://isc.sans.edu/podcastdetail.html?id=8092

Python: Files in Use By Another Process https://isc.sans.edu/diary/Python%3A+Files+In+Use+By+Another+Process/28848 Google Removing App Permissions List for Data Safety https://twitter.com/Misha...

https://isc.sans.edu/podcastdetail.html?id=8090

Debugging Broadcast Storms https://isc.sans.edu/diary/A+%22DHCP+is+Broken%22+story%2C+and+a+Blast+from+the+Past+%28or+should+I+say+%22Storm%22+from+the+past%29/28844 Targeted Deanonymization vi...

https://isc.sans.edu/podcastdetail.html?id=8088

Using Referrers to Detect Phishing Attacks https://isc.sans.edu/diary/Using+Referers+to+Detect+Phishing+Attacks/28836 Callback Phishing Campaigns Impersonating Security Companies https://www.cr...

https://isc.sans.edu/podcastdetail.html?id=8086

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft+July+2022+Patch+Tuesday/28838 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html SAP Patches https://dam.sap.co...

https://isc.sans.edu/podcastdetail.html?id=8084

Rogers Outage https://about.rogers.com/news-ideas/a-message-from-rogers-president-and-ceo/ Rolling Pwn https://rollingpwn.github.io/rolling-pwn/ GitHub Runners mine Cryptocoins https://www.tr...

https://isc.sans.edu/podcastdetail.html?id=8082

SANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/ Extracting URLs from Emotet with Cyberchef https://isc.sans.edu/forums/dia...

https://isc.sans.edu/podcastdetail.html?id=8080

How Many SANs are Insane https://isc.sans.edu/forums/diary/How+Many+SANs+are+Insane/28820/ Fortinet July Updates https://fortiguard.fortinet.com/psirt?date=07-2022 Phishing Attacks Getting Tr...

https://isc.sans.edu/podcastdetail.html?id=8078

EternalBlue 5 Years After WannaCry and NotPetya https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/ OpenSSL Patches Two Vulnerabilities https://www.openssl....

https://isc.sans.edu/podcastdetail.html?id=8076

7Zip Mark of the Web For Office Files https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/ SessionManager Backdoor Seen with IIS https://securelist.com/the-sessionmanager-iis-back...

https://isc.sans.edu/podcastdetail.html?id=8074

Case Study: Cobalt Strike Server Lives on After its Domain is Suspended https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/ CVE-2022-...

https://isc.sans.edu/podcastdetail.html?id=8072

Its New Phone Day: Time to Migrate Your MFA https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/ Managing Human Risk Security Awareness Report https://go.sans.org...

https://isc.sans.edu/podcastdetail.html?id=8070

Possible Scans for HiByMusic Devices https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/ OpenSSL Heap Overflow https://guidovranken.com/2022/06/27/notes-on-openssl-rem...

https://isc.sans.edu/podcastdetail.html?id=8068

Encrypted Client Hello: Anybody Using it Yet? https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/ Jenkins Advisory https://www.jenkins.io/security/advisory/2022...

https://isc.sans.edu/podcastdetail.html?id=8066

Python Abusing the Windows GUI https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/ Malicious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/forums/diary/Ma...

https://isc.sans.edu/podcastdetail.html?id=8064

Malicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/ Keeping PowerShell: Se...

https://isc.sans.edu/podcastdetail.html?id=8062

Experimental New Domain / Domain Age API https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.foresc...

https://isc.sans.edu/podcastdetail.html?id=8060

Odd TCP Fast Open Packets https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1001/DFSCoerce https://...

https://isc.sans.edu/podcastdetail.html?id=8058

Critical Vulnerability in Splunk Enterprise Deployment Server Functionality https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/ ...

https://isc.sans.edu/podcastdetail.html?id=8056

Houdini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/ Drifting Cloud: Zero-Day Sophos Firewall E...

https://isc.sans.edu/podcastdetail.html?id=8054

Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/ Zimbra Email - Stealing Cle...

https://isc.sans.edu/podcastdetail.html?id=8052

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html SynLapse Vulnerability...

https://isc.sans.edu/podcastdetail.html?id=8050

Translating Saitama's DNS Tunneling https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/ Travis CI Logs Expose Users to Cyber Attacks https://blog.aquasec.com/tr...

https://isc.sans.edu/podcastdetail.html?id=8048

EPSScall: An Exploit Prediction Scoring System App https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/ PACMan Attack https://pacmanattack.com https://twi...

https://isc.sans.edu/podcastdetail.html?id=8046

TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Camp...

https://isc.sans.edu/podcastdetail.html?id=8044

SANS RSA Panel (sorry, video no longer available) Atlassian Confluence Attacks https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/ Fake C...

https://isc.sans.edu/podcastdetail.html?id=8042

The Trouble With Microsoft's Troubleshooters https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd QBot Uses Follina https://twitter.com/threatinsight/status/15342274...

https://isc.sans.edu/podcastdetail.html?id=8040

MS-MSDT RTF Maldocs Analysis oledump Plugins https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/ Cybercriminals Exploit Reverse Tunnel Services and URL Shortener...

https://isc.sans.edu/podcastdetail.html?id=8038

Sandbox Evasion... With Just a Filename! https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/ Atlassian Exploit Released https://www.rapid7.com/blog/post/2022/06/02/act...

https://isc.sans.edu/podcastdetail.html?id=8036

Quick Answers in Incident Response RECmd.exe https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/ Zero-Day Exploitation of Atlassian Confluence https://www.volex...

https://isc.sans.edu/podcastdetail.html?id=8034

HTML Phishing Attachments - Now With Anti-Analysis Features https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/ Unofficial Patch for CVE-2022-30190...

https://isc.sans.edu/podcastdetail.html?id=8032

Follina Update https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/ https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Sc...

https://isc.sans.edu/podcastdetail.html?id=8030

New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/

https://isc.sans.edu/podcastdetail.html?id=8028

Huge Signed PE Files https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/ VMWare Authentication Bypass PoC https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22...

https://isc.sans.edu/podcastdetail.html?id=8026

Using NMAP to Assess Hosts in Load Balanced Clusters https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/ Attacker Modifying Libraries Claims "Research"...

https://isc.sans.edu/podcastdetail.html?id=8024

ctx Python Library Updated with "Extra" Features https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/ Zoom Updates https://explore.zoom.us/en/trust/security/s...

https://isc.sans.edu/podcastdetail.html?id=8022

Attacker Scanning for jQuery-File-Upload https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/ Oracle Security Alert Advisory - CVE-2022-21500 https://www.oracle.com/s...

https://isc.sans.edu/podcastdetail.html?id=8020

A "Zip Bomb" to Bypass Security Controls & Sandboxes https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/ Cisco IOS XR Software Health Check Open Port Vulne...

https://isc.sans.edu/podcastdetail.html?id=8018

Bumblebee Malware from TransferXL URLs https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/ Microsoft Out-of-Band Update fixes Authentication Issues https://docs.micr...

https://isc.sans.edu/podcastdetail.html?id=8016

VMWare Flaws https://core.vmware.com/vmsa-2022-0014-questions-answers-faq https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/ Tesla BLE Proxi...

https://isc.sans.edu/podcastdetail.html?id=8014

Use Your Browser Internal Password Vault... or Not? https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/ SQL Server Brute Forcing https://twitter.com/MsftSec...

https://isc.sans.edu/podcastdetail.html?id=8012

Apple Patches Everything https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/ Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones https://arxiv.org/pdf/2205...

https://isc.sans.edu/podcastdetail.html?id=8010

From 0-Day to Mirai: 7 days of BIG-IP Exploits https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/ Sonicwall Vulnerabilities Patched https://psirt.global.sonicw...

https://isc.sans.edu/podcastdetail.html?id=8008

When Get-WebRequest Fails You https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/ HP PC BIOS Security Updates https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsb...

https://isc.sans.edu/podcastdetail.html?id=8006

TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/ Goo...

https://isc.sans.edu/podcastdetail.html?id=8004

Microsoft May 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/ Adobe Updates https://helpx.adobe.com/security/security-bulletin.html npm "foreach" ...

https://isc.sans.edu/podcastdetail.html?id=8002

Octopus Backdoor is Back with a New Embedded Obfuscated Bat File https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments CVE-2022-1388...

https://isc.sans.edu/podcastdetail.html?id=8000

F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388) https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/ QNAP QVR Update https://www.qnap.com/...

https://isc.sans.edu/podcastdetail.html?id=7998

Password-protected Excel Spreadsheet Pushes Remcos RAT https://isc.sans.edu/forums/diary/Passwordprotected+Excel+spreadsheet+pushes+Remcos+RAT/28616/ Microsoft, Apple, Google Accelated FIDO Sta...

https://isc.sans.edu/podcastdetail.html?id=7996

Finding the Real "Last Patched" Day (Interim Version) https://isc.sans.edu/forums/diary/Finding+the+Real+Last+Patched+Day+Interim+Version/28610/ Fake Windows Updates Install Ransomware https://...

https://isc.sans.edu/podcastdetail.html?id=7994

Some Honeypot Updates https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/ TLStorm 2 - NanoSSL TLS Library Misuse https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads...

https://isc.sans.edu/podcastdetail.html?id=7992

Detecting VSTO Office Files with ExifTool https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/ The Gmail SMTP Relay Service Exploit https://www.avanan.com/blog/the...

https://isc.sans.edu/podcastdetail.html?id=7990

Using Passive DNS Sources for Reconnaissance and Enumeration https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/ Microsoft Edge Secure Network ...

https://isc.sans.edu/podcastdetail.html?id=7988

A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809 https://isc.sans.edu/forums/diary/A+Day+of+SMB+What+does+our+SMBRPC+Honeypot+see+CVE202226809/28594/ Azure PostgreSQL Privilege ...

https://isc.sans.edu/podcastdetail.html?id=7986

MITRE ATT&CK v11 https://isc.sans.edu/forums/diary/MITRE+ATTCK+v11+a+small+update+that+can+help+not+just+with+detection+engineering/28590/ Microsoft Special Report: Ukraine https://query.prod.c...

https://isc.sans.edu/podcastdetail.html?id=7984

WSO2 Vuln Exploited to Install Crypto Coin Miners https://isc.sans.edu/forums/diary/WSO2+RCE+exploited+in+the+wild/28586/ Core Impact Backdoor Delivered Via VMware Vulnerablity https://blog.mor...

https://isc.sans.edu/podcastdetail.html?id=7982

Simple PDF Linking to Malicious Content https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/ VirusTotal Remote Code Execution https://www.cysrc.com/blog/virus-total-...

https://isc.sans.edu/podcastdetail.html?id=7980

Analyzing Word Phishing Document https://isc.sans.edu/forums/diary/Analyzing+a+Phishing+Word+Document/28562/ Targeting Roku Streaming Devices https://isc.sans.edu/forums/diary/Are+Roku+Streamin...

https://isc.sans.edu/podcastdetail.html?id=7978

Multi Cryptocurrency Clipboard Swapper https://isc.sans.edu/forums/diary/MultiCryptocurrency+Clipboard+Swapper/28574/ Amazong Fixes AWS log4j Fix https://aws.amazon.com/security/security-bullet...

https://isc.sans.edu/podcastdetail.html?id=7976

AA Distribution Quakbot (Qbot) infection siwth DarkVNC https://isc.sans.edu/forums/diary/aa+distribution+Qakbot+Qbot+infection+with+DarkVNC+traffic/28568/ Java Psychic Signatures https://neilma...

https://isc.sans.edu/podcastdetail.html?id=7974

u-boot Password Reset https://isc.sans.edu/forums/diary/Resetting+Linux+Passwords+with+UBoot+Bootloaders/28564/ Oracle CPU https://www.oracle.com/security-alerts/cpuapr2022.html MetaMask iClo...

https://isc.sans.edu/podcastdetail.html?id=7972

Sysmon's ReigstryEvent (Value Set) and Binary Data https://isc.sans.edu/forums/diary/Sysmons+RegistryEvent+Value+Set/28558/ Ukraine CERT Posts: IcedID and Zimbra Flaw https://cert.gov.ua/articl...

https://isc.sans.edu/podcastdetail.html?id=7970

Office Now Protects You From Malicious ISO Files https://isc.sans.edu/forums/diary/Office+Protects+You+From+Malicious+ISO+Files/28554/ Github Stolen OAUTH User Tokens https://github.blog/2022-0...

https://isc.sans.edu/podcastdetail.html?id=7968

An Update on CVE-2022-26809 MSRPC Vulnerability - PATCH NOW https://isc.sans.edu/forums/diary/An+Update+on+CVE202226809+MSRPC+Vulnerabliity+PATCH+NOW/28550/ Webcast: https://www.sans.org/webcas...

https://isc.sans.edu/podcastdetail.html?id=7966

How is Ukrainian Internet Holding Up During Russian Invasion https://isc.sans.edu/forums/diary/How+is+Ukrainian+internet+holding+up+during+the+Russian+invasion/28546/ Update on Windows Patches ...

https://isc.sans.edu/podcastdetail.html?id=7964

Microsoft April 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/ NGINX Statement To LDAP Weakness https://www.nginx.com/blog/addressing-security-we...

https://isc.sans.edu/podcastdetail.html?id=7962

Spring: It isn't just about Spring4Shell. https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/ Microsoft Wi...

https://isc.sans.edu/podcastdetail.html?id=7960

Misc Spring4Shell Items https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-anal...

https://isc.sans.edu/podcastdetail.html?id=7958

What is BIMI https://isc.sans.edu/forums/diary/What+is+BIMI+and+how+is+it+supposed+to+help+with+Phishing/28528/ Watchguard Vulnerability behind Cyclops Blink https://techsearch.watchguard.com/K...

https://isc.sans.edu/podcastdetail.html?id=7956

Windows MetaStealer Malware https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/ US Justice Depatment Takes Down Cyclops Blink Botnet https://www.justice.gov/opa/pr/justice-depa...

https://isc.sans.edu/podcastdetail.html?id=7954

WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/ Cicada: Ch...

https://isc.sans.edu/podcastdetail.html?id=7952

Emptying the Phishtank: Are WordPress Sites the Mosquitoes of the Internet https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/ Mai...

https://isc.sans.edu/podcastdetail.html?id=7950

GitLab Critical Security Release https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ ViaSat KA-SAT Network Cyber Attack https://www.viasat.com/about/n...

https://isc.sans.edu/podcastdetail.html?id=7948

Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/ Apple Patches 0 Day Vu...

https://isc.sans.edu/podcastdetail.html?id=7946

Java Springtime Confusion: What Vulnerabilty are We Talking About https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/ Quickie: Parsing XLS...

https://isc.sans.edu/podcastdetail.html?id=7944

More Fake/Typosquatting Twitter Accounts Asking for Ukraine Cryptocurrency Donations https://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Don...

https://isc.sans.edu/podcastdetail.html?id=7942

BGP Hijacking of Twitter Prefix by RTComm.ru https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/ DDoS Against Sites in Ukraine https://www.bleepingcomputer.com/...

https://isc.sans.edu/podcastdetail.html?id=7940

XLSB Files Because Binary is Stealthier Than XML https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/ Dirty Pipe Container Escape PoC https://www.datadoghq....

https://isc.sans.edu/podcastdetail.html?id=7938

Malware Delivered Through Free Sharing Tool https://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/ Western Digital PR4100 NAS Vulnerabilty https://research.nccgrou...

https://isc.sans.edu/podcastdetail.html?id=7936

Mars Stealer https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/ Okta Update https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/...

https://isc.sans.edu/podcastdetail.html?id=7934

Statement by President Biden: What you need to do (or not do) https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/ ASUS Cyclops Blink Advisory htt...

https://isc.sans.edu/podcastdetail.html?id=7932

Maldoc Cleaned by Anti-Virus https://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/ Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain https://www....

https://isc.sans.edu/podcastdetail.html?id=7930

Scans for Movable Type Vulnerability (CVE-2021-20837) https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454/ SolarWinds Advisory: Unauahtneticated Access in ...

https://isc.sans.edu/podcastdetail.html?id=7928

npm Package Sabotaged for Belarus/Russian Users https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ President Zelensky Deepfakes https://twitter.com/ngleicher/status/...

https://isc.sans.edu/podcastdetail.html?id=7926

Qakbot Infection With Cobalt Strike and VNC Activity https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/ Gh0stCringe RAT Being Distributed to Vulnerabl...

https://isc.sans.edu/podcastdetail.html?id=7924

Clean Binaries with Suspicious Behaviour https://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/ Misconfigured Multi-Factor Authentication Abused https://www.cisa.gov/...

https://isc.sans.edu/podcastdetail.html?id=7922

Apple Updates Everything https://isc.sans.edu/forums/diary/Apple+Updates+Everything+MacOS+123+XCode+133+tvOS+154+watchOS+85+iPadOS+154+and+more/28438/ Look Alike Accounts Used in Ukraine Dontat...

https://isc.sans.edu/podcastdetail.html?id=7920

Malware Using WebSockets For C&C https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/ Racoon Stealer leverages Telegram https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-...

https://isc.sans.edu/podcastdetail.html?id=7918

Credential Leaks on Virustotal https://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/ GPS Issues Around Finish Rusian Border https://www.straitstimes.com/world/europe/finland-...

https://isc.sans.edu/podcastdetail.html?id=7916

Infostealer in a Batch File https://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/ TP240PhoneHome reflection/amplification DDoS Attack Vector https://blog.cloudflare.com/cve-2022-...

https://isc.sans.edu/podcastdetail.html?id=7914

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/ Critical APC UPS Vulnerability https://www.armis.com/research/tlstorm/ Vulnerabilities in F...

https://isc.sans.edu/podcastdetail.html?id=7912

Ukraine Scam Followup https://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/ Dirty Pipe Linux Vulnerability https://dirtypipe.cm4all.com Mozilla ...

https://isc.sans.edu/podcastdetail.html?id=7910

Ukraine Dontation Scam https://isc.sans.edu/forums/diary/Scam+EMail+Impersonating+Red+Cross/28404/ Cogent Disconnects Russia https://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-...

https://isc.sans.edu/podcastdetail.html?id=7908

Attackers Search For Exosed "LuCI" Folders https://isc.sans.edu/diary/28400 Alexa Versus Alexa https://arxiv.org/abs/2202.08619 Bypassing Google Cloud Armor https://kloudle.com/blog/piercing-...

https://isc.sans.edu/podcastdetail.html?id=7906

The More Often Something is Repeated, the More True it Becomes https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/ F...

https://isc.sans.edu/podcastdetail.html?id=7904

Geoblocking when you can't Geoblock https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/ IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine https://www.w...

https://isc.sans.edu/podcastdetail.html?id=7902

PHP Patches Code Injection Flaw https://nvd.nist.gov/vuln/detail/CVE-2021-21708 https://bugs.php.net/bug.php?id=81708 Mozilla VPN Local Privilege Escalation https://www.mozilla.org/en-US/secur...

https://isc.sans.edu/podcastdetail.html?id=7900

Ukraine Update https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/ https://ddosecrets.com/wiki/Tetraedr https://twitter.com/YourAnon...

https://isc.sans.edu/podcastdetail.html?id=7898

Ukraine Update: Webcast https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/ Other Ukraine Related Stories https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+...

https://isc.sans.edu/podcastdetail.html?id=7896

New Sandworm Malware Cyclops Blink Replaces VPNFilter https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter Wiper Malware Seen Deployed Against...

https://isc.sans.edu/podcastdetail.html?id=7894

A Good Old Equation Editor Vulnerablity Deliverying Malware https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/ Horde Webmail 5.2.22 - Account Takeover via Email ...

https://isc.sans.edu/podcastdetail.html?id=7892

Sending an Email to an IPv4 Address https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/ SMS Phone-Verified Account Services https://www.trendmicro.com/en_us/research/22...

https://isc.sans.edu/podcastdetail.html?id=7890

Remcos RAT Delivered Through Doube Compressed Archive https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/ Cassandra User-Defined Functions Remote Cod...

https://isc.sans.edu/podcastdetail.html?id=7888

Hackers Attach Malicious .exe Files to Teams Conversations https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations Thunderbird Patches https://www.mozilla.org/en-...

https://isc.sans.edu/podcastdetail.html?id=7886

Astaroth (Guildma) Infection https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/ Atlassian Jira Updates https://jira.atlassian.com/browse/CONFSERVER-66550 VMWare Updates https...

https://isc.sans.edu/podcastdetail.html?id=7884

Who Are Those Bots? https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/ SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming https://news.sophos.com/en-us/2022/02/15/vuln...

https://isc.sans.edu/podcastdetail.html?id=7882

Reminder: Decoding TLS Client Hello to Non TLS Servers https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/ Magento 2 Critical Vulnerability https://s...

https://isc.sans.edu/podcastdetail.html?id=7880

CinaRAT Delivered Through HTML ID Attributes https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/ Windows Defender ASR Blocks LSASS Credential Stealing https://...

https://isc.sans.edu/podcastdetail.html?id=7878

iOS/iPadOS/macOS/Safari 0-Day Vulnerability in WebKit https://support.apple.com/en-us/HT213091 Zyxel Network Storage Devics Hunted By Mirai Variant https://isc.sans.edu/forums/diary/Zyxel+Netwo...

https://isc.sans.edu/podcastdetail.html?id=7876

Example of Cobalt Strike form Emotet Infection https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/ Adobe Patches https://helpx.adobe.com/security/security-bu...

https://isc.sans.edu/podcastdetail.html?id=7874

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2022+Patch+Tuesday/28316/ Google Cloud Virtual Machine Threat Detection https://cloud.google.com/security-command-ce...

https://isc.sans.edu/podcastdetail.html?id=7872

web3 phishing via self-customizign landing pages https://isc.sans.edu/forums/diary/web3+phishing+via+selfcustomizing+landing+pages/28312/ MSFT Blocking Office VBA Malcros https://www.theverge.c...

https://isc.sans.edu/podcastdetail.html?id=7870

Intuit warns of new phishing scams https://security.intuit.com/security-notices IRS working with ID.me https://www.irs.gov/newsroom/new-identity-verification-process-to-access-certain-irs-onlin...

https://isc.sans.edu/podcastdetail.html?id=7868

Attack Surface Detection https://isc.sans.edu/forums/diary/Keeping+Track+of+Your+Attack+Surface+for+Cheap/28304/ MFA News https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my https:...

https://isc.sans.edu/podcastdetail.html?id=7866

Finding elFinder: Who is looking for your files? https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/ IBM Spectrum Protect Plus Container Backup Vulnerabiliti...

https://isc.sans.edu/podcastdetail.html?id=7864

Windows Privilege Escalation Exploit CVE-2022-21882 https://github.com/KaLendsi/CVE-2022-21882 Fingerprinting Devices Via GPU https://arxiv.org/pdf/2201.09956.pdf SolarMarker Campaign used no...

https://isc.sans.edu/podcastdetail.html?id=7862

Be Careful with RPMSG Files https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/ QNAP Auto Update Clarification https://www.qnap.com/en/security-news/2022/descriptions-and-expla...

https://isc.sans.edu/podcastdetail.html?id=7860

Malicious ISO Embedded in an HTML Page https://isc.sans.edu/forums/diary/Malicious+ISO+Embedded+in+an+HTML+Page/28282/ YARA Console Module https://isc.sans.edu/forums/diary/YARAs+Console+Module...

https://isc.sans.edu/podcastdetail.html?id=7858

Technical Analysis of CVE-2022-22583 https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/ https://isc.sans.edu/forums/diary/Apple+Patches...

https://isc.sans.edu/podcastdetail.html?id=7856

Over 20 Thousand Servers Have Their iLO Interfaces exposed to the Internet https://isc.sans.edu/forums/diary/Over+20+thousand+servers+have+their+iLO+interfaces+exposed+to+the+internet+many+with+o...

https://isc.sans.edu/podcastdetail.html?id=7854

Local Privilege Escalation Vulnerablity in Polkit's pkexec (CVE-2021-4034) https://isc.sans.edu/forums/diary/Local+privilege+escalation+vulnerability+in+polkits+pkexec+CVE20214034/28272/ Emotet...

https://isc.sans.edu/podcastdetail.html?id=7852

Moonbound UEFI Malware https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/ Exploit of Sonicwall CVE-2021-20038 https://twitter.com/buffaloverflow/status/1485671824725786633...

https://isc.sans.edu/podcastdetail.html?id=7850

Obscure Wininet.dll Feature https://isc.sans.edu/forums/diary/Obscure+Wininetdll+Feature/28262/ Mixed VBA and Excel 4 Macro in Targeted Excel Sheet https://isc.sans.edu/forums/diary/Mixed+VBA+E...

https://isc.sans.edu/podcastdetail.html?id=7848

RedLine Stealer Delivered Through FTP https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/ Google Camera Alters QR Codes https://www.heise.de/hintergrund/Googles-Kamer...

https://isc.sans.edu/podcastdetail.html?id=7846

0.0.0.0 in Emotet Spambot Traffic https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/ Linux Patch to Make 0.0.0.0/8 Routable https://git.kernel.org/pub/scm/linux/kernel/git/...

https://isc.sans.edu/podcastdetail.html?id=7844

Phishing E-Mail With an Advertisement https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/ Virustotal Credential https://www.safebreach.com/blog/2022/the-perfect-cyber-c...

https://isc.sans.edu/podcastdetail.html?id=7842

Log4Shell Attacks Getting Smarter https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/ Microsoft Releases Special Update to Deal with January Update Fail https://www.bleep...

https://isc.sans.edu/podcastdetail.html?id=7840

Use of Alternate Data Streams in Research Scans https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/ Microsoft Resumes Windows Server 2019 Cumul...

https://isc.sans.edu/podcastdetail.html?id=7838

MSFT Patch Issues https://borncity.com/win/2022/01/12/patchday-windows-8-1-server-2012-r2-updates-11-januar-2022-mgliche-boot-probleme/ https://support.microsoft.com/en-us/topic/january-11-2022-...

https://isc.sans.edu/podcastdetail.html?id=7836

A Quick CVE-2022-21907 FAQ https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234/ Details Released Regarding Patched Sonicwall Vulnerabilities https://www.rapid7.com...

https://isc.sans.edu/podcastdetail.html?id=7834

Microsoft Patch Tuesday - January 2022 https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/ Adobe Updates https://helpx.adobe.com/security.html

https://isc.sans.edu/podcastdetail.html?id=7832

New MacOS Vulnerability Could Lead to Unauthorized User Data Access https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access...

https://isc.sans.edu/podcastdetail.html?id=7830

Extracting Cobalt Strike Beacons from MSBuild Scripts https://isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/ The JNDI Strikes Back: Unauthenticated RCE i...

https://isc.sans.edu/podcastdetail.html?id=7828

Malicious Python Script Targeting Chinese People https://isc.sans.edu/forums/diary/Malicious+Python+Script+Targeting+Chinese+People/28220/ Google Docs Comment Exploit Allows for Distribution of...

https://isc.sans.edu/podcastdetail.html?id=7826

Code Reuse in the Malware Landscape https://isc.sans.edu/forums/diary/Code+Reuse+In+the+Malware+Landscape/28216/ ZLoader Campaign Exploiting Signature Verification Bug https://research.checkpoi...

https://isc.sans.edu/podcastdetail.html?id=7824

A Simple Batch File That Blocks People https://isc.sans.edu/forums/diary/A+Simple+Batch+File+That+Blocks+People/28212/ Windows Server Remote Desktop Emergency Update https://docs.microsoft.com/...

https://isc.sans.edu/podcastdetail.html?id=7822

McAfee Phishing Campaign with a Nice Fake Scan https://isc.sans.edu/forums/diary/McAfee+Phishing+Campaign+with+a+Nice+Fake+Scan/28208/ Trend Micro Apex One Patch https://success.trendmicro.com/...

https://isc.sans.edu/podcastdetail.html?id=7820

Exchange Server Year 2022 Bug https://isc.sans.edu/forums/diary/Exchange+Server+Email+Trapped+in+Transport+Queues/28204/ https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-...

https://isc.sans.edu/podcastdetail.html?id=7818

Log4j 2 Security Vulnerabilities Update Guide https://isc.sans.edu/forums/diary/Log4j+2+Security+Vulnerabilities+Update+Guide/28188/ Microsoft Defender Log4j False Positives https://www.bleepin...

https://isc.sans.edu/podcastdetail.html?id=7816

Log4j Vulnerablity CVE-2021-44832 https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 LotL Classifiers https://isc.sans.edu/forums/diary/LotL+Classifier+tests+for+shells+exfil+and...

https://isc.sans.edu/podcastdetail.html?id=7814

Attackers are Abusing MSBuild to Evade Defenses and Implant Cobalt Strike Beacons https://isc.sans.edu/forums/diary/Attackers+are+abusing+MSBuild+to+evade+defenses+and+implant+Cobalt+Strike+beaco...

https://isc.sans.edu/podcastdetail.html?id=7812

Log4j/Log4Shell and Cloud Internal Meta Data Services https://isc.sans.edu/forums/diary/log4shell+and+cloud+provider+internal+meta+data+services+IMDS/28168/ https://isc.sans.edu/forums/diary/Def...

https://isc.sans.edu/podcastdetail.html?id=7810

Forensics Challenge Solution https://isc.sans.edu/forums/diary/December+2021+Forensic+Contest+Answers+and+Analysis/28160/ CAB-less 40444 https://news.sophos.com/en-us/2021/12/21/attackers-test-...

https://isc.sans.edu/podcastdetail.html?id=7808

More Undetected PowerShell Droppers https://isc.sans.edu/forums/diary/More+Undetected+PowerShell+Dropper/28158/ Apache Patches https://httpd.apache.org/security/vulnerabilities_24.html Auersw...

https://isc.sans.edu/podcastdetail.html?id=7806

PowerPoint Atachments: Agent Tesla and Code Reuse in Malware https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/ VMWare Workspace ONE Patch / l...

https://isc.sans.edu/podcastdetail.html?id=7804

Disaster Recovery Automation Using Public DNS APIs https://isc.sans.edu/forums/diary/DR+Automation+Using+Public+DNS+APIs/28146/ Office 2021: VBA Project Version https://isc.sans.edu/forums/diar...

https://isc.sans.edu/podcastdetail.html?id=7802

How the "Contact Forms" Campaign Tricks People https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/ Bluetooth Used to Extract WiFi Secrets https://arxiv.org/pdf...

https://isc.sans.edu/podcastdetail.html?id=7800

Undetected Powershell Backdoor https://isc.sans.edu/forums/diary/Simple+but+Undetected+PowerShell+Backdoor/28138/ Adobe Security Updates https://helpx.adobe.com/security.html Remote Deseriali...

https://isc.sans.edu/podcastdetail.html?id=7798

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/ Log4j Updates https://isc.sans.edu/forums/diary/Log4j+2150+and+previously+suggested+mitigations+...

https://isc.sans.edu/podcastdetail.html?id=7796

Log4Shell Becoming Part of the Day to Day Grind https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/ https://www.youtube.com/watch?v=oC2PZB5D3Ys Google Chrome Up...

https://isc.sans.edu/podcastdetail.html?id=7794

Remote Code Execution in log4j2 https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/ Log4j Zero Day https://www.lunasec.io/docs/blog/log4j-zero-day/...

https://isc.sans.edu/podcastdetail.html?id=7792

Phishing Direct Messages via Discord https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/ Vulnerable Microtik Routers https://eclypsium.com/2021/12/09/when-honey-bees-b...

https://isc.sans.edu/podcastdetail.html?id=7790

December 2021 Forensic Challenge https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/ Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks ...

https://isc.sans.edu/podcastdetail.html?id=7788

Webshells, Webshells everywhere! https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/ AWS Outage https://status.aws.amazon.com Misconfigured Kafdrop Puts Companies' Apache ...

https://isc.sans.edu/podcastdetail.html?id=7786

The Importance of Out of Band Networks https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/ Kaseya Unitrends Backup Appliance Updates https://helpdesk.kaseya.com/hc/en-...

https://isc.sans.edu/podcastdetail.html?id=7784

The UPX Packer will never die https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/ Survey of Airgap Attacks https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-...

https://isc.sans.edu/podcastdetail.html?id=7782

TA551 (Shathak) Pushes IcedID (Bokbot) https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/ pip-audit scanning Python packages for known vulnerabilities https://pypi.org/...

https://isc.sans.edu/podcastdetail.html?id=7780

Info-Stealer Using webhook.site to Exfiltrate Data https://isc.sans.edu/forums/diary/InfoStealer+Using+webhooksite+to+Exfiltrate+Data/28088/ Mozilla NSS Library Vulnerability https://bugs.chrom...

https://isc.sans.edu/podcastdetail.html?id=7778

Hunting for PHPUnit Installed via Composer https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/ Microsoft Defender Scares Admins with Emotet False Positivies http...

https://isc.sans.edu/podcastdetail.html?id=7776

Wireshark 3.6.0 Released https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/ Google Cloud Security Report https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021....

https://isc.sans.edu/podcastdetail.html?id=7774

Phishing Pages Hiding Itself Using Dynamically Adjusted IP Based Allow List https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/ Tr...

https://isc.sans.edu/podcastdetail.html?id=7772

YARA Rule for OOXML Maldocs: Less False Positives https://isc.sans.edu/forums/diary/YARA+Rule+for+OOXML+Maldocs+Less+False+Positives/28066/ Zero-Day Windows Installer Exploit https://www.bleepi...

https://isc.sans.edu/podcastdetail.html?id=7770

Simple YARA Rules for Office Maldocs https://isc.sans.edu/forums/diary/Simple+YARA+Rules+for+Office+Maldocs/28062/ Retailers Urged to Patch Magento https://www.theregister.com/2021/11/22/ncsc_m...

https://isc.sans.edu/podcastdetail.html?id=7768

Hikvision Security Cameras Potentially Exposed to Remote Code Execution https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/ Detectin...

https://isc.sans.edu/podcastdetail.html?id=7766

JavaScript Downloader Delivers Agent Tesla Trojan https://isc.sans.edu/forums/diary/JavaScript+Downloader+Delivers+Agent+Tesla+Trojan/28050/ Exposed Firefox cookies.sqlite Databases https://www...

https://isc.sans.edu/podcastdetail.html?id=7764

DDS Protocol Implementation Vulnerabilities https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02 Siemens TCP/IP Flaws https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucl...

https://isc.sans.edu/podcastdetail.html?id=7762

Emotet Returns https://isc.sans.edu/forums/diary/Emotet+Returns/28044/ GitHub Improves npm Security https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/ Intel CPU Debu...

https://isc.sans.edu/podcastdetail.html?id=7760

Microsoft Emergency Update fixes AD Authentication Problems https://support.microsoft.com/en-us/topic/november-14-2021-kb5008601-os-build-14393-4771-out-of-band-c8cd33ce-3d40-4853-bee4-a7cc943582...

https://isc.sans.edu/podcastdetail.html?id=7758

Not So Fake FBI E-Mails https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails https://isc.sans.edu/forums/diary/External+Email+System+FBI+Compromised+S...

https://isc.sans.edu/podcastdetail.html?id=7756

In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder https://www.sans.org/press/announcements/alan-paller-cyber-security-industry-titan-and-sans-institute-founder-pa...

https://isc.sans.edu/podcastdetail.html?id=7754

Shadow IT Makes People More Vulnerable to Phishing https://isc.sans.edu/forums/diary/Shadow+IT+Makes+People+More+Vulnerable+to+Phishing/28022/ PaloAlto Networks GlobalProtect VPN CVE-2021-3064 ...

https://isc.sans.edu/podcastdetail.html?id=7752

Microsoft November 2021 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+November+2021+Patch+Tuesday/28018/ Adobe Patches https://helpx.adobe.com/security.html BusyBox Vulnerabilitie...

https://isc.sans.edu/podcastdetail.html?id=7750

(Ab)Using Security Tools & Controls for the Bad https://isc.sans.edu/forums/diary/AbUsing+Security+Tools+Controls+for+the+Bad/28014/ Targeted Attack Campaign Against ManageEngine ADSelfService ...

https://isc.sans.edu/podcastdetail.html?id=7748

Decyprting Cobalt Strike Traffic With Keys Extracted From Process Memory https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/ XMount...

https://isc.sans.edu/podcastdetail.html?id=7746

October 2021 Forensic Contest Answers and Analysis https://isc.sans.edu/forums/diary/October+2021+Forensic+Contest+Answers+and+Analysis/27998/ CVE-2021-43267: Remote Linux Kernel Heap Overflow ...

https://isc.sans.edu/podcastdetail.html?id=7744

Gitlab CVE-2021-22205 Exploited (and often not patched) https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/ New Proxy ...

https://isc.sans.edu/podcastdetail.html?id=7742

Revisiting BrakTooth: Two Months Later https://isc.sans.edu/forums/diary/Revisiting+BrakTooth+Two+Months+Later/27992/ Escalating XSS to Sainthood with Nagios https://blog.grimm-co.com/2021/11/e...

https://isc.sans.edu/podcastdetail.html?id=7740

Trojan Source: Invisible Vulnerabilities https://www.trojansource.codes/trojan-source.pdf Detecting HTTP Header Smuggling Vulnerabilities https://www.darkreading.com/application-security/free-t...

https://isc.sans.edu/podcastdetail.html?id=7738

Remote Desktop Protocol RDP Discovery https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/ Sysmon Update https://isc.sans.edu/forums/diary/Sysinternals+Autoruns+and+Sy...

https://isc.sans.edu/podcastdetail.html?id=7736

Critical Hikvision Patch https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notifi...

https://isc.sans.edu/podcastdetail.html?id=7734

Outlook Web Access Phishing https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974/ Apple Security Updates Details Available https://support.apple...

https://isc.sans.edu/podcastdetail.html?id=7732

Apple Updates Everything (but no details yet) https://support.apple.com/en-sa/HT201222 Craigslist E-Mail Hijack https://www.inky.com/blog/urgency-mail-relay-serve-phishers-well-on-craigslist ...

https://isc.sans.edu/podcastdetail.html?id=7730

Decrypting Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/ Critical Discourse Vulnerability https://us-cert.cisa.gov/nc...

https://isc.sans.edu/podcastdetail.html?id=7728

Malware Quiz https://isc.sans.edu/forums/diary/October+2021+Contest+Forensic+Challenge/27960/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypt...

https://isc.sans.edu/podcastdetail.html?id=7726

Stolen Images Evidence Campaign Pushes Sliver Based Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/ FiveSys Rootkit Signed By Microso...

https://isc.sans.edu/podcastdetail.html?id=7724

Thanks to Covid 19: New Types of Documents are Lost in the Wild https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/ Google Chrome 95 Released ...

https://isc.sans.edu/podcastdetail.html?id=7722

Can You Make the Great Chinese Firewall Work For You https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/ Fake Government Assistance Websites https://ww...

https://isc.sans.edu/podcastdetail.html?id=7720

Malcious PowerShell Script Using Client Certificate Authentication https://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/ PowerShell Updates https...

https://isc.sans.edu/podcastdetail.html?id=7718

Active Scanning for Apache Vulnerabilities CVE-2021-41773 and 42013 https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/ Warranty Repairs and Non Remov...

https://isc.sans.edu/podcastdetail.html?id=7716

Port Forwarding with Windows for the Win https://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/ Please Fix Your E-Mail Brute Forcing Tool https://isc.sans.edu/forums/d...

https://isc.sans.edu/podcastdetail.html?id=7714

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html PyPi Remove mitmpro...

https://isc.sans.edu/podcastdetail.html?id=7712

Non HTTP Requests Hitting Web Server https://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/ Apple Updates iOS/iPadOS to 15.0.2 https://s...

https://isc.sans.edu/podcastdetail.html?id=7710

Scanning for Previous Oracle WebLogic Vulnerabilities https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/ Sorting Things Out - Sorting Data by IP Addr...

https://isc.sans.edu/podcastdetail.html?id=7708

Who is Hunting For Your IPTV Set-Top Box? https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/ Another Update For Apache https://httpd.apache.org Font on Lake Root...

https://isc.sans.edu/podcastdetail.html?id=7706

Apache 2.4.49 Directory Traversal Vulnerability https://isc.sans.edu/forums/diary/Apache+2449+Directory+Traversal+Vulnerability+CVE202141773/27908/ Python Ransomware Targeting ESXi Server https...

https://isc.sans.edu/podcastdetail.html?id=7704

Looking Glass Sites https://isc.sans.edu/forums/diary/Looking+Glasses+Debugging+Network+Connectivity+Issues/27904/ Facebook Postmortem https://engineering.fb.com/2021/10/05/networking-traffic/o...

https://isc.sans.edu/podcastdetail.html?id=7702

Facebook Outage https://isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/ Boutique "Dark" Botnet Hunting for Crumbs https://isc.san...

https://isc.sans.edu/podcastdetail.html?id=7700

A New Tool To Add to Your LOLBAS List: cvtres.exe https://isc.sans.edu/forums/diary/New+Tool+to+Add+to+Your+LOLBAS+List+cvtresexe/27892/ Google Chrome Continuing Updates https://support.google....

https://isc.sans.edu/podcastdetail.html?id=7698

Visa/Apple Express Transit Relay Attack https://www.bbc.com/news/technology-58719891 FluBot Offering Fake FlutBot Protection https://twitter.com/CERTNZ/status/1443701853665980440 Undetected A...

https://isc.sans.edu/podcastdetail.html?id=7696

Keeping Track of Time: Network Time Protocol and GPSD Bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/ Apple Airtags Stored XSS https://me...

https://isc.sans.edu/podcastdetail.html?id=7694

TLS 1.3 and SSL: The Current State of Affairs https://isc.sans.edu/forums/diary/TLS+13+and+SSL+the+current+state+of+affairs/27882/ EFF Discontinues HTTPS Everywhere Plugin https://www.eff.org/d...

https://isc.sans.edu/podcastdetail.html?id=7692

Trend Micro ServerProtect Authentication Bypass Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-21-1115/ Let's Encrypt Root CA Expiration https://community.letsencrypt.org/t/prod...

https://isc.sans.edu/podcastdetail.html?id=7690

Mobile Device Inventory via Active Sync https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+Users+Mobile+Devices+Simple+Inventory/27868/ Autodiscover Attacks https://autodiscover-vulnerable-t...

https://isc.sans.edu/podcastdetail.html?id=7688

Excel Recipe: Some VBA Code with a Touch of Excel4 Macro https://isc.sans.edu/forums/diary/Excel+Recipe+Some+VBA+Code+with+a+Touch+of+Excel4+Macro/27864/ Windows Platform Binary Table Weakness ...

https://isc.sans.edu/podcastdetail.html?id=7686

An XML-Obfustcated Office Document (CVE-2021-40444) https://isc.sans.edu/forums/diary/An+XMLObfuscated+Office+Document+CVE202140444/27860/ Exchange Autodiscovering Leaks Credentials https://www...

https://isc.sans.edu/podcastdetail.html?id=7684

A First Look at Apple's iOS 15 "Private Relay" feature https://isc.sans.edu/forums/diary/A+First+Look+at+Apples+iOS+15+Private+Relay+feature/27858/ macOS Finder Security Feature Bypass Leads to...

https://isc.sans.edu/podcastdetail.html?id=7682

OMIGOD Exploits Captured in the Wild. https://isc.sans.edu/forums/diary/OMIGOD+Exploits+Captured+in+the+Wild+Researchers+responsible+for+half+of+scans+for+related+ports/27852/ Apple iOS/iPadOS/...

https://isc.sans.edu/podcastdetail.html?id=7680

Malicious Calendar Subscriptions Are Back https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/ Simple Analysis of a CVE-2021-40444 (MSHTML) Document https://isc.sa...

https://isc.sans.edu/podcastdetail.html?id=7678

Phishing 101: why depend on one suspicious message subject when you can use many https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/...

https://isc.sans.edu/podcastdetail.html?id=7676

Hancitor Campaign Abusing Microsoft's OneDrive https://isc.sans.edu/forums/diary/Hancitor+campaign+abusing+Microsofts+OneDrive/27838/ "Secret"Agent Exposes Azure Customers To Unauthorized Code ...

https://isc.sans.edu/podcastdetail.html?id=7674

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html

https://isc.sans.edu/podcastdetail.html?id=7672

Apple Updates Everything https://support.apple.com/en-us/HT201222 Citizenlab Discloses NSO Exploit Details https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captur...

https://isc.sans.edu/podcastdetail.html?id=7670

Shipping Microsoft DNS Logs to Elasticsearch https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/ Exploit Generator for CVE-2021-40444 https://github.com/locked...

https://isc.sans.edu/podcastdetail.html?id=7668

ISC/DShield API Updates https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/ Update on Windows MSHTML Vulnerability https://www.bleepingcomputer.com/news/microsoft/windows-mshtm...

https://isc.sans.edu/podcastdetail.html?id=7666

Protonmail Correction https://protonmail.com/blog/climate-activist-arrest/ https://protonmail.com/privacy-policy "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware https:/...

https://isc.sans.edu/podcastdetail.html?id=7664

Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 ProntonMail/VPN Releasing User's IP Address https://prot...

https://isc.sans.edu/podcastdetail.html?id=7662

Confluence Update https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html https://www.jenkins.io/blog/2021/09/04/wiki-attacked/ ProxyShell Update https://n...

https://isc.sans.edu/podcastdetail.html?id=7660

Attackers Will Always Abuse Major Events in our Lifes https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/ Active Exploitation of Confluence Server CVE...

https://isc.sans.edu/podcastdetail.html?id=7658

STRRAT: A Java Based RAT That Doesn't Care if You Have Java https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/ IPC360 Baby Monitor Vulnerability h...

https://isc.sans.edu/podcastdetail.html?id=7656

BrakTooth: Impacts, Implications and Next Steps https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/ Fortress Home Security System Weakness https://threatpost....

https://isc.sans.edu/podcastdetail.html?id=7654

Cryptocurrency Clipboard Swapper Delivered With Love https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/ ProxyToken Vulnerability in Exchange https://w...

https://isc.sans.edu/podcastdetail.html?id=7652

ChaosDB: Azure Cosmos Database Vulnerability https://chaosdb.wiz.io Phishing via Open Redirects https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses...

https://isc.sans.edu/podcastdetail.html?id=7650

Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x GETH DoS Vulnerability https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8 Confluence Security Advisory ...

https://isc.sans.edu/podcastdetail.html?id=7648

There May Be Many More SPF Records Than We Might Expect https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/ OpenSSL Update https://www.openssl.org/n...

https://isc.sans.edu/podcastdetail.html?id=7646

Attackers Hunting for Twilio Credentials https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/ Modified WhatsApp Spreading Malware https://securelist.com/triada-troj...

https://isc.sans.edu/podcastdetail.html?id=7644

Out of Band Phishing Using SMS Messages to Evade Network Detection https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/ Elevate Priviledge...

https://isc.sans.edu/podcastdetail.html?id=7642

Waiting for the C2 to Show Up https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/ DOCX with Embdedded EXE https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/ Se...

https://isc.sans.edu/podcastdetail.html?id=7640

When Lightning Strikes: What works and doesn't work https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/ Cisco Small Business Router Vulnerabilities https:...

https://isc.sans.edu/podcastdetail.html?id=7638

5 Things to Consider Before Moving Back to the Office https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/ Adobe Patches https://helpx.adobe.com/securi...

https://isc.sans.edu/podcastdetail.html?id=7636

Laravel Exploit Attempts Tageting Vulnerability in "Ignition" https://isc.sans.edu/forums/diary/Laravel+v842+exploit+attempts+for+CVE20213129+debug+mode+Remote+code+execution/27758/ ThroughTek ...

https://isc.sans.edu/podcastdetail.html?id=7634

Triage of Malware Bazaar's Daily Malware Batches https://isc.sans.edu/forums/diary/Extra+Tip+For+Triage+Of+MALWARE+Bazaars+Daily+Malware+Batches/27754/ Realtek SDK Vulnerability https://www.iot...

https://isc.sans.edu/podcastdetail.html?id=7632

Exchange E-Discovery Scans https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/ Danabot Distributed Through Malspam https://isc.sans.edu/forums/diary/Example+of+D...

https://isc.sans.edu/podcastdetail.html?id=7630

Print Nightmare Continues: CVE-2021-36958 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958 Print Nightmare Abused by Ransomware Gangs https://www.crowdstrike.com/blog/magnib...

https://isc.sans.edu/podcastdetail.html?id=7628

TA551 Shathak Continues Pushing BazarLoader Leading to Cobalt Strike https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/ New Ad...

https://isc.sans.edu/podcastdetail.html?id=7626

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/ Adobe Patches https://helpx.adobe.com/security.html cPanel/WHM Vulnerabilities https://www.fortb...

https://isc.sans.edu/podcastdetail.html?id=7624

Microsoft Exchange ProxyShell https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/ Synology Warns of Brute Force Attacks https://www.syn...

https://isc.sans.edu/podcastdetail.html?id=7622

Malicious Microsoft Word Remains A Key Infection Vector https://isc.sans.edu/forums/diary/Malicious+Microsoft+Word+Remains+A+Key+Infection+Vector/27716/ Malware Bazaar Daily Download https://is...

https://isc.sans.edu/podcastdetail.html?id=7620

Cisco Patches Unauthencticated RCE in RV340/345 devices https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy Telegram Flawed Self Destruct...

https://isc.sans.edu/podcastdetail.html?id=7618

Pivoting and Hunting for Shenanigans from a Reported Phishing Domain https://isc.sans.edu/forums/diary/Pivoting+and+Hunting+for+Shenanigans+from+a+Reported+Phishing+Domain/27710/ NichStack TCP/...

https://isc.sans.edu/podcastdetail.html?id=7616

2FA Issues https://isc.sans.edu/forums/diary/Three+Problems+with+Two+Factor+Authentication/27704/ Crazy Smishing https://isc.sans.edu/forums/diary/Is+this+the+Weirdest+Phishing+SMishing+Attempt...

https://isc.sans.edu/podcastdetail.html?id=7614

Unsolicited DNS Queries https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/ Changing BAT Files on the Fly https://isc.sans.edu/forums/diary/Changing+BAT+Files+On+The+Fly/27700/ E...

https://isc.sans.edu/podcastdetail.html?id=7612

Infected With a .reg File https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/ Excessive Exchange Permissions (Patched) https://bugs.chromium.org/p/project-zero/issues/detail?id=21...

https://isc.sans.edu/podcastdetail.html?id=7610

Malicious Content Delivered Trhough archive.org https://isc.sans.edu/forums/diary/Malicious+Content+Delivered+Through+archiveorg/27688/ A Large-Scale Security-Oriented Static Analysis of Python...

https://isc.sans.edu/podcastdetail.html?id=7608

A Sextortion E-Mail From ... IT Support?! https://isc.sans.edu/forums/diary/A+sextortion+email+fromIT+support/27682/ AV-Test Compares Android Anti-Virus Software https://www.av-test.org/en/news...

https://isc.sans.edu/podcastdetail.html?id=7606

Details about CVE-2021-30807. (Patch released Monday for MacOS/iOS) https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/ Zimbra 8.8.15 XSS and SSRF Vulnerability https://blog.sonarsource.com...

https://isc.sans.edu/podcastdetail.html?id=7604

Recovering Malspam Password https://isc.sans.edu/forums/diary/Failed+Malspam+Recovering+The+Password/27674/ Apple Patches 0-Day https://support.apple.com/en-us/HT201222 Attackers Adopt Exotic...

https://isc.sans.edu/podcastdetail.html?id=7602

PetitPotam ADCS Domain Admin Vulnerability https://isc.sans.edu/forums/diary/Active+Directory+Certificate+Services+ADCS+PKI+domain+admin+vulnerability/27668/ XCSSET Mac Malware Target Google Ch...

https://isc.sans.edu/podcastdetail.html?id=7600

Akamai Outage https://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/ "Summer of SAM" Continues https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+...

https://isc.sans.edu/podcastdetail.html?id=7598

Microsoft Published Summer of SAM Guidance https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Apple Patches Everything https://support.apple.com...

https://isc.sans.edu/podcastdetail.html?id=7596

Windows Registry Hives Permission Problem https://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/ HP Printer Drivers Allows Privilege Escalation https...

https://isc.sans.edu/podcastdetail.html?id=7594

New Windows Print Spooler Vulnerability - CVE-2021-34481 https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/ iOS/WatchOS/tvOS/Safari Updates https://su...

https://isc.sans.edu/podcastdetail.html?id=7592

Multiple BaseXX Obfuscations https://isc.sans.edu/forums/diary/Multiple+BaseXX+Obfuscations/27640/ Juniper Patches: Radius Vulnerability https://kb.juniper.net/InfoCenter/index?page=content&id=...

https://isc.sans.edu/podcastdetail.html?id=7590

USPS Phishing Kit Reporting Data Back Via Telegram https://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/ Sonicwall Warns of Ransomware https://www.sonicwall.com/...

https://isc.sans.edu/podcastdetail.html?id=7588

One way to fail at malspam - give reipients the wrong password https://isc.sans.edu/forums/diary/One+way+to+fail+at+malspam+give+recipients+the+wrong+password+for+an+encrypted+attachment/27634/ ...

https://isc.sans.edu/podcastdetail.html?id=7586

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+July+2021+Patch+Tuesday/27628/ Adobe Patch Tuesday https://helpx.adobe.com/security/products/acrobat/apsb21-51.html ForgeRo...

https://isc.sans.edu/podcastdetail.html?id=7584

Kaseya Releases Patch and Hardening Guide https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417 Solarwinds Advisory CVE-2021-35211 https://www.solarwinds.com/trust-center/security-advisor...

https://isc.sans.edu/podcastdetail.html?id=7582

Scanning for Microsoft Secure Socket Tunneling Protocol https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Secure+Socket+Tunneling+Protocol/27622/ Hancitor tries XLL as Initial Malware Fi...

https://isc.sans.edu/podcastdetail.html?id=7580

Using Sudo With Python For More Security Controls https://isc.sans.edu/forums/diary/Using+Sudo+with+Python+For+More+Security+Controls/27614/ Fake Kaseya Updates Include CobaltStrike Payload htt...

https://isc.sans.edu/podcastdetail.html?id=7578

Microsoft Releases Patches for CVE-2021-34527 UPDATED https://isc.sans.edu/forums/diary/Microsoft+Releases+Patches+for+CVE202134527/27610/ GitLab Update https://www.ehackingnews.com/2021/07/git...

https://isc.sans.edu/podcastdetail.html?id=7576

Microsoft Releases Printnightmare Patch https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 Kaseya Update https://www.kaseya.com/potential-attack-on-kaseya-vsa/ Kaspersky Pas...

https://isc.sans.edu/podcastdetail.html?id=7574

Kaseya REvil Update https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kas...

https://isc.sans.edu/podcastdetail.html?id=7572

Kaseya VSA REvil Ransomware Incident https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://dou...

https://isc.sans.edu/podcastdetail.html?id=7570

Print Spooler printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-prin...

https://isc.sans.edu/podcastdetail.html?id=7568

CVE-2021-1675 Incomplete Patch - Printnightmware https://isc.sans.edu/forums/diary/CVE20211675+Incomplete+Patch+and+Leaked+RCE+Exploit/27588/ Internet Explorer PDF Update https://support.micros...

https://isc.sans.edu/podcastdetail.html?id=7566

Google "Sweepstake" Phish Withouth Link https://isc.sans.edu/forums/diary/Diving+into+a+Google+Sweepstakes+Phishing+Email/27578/ Forensics Contest Solution / Winner https://isc.sans.edu/forums/...

https://isc.sans.edu/podcastdetail.html?id=7564

Increase in UDP Port 389 Scans (LDAP/AD) https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/ CD/DVD Destruction https://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/ Zyxel E...

https://isc.sans.edu/podcastdetail.html?id=7560

Do You Like Cookies? Some are for sale! https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/ A supply-chain breach: Taking over an Atlassian account https://media.thre...

https://isc.sans.edu/podcastdetail.html?id=7558

DNS Name Server Hijack Attack https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377 Paloalto Cortex XSOAR...

https://isc.sans.edu/podcastdetail.html?id=7556

Phishing asking recipients not to report abuse https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/ PyPi Cryptomining Malware https://blog.sonatype.com/sonaty...

https://isc.sans.edu/podcastdetail.html?id=7554

Attack and Defend: Distributed Web Applications (free Webcast) https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610 Darkside Impersonators https://www.helpnetsecur...

https://isc.sans.edu/podcastdetail.html?id=7552

Network Forensics on Azure VMs (Part #2) https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/ Google Open Redirect Being Abused https://isc.sans.edu/forums/diary/Open+...

https://isc.sans.edu/podcastdetail.html?id=7550

Network Forensics on Azure VMs https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/ Fake Ledger Hardware Wallets https://www.ledger.com/phishing-campaigns-status#phish...

https://isc.sans.edu/podcastdetail.html?id=7548

June 2021 Forensic Quiz https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/ ThroughTek IP Camera SDK Vulnerability https://www.nozominetworks.com/blog/new-iot-security-risk-thro...

https://isc.sans.edu/podcastdetail.html?id=7546

Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLin...

https://isc.sans.edu/podcastdetail.html?id=7544

Apple iOS 12.5.4 Security Update https://support.apple.com/en-us/HT212548 NIST.gov DNS Issues https://puck.nether.net/pipermail/outages/2021-June/013670.html Akkadian Provisioning Manager Mul...

https://isc.sans.edu/podcastdetail.html?id=7542

EoL SonicWall SRA 4600 VPN Gateways Exploited in Current Attacks https://isc.sans.edu/forums/diary/Sonicwall+SRA+4600+Targeted+By+an+Old+Vulnerability/27518/ Older Fortinet Vulnerability Still ...

https://isc.sans.edu/podcastdetail.html?id=7540

Are Cookie Banners a Waste of Time or a Complete Waste of Time? https://isc.sans.edu/forums/diary/Are+Cookie+Banners+a+Waste+of+Time+or+a+Complete+Waste+of+Time/27436/ Citrix Application Delive...

https://isc.sans.edu/podcastdetail.html?id=7538

Architecture, Compilers and Black Magic https://isc.sans.edu/forums/diary/Architecture+compilers+and+black+magic+or+what+else+affects+the+ability+of+AVs+to+detect+malicious+files/27510/ ALPACA ...

https://isc.sans.edu/podcastdetail.html?id=7536

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/ PuzzleMaker Attacks With Chrome Zero-Day Exploit Chain https://securelist.com/puzzlemaker-chro...

https://isc.sans.edu/podcastdetail.html?id=7534

Amazon Sidewalk https://isc.sans.edu/forums/diary/Amazon+Sidewalk+Cutting+Through+the+Hype/27502/ Windows Container Malware https://unit42.paloaltonetworks.com/siloscape/ Darkside Ransom Conf...

https://isc.sans.edu/podcastdetail.html?id=7532

Strange Goings on With Port 37 https://isc.sans.edu/forums/diary/Strange+goings+on+with+port+37/27496/ QNAP Video Station RCE Vulnerability https://www.qnap.com/de-de/security-advisory/qsa-21-2...

https://isc.sans.edu/podcastdetail.html?id=7530

Script to Test CIS Zoom Benchmark https://github.com/turbot/steampipe-mod-zoom-compliance F5 BIG-IP Edge Client for Windows Vulnerability https://support.f5.com/csp/article/K20346072 Fancy ...

https://isc.sans.edu/podcastdetail.html?id=7528

Realtek RTL8170C Vulnerabilities https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day Huawei LTE USB Stick E3372 Vulnerablity https://www.theregister.com/2021/06/02/huawei_lte_usb_st...

https://isc.sans.edu/podcastdetail.html?id=7526

Guildma is now using Finger and Signed Binary Proxy Execution to Evade Defenses https://isc.sans.edu/forums/diary/Guildma+is+now+using+Finger+and+Signed+Binary+Proxy+Execution+to+evade+defenses/2...

https://isc.sans.edu/podcastdetail.html?id=7524

Malicious PowerShell Hosted on script.google.com https://isc.sans.edu/forums/diary/Malicious+PowerShell+Hosted+on+scriptgooglecom/27468/ Sonicwall Advisory https://www.sonicwall.com/support/pro...

https://isc.sans.edu/podcastdetail.html?id=7522

AV evasion with 64-bit Executables https://isc.sans.edu/forums/diary/All+your+Base+arenearly+equal+when+it+comes+to+AV+evasion+but+64bit+executables+are+not/27466/ Unpatches WebKit Vulnerablity...

https://isc.sans.edu/podcastdetail.html?id=7520

A Survey of Bluetooth Vulnerabilities https://isc.sans.edu/forums/diary/A+Survey+of+Bluetooth+Vulnerabilities+Trends/27460/ Google Chrome Update https://chromereleases.googleblog.com/2021/05/st...

https://isc.sans.edu/podcastdetail.html?id=7518

Uncovering Shenenigans in an IP Address Block via Hurricane Electic's BGP Toolkit https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolk...

https://isc.sans.edu/podcastdetail.html?id=7516

Apple Patches 0-Days https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/ https://support.apple.com/en-us/HT201222 Bluetooth Vulnerabilities https://kb.cert.org/vuls/id/...

https://isc.sans.edu/podcastdetail.html?id=7514

Serverless Phishing Campaign https://isc.sans.edu/forums/diary/Serverless+Phishing+Campaign/27446/ Locking Kernel32.dll As Anti-Debugging Technique https://isc.sans.edu/forums/diary/Locking+Ker...

https://isc.sans.edu/podcastdetail.html?id=7512

New YouTube Video Series: Everything you ever wanted to know about DNS and more https://isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27...

https://isc.sans.edu/podcastdetail.html?id=7510

May 2021 Forensic Contest: Answers and Analysis https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/ CIS Controls V8 https://www.cisecurity.org/controls/v8/ ...

https://isc.sans.edu/podcastdetail.html?id=7508

From RunDLL32 to JavaScript then PowerShell https://isc.sans.edu/forums/diary/From+RunDLL32+to+JavaScript+then+PowerShell/27428/ New Pulse Secure VPN Advisory https://kb.pulsesecure.net/article...

https://isc.sans.edu/podcastdetail.html?id=7506

Ransomware Defenses https://isc.sans.edu/forums/diary/Ransomware+Defenses/27420/ AXA Stops Ransomware Payments https://www.insurancejournal.com/news/international/2021/05/09/613255.htm http.s...

https://isc.sans.edu/podcastdetail.html?id=7504

"Open" Access to Industrial Systems Interfaces is Also Far From Zero https://isc.sans.edu/forums/diary/Open+Access+to+Industrial+Systems+Interface+is+Also+Far+From+Zero/27418/ Malicious Rust Ma...

https://isc.sans.edu/podcastdetail.html?id=7502

Cross Browser Tracking with Schemeflood https://fingerprintjs.com/blog/external-protocol-flooding/ Cisco AnyConnect Secure Mobility Client Patch https://tools.cisco.com/security/center/content/...

https://isc.sans.edu/podcastdetail.html?id=7500

Number of industrial control systems on the internet is lower then in 2020...but still far from zero https://isc.sans.edu/forums/diary/Number+of+industrial+control+systems+on+the+internet+is+lowe...

https://isc.sans.edu/podcastdetail.html?id=7498

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408 WiFi Fragmentation Attacks https://www.fragattacks.com

https://isc.sans.edu/podcastdetail.html?id=7496

Validating IP Addresses: Why Encoding Matters https://isc.sans.edu/forums/diary/Correctly+Validating+IP+Addresses+Why+encoding+matters+for+input+validation/27404/ Jail Breaking AirTags https://...

https://isc.sans.edu/podcastdetail.html?id=7494

Who is Probing the Internet for Research Purposes https://isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/ Cycle Hunter and tsuNAME DDoS Attack https://github....

https://isc.sans.edu/podcastdetail.html?id=7492

Scans for Exposed Azure Storage Containers https://isc.sans.edu/forums/diary/Exposed+Azure+Storage+Containers/27396/ Qualcomm MSM Vulnerability https://research.checkpoint.com/2021/security-pro...

https://isc.sans.edu/podcastdetail.html?id=7490

May 2021 Forensic Contest https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest/27386/ Windows Defender Bug Fills Windows 10 Boot Drive with thousands of files https://www.bleepingcompute...

https://isc.sans.edu/podcastdetail.html?id=7488

Android Update https://source.android.com/security/bulletin/2021-05-01?hl=en Dell Privilege Escalation Vulnerability https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-...

https://isc.sans.edu/podcastdetail.html?id=7486

Apple Patches 2 0-Day Flaws in WebKit affecting iOS/MacOS/WatchOS https://support.apple.com/en-us/HT201222 PoC Exploit for CVE-2021-28482 (Microsoft Exchange) https://gist.github.com/testanull/...

https://isc.sans.edu/podcastdetail.html?id=7484

Qiling: A true instrumentable binary emulation framework https://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/ Python "ipaddress" improper input valid...

https://isc.sans.edu/podcastdetail.html?id=7482

From Python to .Net https://isc.sans.edu/forums/diary/From+Python+to+Net/27366/ PHP Composer Vulnerability https://blog.sonarsource.com/php-supply-chain-attack-on-composer Microsoft Identifie...

https://isc.sans.edu/podcastdetail.html?id=7480

Stopping Google FLoC https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/ https://amifloced.org RotaJakiro Backdoor https:/...

https://isc.sans.edu/podcastdetail.html?id=7478

Diving into a Singapore Post Phihsing E-Mail https://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/ Two in Five Victims of Online Scam Adverts Do Not Report to Hos...

https://isc.sans.edu/podcastdetail.html?id=7476

CAD: .DGN and .MVBA Files analyzed with oledump https://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/ MacOS 0-Day Bug Patched https://objective-see.com/blog/blog_0x64.html https://su...

https://isc.sans.edu/podcastdetail.html?id=7474

Compact VBA Macros https://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/ Base64 Strings Used in Web Scanning https://isc.sans.edu/forums/diary/Base64+Hashes+Use...

https://isc.sans.edu/podcastdetail.html?id=7472

How Safe are Your Docker Images https://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/ Additional SolarWinds Infrastructure https://www.riskiq.com/blog/external-threat-managem...

https://isc.sans.edu/podcastdetail.html?id=7470

Linux Kernel Maintainer Calls Out "hypocrite commits" by University of Minnesota https://lore.kernel.org/lkml/20210421130105.1226686-38-gregkh@linuxfoundation.org/ https://github.com/QiushiWu/Qi...

https://isc.sans.edu/podcastdetail.html?id=7468

Pulse Secure VPN 0-Day Exploited https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.pulsesecure.net/articl...

https://isc.sans.edu/podcastdetail.html?id=7466

Hunting Phishing Websites with Favicon Hashes https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/ Nagios XI Vulnerability Exploited by Cryptominers https://un...

https://isc.sans.edu/podcastdetail.html?id=7464

Decoding Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/ Codecov Breach https://about.codecov.io/security-update/ Google Project Zero Tweaks Disc...

https://isc.sans.edu/podcastdetail.html?id=7462

Why and How You Should be Using an Internal Certificate Authority https://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/ Vulnerabilities Used...

https://isc.sans.edu/podcastdetail.html?id=7460

April 2021 Forensics Quiz Solution https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Chrome 90 ...

https://isc.sans.edu/podcastdetail.html?id=7458

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/ NAME:WRECK DNS Vulnerabilities https://www.forescout.com/research-labs/namewreck/

https://isc.sans.edu/podcastdetail.html?id=7456

Example of Cleartext Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/ ASA 5506 Series Security Appliances Field Notice htt...

https://isc.sans.edu/podcastdetail.html?id=7454

No Python Interpreter? This Simple RAT Installs Its Own Copy https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/ Facebook Mistakingly Suggests A...

https://isc.sans.edu/podcastdetail.html?id=7452

Simple Powershell Ransomware Creating a 7Z Archive of your Files https://isc.sans.edu/forums/diary/Simple+Powershell+Ransomware+Creating+a+7Z+Archive+of+your+Files/27286/ HTML Lego: Hidden Phis...

https://isc.sans.edu/podcastdetail.html?id=7450

WiFi IDS's and Private MAC Addresses https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/ Update on PHP Incident https://externals.io/message/113981 Details about Linux...

https://isc.sans.edu/podcastdetail.html?id=7448

Malspam with Lokibot vs. Outlook and RFCs https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/ SAP Attacks https://us-cert.cisa.gov/ncas/current-activity/2021/04/06...

https://isc.sans.edu/podcastdetail.html?id=7446

LinkedIn Spear-Phishing Campaign Targets Job Hunters https://threatpost.com/linkedin-spear-phishing-job-hunters/165240/ Malicious Text Files (CVE-2019-8761) https://www.paulosyibelo.com/2021/04...

https://isc.sans.edu/podcastdetail.html?id=7444

C2 Activity: Sandboxes or Real Victims https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/ Exploitation of Fortinet FortiOS Vulnerabilities https://us-cert.cisa.gov/n...

https://isc.sans.edu/podcastdetail.html?id=7442

April 2021 Forensic Quiz https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/ Coinhive Domains Used to Warn Victims https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how...

https://isc.sans.edu/podcastdetail.html?id=7440

Quick Analysis of a Modular InfoStealer https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/ Google Chrome Update / DoH on Linux https://chromereleases.googleblog.co...

https://isc.sans.edu/podcastdetail.html?id=7438

Old TLS Versions: Gone but not Forgotten https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/ Perl Netmask Vulnerability https://blog.urt...

https://isc.sans.edu/podcastdetail.html?id=7436

Jumping Into Shellcode https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/ PHP git repo compromised https://news-web.php.net/php.internals/113838 npm "netmask" package vulnerabili...

https://isc.sans.edu/podcastdetail.html?id=7434

A Simple Python Keylogger https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/ New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor https://labs.sentinelone.co...

https://isc.sans.edu/podcastdetail.html?id=7420

"American Rescue Plan" Used as Theme in Phishing Lures Dropping Dridex https://cofense.com/blog/american-rescue-plan-phish/ Apple May Split Security Updates from Other Updates https://9to5mac.c...

https://isc.sans.edu/podcastdetail.html?id=7418

One-Click Microsoft Exchange On-Premises Mitigation Tool https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/ Microsoft Explains Authe...

https://isc.sans.edu/podcastdetail.html?id=7416

NimzaLoader Malware Written in "nim" https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware Windows 10 Emergency Update to Fix Printing Crashes https://...

https://isc.sans.edu/podcastdetail.html?id=7414

Wireshark Code Execution Exploit https://gitlab.com/wireshark/wireshark/-/issues/17232 Google Chrome Vulnerability Exploited in the Wild https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-211...

https://isc.sans.edu/podcastdetail.html?id=7412

Pichktochart - Phishing with Infographics https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/ ProxyLogon Public PoC https://www.praetorian.com/blog/reproducing-proxyl...

https://isc.sans.edu/podcastdetail.html?id=7410

SharpRDP - PSExec with PSExec, PSRemoting without PowerShell https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/ F5 Critical Vulnerabilities ht...

https://isc.sans.edu/podcastdetail.html?id=7408

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2021+Patch+Tuesday/27184/ Adobe Updates https://helpx.adobe.com/security.html Network Camera Breach https://www.bloom...

https://isc.sans.edu/podcastdetail.html?id=7406

YARA and CyberChef https://isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/ Apple Updates Everything https://support.apple.com/en-us/HT201222 Google Adds Port 554 to "Restricted Ports" htt...

https://isc.sans.edu/podcastdetail.html?id=7404

Update on Microsoft Exchange Vulnerability https://github.com/microsoft/CSS-Exchange/tree/main/Security https://github.com/nccgroup/Cyber-Defence/tree/master/Intelligence/Exchange https://suppo...

https://isc.sans.edu/podcastdetail.html?id=7402

From VBS, PowerShell, C Sharp, Process Hollowing to RAT https://isc.sans.edu/forums/diary/From+VBS+PowerShell+C+Sharp+Process+Hollowing+to+RAT/27168/ Cisco Patches Snort Related Vulnerabilities...

https://isc.sans.edu/podcastdetail.html?id=7400

Microsoft Exchange Followup https://blog.rapid7.com/2021/03/03/rapid7s-insightidr-enables-detection-and-response-to-microsoft-exchange-0-day/ Saltstack Vulnerability https://www.immersivelabs....

https://isc.sans.edu/podcastdetail.html?id=7398

Qakbot Infection with Cobalt Strike https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/ Exchange Server 0-Day Exploits https://www.microsoft.com/security/blog/2021/03/0...

https://isc.sans.edu/podcastdetail.html?id=7396

Fun with DNS over TLS and https://isc.sans.edu/forums/diary/Fun+with+DNS+over+TLS+DoT/27150/ Gootloader Update https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-o...

https://isc.sans.edu/podcastdetail.html?id=7394

Pretending to be an Outlook Version Update https://isc.sans.edu/forums/diary/Pretending+to+be+an+Outlook+Version+Update/27144/ Geolocating Satori Botnet Scanning Port 26 https://isc.sans.edu/fo...

https://isc.sans.edu/podcastdetail.html?id=7392

Forensicating Azure VMs https://isc.sans.edu/forums/diary/Forensicating+Azure+VMs/27136/ FriarFox Browser Extension Targeting GMail Accounts https://www.proofpoint.com/us/blog/threat-insight/ta...

https://isc.sans.edu/podcastdetail.html?id=7390

Malspam Pushes GuLoader for Remcos RAT https://isc.sans.edu/forums/diary/Malspam+pushes+GuLoader+for+Remcos+RAT/27132/ vCenter Exploit / Vulnerability Details https://swarm.ptsecurity.com/unaut...

https://isc.sans.edu/podcastdetail.html?id=7388

Qakbot In a Response to Full Disclosure Post https://isc.sans.edu/forums/diary/Qakbot+in+a+response+to+Full+Disclosure+post/27130/ Firefox Total Cookie Protection https://blog.mozilla.org/secur...

https://isc.sans.edu/podcastdetail.html?id=7386

Unprotecting Malicious Documents For Inspection https://isc.sans.edu/forums/diary/Unprotecting+Malicious+Documents+For+Inspection/27126/ Brave Browser DNS Leak https://www.theregister.com/2021/...

https://isc.sans.edu/podcastdetail.html?id=7384

Dynamic Data Exchange (DDE) is Back in the Wild https://isc.sans.edu/forums/diary/Dynamic+Data+Exchange+DDE+is+Back+in+the+Wild/27116/ https://isc.sans.edu/forums/diary/DDE+and+oledump/27122/ ...

https://isc.sans.edu/podcastdetail.html?id=7382

Malspam Pushes Trickbot gtag rob13 https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/ AppleJeus https://us-cert.cisa.gov/ncas/alerts/aa21-048a Python 3 Buffer Overf...

https://isc.sans.edu/podcastdetail.html?id=7380

The new "LinkedInSecureMessage" Phish https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/ Apple M1 Optimized Malware https://objective-see.com/blog/blog_0x62.html QNAP Surv...

https://isc.sans.edu/podcastdetail.html?id=7378

More Weirdness on TCP Port 26 https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/ Microsoft Pulls Servicing Stack Update https://threatpost.com/microsoft-windows-update-patch...

https://isc.sans.edu/podcastdetail.html?id=7376

Securing and Optimizing Networks Using pfSense Traffic Shaper to Combat Bufferbloat https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Com...

https://isc.sans.edu/podcastdetail.html?id=7374

AgentTesla Dropped Through Automatic Click in Microsoft Help File https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/ Telegram used to Def...

https://isc.sans.edu/podcastdetail.html?id=7372

Agent Tesla Hidden in Historical Anti-Malware Tool https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/ McAfee Total Protection Vulnerabilities https://s...

https://isc.sans.edu/podcastdetail.html?id=7370

Phishing Message to the ISC Handlers E-Mail Distro https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/ Google Phishing Statistics https://cloud.google.com...

https://isc.sans.edu/podcastdetail.html?id=7368

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/ https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/ Dependency Confusion http...

https://isc.sans.edu/podcastdetail.html?id=7366

Tshark and Malware Analysis https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/ Barcode Scanner Going Bad https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-...

https://isc.sans.edu/podcastdetail.html?id=7364

VBA Macro Trying to Alter the Application Menus https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/ The Great Suspender Going Malicious https://www.zdnet.co...

https://isc.sans.edu/podcastdetail.html?id=7362

Abusing Google Chrome Extension Syncing For Data Exfiltration and C&C https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/ Microsoft Def...

https://isc.sans.edu/podcastdetail.html?id=7360

Excel Spreadsheets Push SystemBC Malware https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/ SolarWinds Vulnerability https://www.trustwave.com/en-us/resources/sec...

https://isc.sans.edu/podcastdetail.html?id=7358

New Example of XSL Script Processing aka "Mitre T1220" https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/ Camerfirma Certificate Authority Revocation ...

https://isc.sans.edu/podcastdetail.html?id=7356

MacOS 11.2 Update https://support.apple.com/en-us/HT212147 Objective-See Tools Now Open Sources https://twitter.com/patrickwardle/status/1356149073045143553 iMessage Blastdoor https://googlep...

https://isc.sans.edu/podcastdetail.html?id=7354

Perl.com Domain Hijacked https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html Spamcop Domain Expired https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service...

https://isc.sans.edu/podcastdetail.html?id=7352

New Cryptojacking Malware https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/ SlipStreaming https://www.armis.com/resources/iot-security-blog/nat-slipstreamin...

https://isc.sans.edu/podcastdetail.html?id=7350

Emotet vs. Windows Attack Surface Reduction https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/ Go Lang Vulnerability https://blog.golang.org/path-security Azu...

https://isc.sans.edu/podcastdetail.html?id=7348

Critical sudo Vulnerability https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit Quakbot (QBot) Update https://isc.sans.edu...

https://isc.sans.edu/podcastdetail.html?id=7346

Fun With nmap nse Scripts and DoH (DNS over HTTPS) https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/ Malicious NPM Module Stealing Discord Passwords http...

https://isc.sans.edu/podcastdetail.html?id=7344

Another File Extension to Block: JNLP https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/ SonicWall Vulnerability Used to Breach SonicWall https://www.soni...

https://isc.sans.edu/podcastdetail.html?id=7342

Powershell Ropping REvil Ransomware https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/ SAP Exploit Circulating https://onapsis.com/blog/new-sap-exploit-published-on...

https://isc.sans.edu/podcastdetail.html?id=7340

SolarWinds Updates https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/ https://blog.malwarebytes.com/...

https://isc.sans.edu/podcastdetail.html?id=7338

Qakbot Activity Resumes After Holiday Break https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/ Multiple dnsmasq Vulnerabilities https://www.jsof-tech.com/wp-co...

https://isc.sans.edu/podcastdetail.html?id=7336

Doc And RTF Malicious Document https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/ Center for Internet Security Cisco NX-OS Benchmark https://www.cisecurity.org/cis-benchmarks/ ...

https://isc.sans.edu/podcastdetail.html?id=7334

Scans for DNS over HTTPs https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/ https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-...

https://isc.sans.edu/podcastdetail.html?id=7332

Dynamically Analzying A Heavily Obfuscted Excel 4 Macro Malicious File https://isc.sans.edu/forums/diary/Dynamically+analyzing+a+heavily+obfuscated+Excel+4+macro+malicious+file/26986/ Odd Filen...

https://isc.sans.edu/podcastdetail.html?id=7330

Hancitor Activity Resumes After a Holiday Break https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/ Intel Hardware-Enabled Ransomware Protections https://ww...

https://isc.sans.edu/podcastdetail.html?id=7328

MSFT January 2021 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/ Adobe Patches https://helpx.adobe.com/security.html MimeCast Cert Stolen https://...

https://isc.sans.edu/podcastdetail.html?id=7326

Using the NVD Database API Part 3/3 https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/ Sysinternal...

https://isc.sans.edu/podcastdetail.html?id=7324

Maldoc Strings Analysis https://isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/ CVSS Reliablity Survey https://user-surveys.cs.fau.de/index.php?r=survey/index&sid=248857 Fake Trump V...

https://isc.sans.edu/podcastdetail.html?id=7322

Using the NIST Database and API to Keep Up with Vulnerabilities https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/ ...

https://isc.sans.edu/podcastdetail.html?id=7320

Zyxel Exploitation Under Way https://isc.sans.edu/forums/diary/Scans+for+Zyxel+Backdoors+are+Commencing/26954/ Fortinet Patches https://www.fortiguard.com/psirt?date=01-2021 Foxit PhantomPDF ...

https://isc.sans.edu/podcastdetail.html?id=7318

Netfox Detective: An Alternative Open-Source Packet Analysis Tool https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/ ElectroRAT Drains Cryp...

https://isc.sans.edu/podcastdetail.html?id=7316

From a Small BAT File to Mass Logger Infostealer https://isc.sans.edu/forums/diary/From+a+small+BAT+file+to+Mass+Logger+infostealer/26946/ Citrix Releases Updates Addressing DTLS Flaw https://s...

https://isc.sans.edu/podcastdetail.html?id=7314

Traffic Analysis Quiz https://isc.sans.edu/forums/diary/End+of+Year+Traffic+Analysis+Quiz/26940/ Zyxel Backdoor https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html ...

https://isc.sans.edu/podcastdetail.html?id=7312

Accessing Restricted Directory Listings via Your AV Solution https://isc.sans.edu/forums/diary/Want+to+know+whats+in+a+folder+you+dont+have+a+permission+to+access+Try+asking+your+AV+solution/2693...

https://isc.sans.edu/podcastdetail.html?id=7310

Extending Android Device Compatibility for Let's Encrypt Certificates https://letsencrypt.org/2020/12/21/extending-android-compatibility.html Insufficient Patch for Windows 8.1/10 Print Spooler...

https://isc.sans.edu/podcastdetail.html?id=7308

base64dump.py Supported Encodings https://isc.sans.edu/forums/diary/base64dumppy+Supported+Encodings/26924/ String Analysis and Maldocs https://isc.sans.edu/forums/diary/Quickie+String+Analysis...

https://isc.sans.edu/podcastdetail.html?id=7306

Malware Victim Selection Through WiFi Identification https://isc.sans.edu/forums/diary/Malware+Victim+Selection+Through+WiFi+Identification/26910/ New Treck IP Stack Vulnerabilities https://tre...

https://isc.sans.edu/podcastdetail.html?id=7304

What's The Deal With Openportstats.com? https://isc.sans.edu/forums/diary/Whats+the+deal+with+openportstatscom/26912/ Dell Wyse ThinOS 8.6 Security Update https://www.dell.com/support/kbdoc/en-...

https://isc.sans.edu/podcastdetail.html?id=7302

A slightly optimistic tale of how patching went for CVE-2019-19781 https://isc.sans.edu/forums/diary/A+slightly+optimistic+tale+of+how+patching+went+for+CVE201919781/26900/ Heads-up: VirusTotal...

https://isc.sans.edu/podcastdetail.html?id=7300

Token Authentication Requirements for Git Operations https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ Google Attempting to Speed Up OS Update Adoption https:...

https://isc.sans.edu/podcastdetail.html?id=7298

Cloud DNS Logs https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/ Solarwinds Update https://www.heise.de/news/l-f-SolarWinds-Backdoor-Hersteller-sorgte-fuer-Ausnahmen-von-AV-Ueb...

https://isc.sans.edu/podcastdetail.html?id=7296

Analyzing A Fireeye Maldoc https://isc.sans.edu/forums/diary/Analyzing+FireEye+Maldocs/26882/ Didier Stevens: 2020 Difference Makers https://www.sans.org/webcasts/2020-difference-makers-awards-...

https://isc.sans.edu/podcastdetail.html?id=7294

SolarWinds Followup https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/ https://sansurl.com/solarwinds Apple Updates Everything https://s...

https://isc.sans.edu/podcastdetail.html?id=7292

SolarWinds Compromise https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/ Writing Yara Rules for Fun and Profit: Notes form the FireEye Br...

https://isc.sans.edu/podcastdetail.html?id=7290

Python Backdoor Talking to a C2 Through Ngrok https://isc.sans.edu/forums/diary/Python+Backdoor+Talking+to+a+C2+Through+Ngrok/26866/ Cisco Releases Improved Patch for Jabber Vulnerabilities htt...

https://isc.sans.edu/podcastdetail.html?id=7288

Oblivious DoH https://blog.cloudflare.com/oblivious-dns/ HTTP Archive Almanach https://almanac.httparchive.org/en/2020/security Open Source IoT TCP/IP Stack Vulnerabilities https://www.foresc...

https://isc.sans.edu/podcastdetail.html?id=7286

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/December+2020+Microsoft+Patch+Tuesday+Exchange+Sharepoint+Dynamics+and+DNS+Spoofing/26860/ Adobe Patch Tuesday https://helpx.adobe.com/...

https://isc.sans.edu/podcastdetail.html?id=7284

Corrupt BASE64 Strings: Detection and Decoding https://isc.sans.edu/forums/diary/Corrupt+BASE64+Strings+Detection+and+Decoding/26616/ Microsoft Teams Remote Code Execution Vulnerability (Patche...

https://isc.sans.edu/podcastdetail.html?id=7282

Proxy Scanner Attempting to Connect to Specific Hostname https://isc.sans.edu/forums/diary/Is+IP+91199118137+testing+Access+to+aahwwx52hostxyz/26852/ Recovering Passwords From Pixelized Screens...

https://isc.sans.edu/podcastdetail.html?id=7280

Traffic Analysis Quiz: Mr. Natural https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Mr+Natural/26844/ An iOS Zero-Click Radio Proximity Exploit Odyssey https://googleprojectzero.blogspot...

https://isc.sans.edu/podcastdetail.html?id=7278

Prevelance of DNS Spoofing https://arxiv.org/abs/2011.12978 New npm Malware Includes Bladabindi Trojan https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware DarkIRC Bot Exploit...

https://isc.sans.edu/podcastdetail.html?id=7276

Xanthe Docker Aware Miner https://blog.talosintelligence.com/2020/12/xanthe-docker-aware-miner.html#more Ocean Lotus Mac Backdoor https://www.trendmicro.com/en_us/research/20/k/new-macos-backdo...

https://isc.sans.edu/podcastdetail.html?id=7274

Decrypting PowerShell Payloads https://isc.sans.edu/forums/diary/Decrypting+PowerShell+Payloads+video/26838/ Trend Micro ServerProtect for Linux https://success.trendmicro.com/solution/00028195...

https://isc.sans.edu/podcastdetail.html?id=7272

Live Patching Windows API Calls Using PowerShell https://isc.sans.edu/forums/diary/Live+Patching+Windows+API+Calls+Using+PowerShell/26826/ Threat Hunting with JARM https://isc.sans.edu/forums/d...

https://isc.sans.edu/podcastdetail.html?id=7270

The Special Case of TCP Resets https://isc.sans.edu/forums/diary/The+special+case+of+TCP+RST/26824/ VMWare Workspace Vulnerability https://www.theregister.com/2020/11/24/vmware_urges_sysadmins...

https://isc.sans.edu/podcastdetail.html?id=7268

Quick Tip: Cobalt Strike Beacon Analysis https://isc.sans.edu/forums/diary/Quick+Tip+Cobalt+Strike+Beacon+Analysis/26818/ Godaddy Social Engineering Used to Compromise Bitcoin Exchange Domains ...

https://isc.sans.edu/podcastdetail.html?id=7266

Updates for VMWare ESXi; Fusion and Workstation https://www.vmware.com/security/advisories/VMSA-2020-0026.html IBM DB2 Vulnerability https://www.ibm.com/support/pages/node/6370025 https://www....

https://isc.sans.edu/podcastdetail.html?id=7264

PowerShell Dropper Delivering Formbook https://isc.sans.edu/forums/diary/PowerShell+Dropper+Delivering+Formbook/26806/ Google Leading the Way in Phishing https://www.armorblox.com/blog/ok-googl...

https://isc.sans.edu/podcastdetail.html?id=7262

When Security Controls Lead to Security Issues https://isc.sans.edu/forums/diary/When+Security+Controls+Lead+to+Security+Issues/26804/ Google Chrome Update https://chromereleases.googleblog.com...

https://isc.sans.edu/podcastdetail.html?id=7260

Apple Binaries Used to Bypass 3rd Party Security Products on MacOS 11 https://twitter.com/patrickwardle/status/1327726496203476992 Apple Improving Privacy on App Certificate Checks https://supp...

https://isc.sans.edu/podcastdetail.html?id=7258

Old Vulnerbilities Don't Die https://isc.sans.edu/forums/diary/Heartbleed+BlueKeep+and+other+vulnerabilities+that+didnt+disappear+just+because+we+dont+talk+about+them+anymore/26798/ Citrix Virt...

https://isc.sans.edu/podcastdetail.html?id=7256

Oledump Removed Macro Indicator https://isc.sans.edu/forums/diary/oledumps+Indicator/26794/ Old Worm But New Obfuscation Technique https://isc.sans.edu/forums/diary/Old+Worm+But+New+Obfuscation...

https://isc.sans.edu/podcastdetail.html?id=7254

Preventing Exposed Azure Blob Storage https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/ Apple Security Updates https://support.apple.com/en-us/HT201222 DNS Cache ...

https://isc.sans.edu/podcastdetail.html?id=7252

Traffic Analysis Quiz https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+DESKTOPFX23IK5/26780/ Open Source Security Scorecards https://github.com/ossf/scorecard Bitdefender: UPX Unpackin...

https://isc.sans.edu/podcastdetail.html?id=7250

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+November+2020+Patch+Tuesday/26778/ "Platypus" Attack against Intel SGX https://platypusattack.com/ Adobe Updates https://he...

https://isc.sans.edu/podcastdetail.html?id=7248

How Attackers Brush Up Their Malicious Scripts https://isc.sans.edu/forums/diary/How+Attackers+Brush+Up+Their+Malicious+Scripts/26770/ RansomEXX Trojan Attacks Linux Systems https://securelist....

https://isc.sans.edu/podcastdetail.html?id=7246

Cryptojacking Targeting WebLogic TCP/7001 Cryptojacking Targeting WebLogic TCP/7001 https://isc.sans.edu/forums/diary/Cryptojacking+Targeting+WebLogic+TCP7001/26768/ Extracting VBA Code From M...

https://isc.sans.edu/podcastdetail.html?id=7244

Did You Spot "Invoke-Expression" ? https://isc.sans.edu/forums/diary/Did+You+Spot+InvokeExpression/26762/ Apple Security Updates https://support.apple.com/en-us/HT201222 Corporte VoIP Phone S...

https://isc.sans.edu/podcastdetail.html?id=7242

Cisco AnyConnect Security Mobility Client https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK Google Chrome Root CA Policy https://www.chromiu...

https://isc.sans.edu/podcastdetail.html?id=7240

Attackers Exploiting WebLogic Servers to Install Cobalt Strike https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752 New SaltSt...

https://isc.sans.edu/podcastdetail.html?id=7238

Emotet -> Qakbot -> More Emotet https://isc.sans.edu/forums/diary/Emotet+Qakbot+more+Emotet/26750/ WebLogic Bad News https://www.oracle.com/security-alerts/alert-cve-2020-14750.html https://tw...

https://isc.sans.edu/podcastdetail.html?id=7236

Quick Status of the CAA DNS Record Adoption https://isc.sans.edu/forums/diary/Quick+Status+of+the+CAA+DNS+Record+Adoption/26738/ Windows Kernel cng.sys pool-based buffer overflow CVE-2020-1708...

https://isc.sans.edu/podcastdetail.html?id=7234

PATCH NOW: CVE-2020-14882 WebLogic Actively Exploited https://isc.sans.edu/forums/diary/PATCH+NOW+CVE202014882+Weblogic+Actively+Exploited+Against+Honeypots/26734/ Zonealarm Update https://www....

https://isc.sans.edu/podcastdetail.html?id=7232

SMBGhost Remains Unpatched on 8% of Exposed SMB Servers https://isc.sans.edu/forums/diary/SMBGhost+the+critical+vulnerability+many+seem+to+have+forgotten+to+patch/26732/ Microsoft Defender ATP ...

https://isc.sans.edu/podcastdetail.html?id=7230

Vulnerable SonarQube Configurations Used to Steal Code https://beta.documentcloud.org/documents/20399900-fbi_flash_sonarqube_access_bc Microsoft Edge Security Updates (Chromium-Based) https://p...

https://isc.sans.edu/podcastdetail.html?id=7228

Excel 4 Macros: "Abnormal Sheet Visibility" https://isc.sans.edu/forums/diary/Excel+4+Macros+Abnormal+Sheet+Visibility/26726/ HP Printer Applications Certificate Revoked https://eclecticlight.c...

https://isc.sans.edu/podcastdetail.html?id=7226

An Alternative to Shodan: Censys https://isc.sans.edu/forums/diary/An+Alternative+to+Shodan+Censys+with+UserAgent+CensysInspect11/26718/ Sooty: SOC Analyst's All-in-One Tool https://isc.sans.ed...

https://isc.sans.edu/podcastdetail.html?id=7224

BazarLoader Phishing Lures https://isc.sans.edu/forums/diary/BazarLoader+phishing+lures+plan+a+Halloween+party+get+a+bonus+and+be+fired+in+the+same+afternoon/26710/ Stalled Reviews for Secure B...

https://isc.sans.edu/podcastdetail.html?id=7222

Shipping Dangerous Goods https://isc.sans.edu/forums/diary/Shipping+dangerous+goods/26702/ Chinese State-Sponsored Actors Exploit Same Vulnerablities as Others https://media.defense.gov/2020/Oc...

https://isc.sans.edu/podcastdetail.html?id=7220

Mirai-alike Python Scanner https://isc.sans.edu/forums/diary/Miraialike+Python+Scanner/26698/ Google Chrome Update (actively exploited vulnerability fixed) https://chromereleases.googleblog.com...

https://isc.sans.edu/podcastdetail.html?id=7218

Out of Band MSFT Patches https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023 Ado...

https://isc.sans.edu/podcastdetail.html?id=7216

CVE-2020-5135 SonicWall Buffer Overflow https://isc.sans.edu/forums/diary/CVE20205135+Buffer+Overflow+in+SonicWall+VPNs+Patch+Now/26692/ Spammer Attached Mass Mailer Configuration Instead of Ma...

https://isc.sans.edu/podcastdetail.html?id=7214

Obfuscated Python RAT https://isc.sans.edu/forums/diary/Nicely+Obfuscated+Python+RAT/26680/ BadNeighbor ICMPv6 Router Advertisement Update https://isc.sans.edu/forums/diary/CVE202016898+Windows...

https://isc.sans.edu/podcastdetail.html?id=7212

TA551/Shathak Word Docs Push IcedID and Bokbot https://isc.sans.edu/forums/diary/More+TA551+Shathak+Word+docs+push+IcedID+Bokbot/26674/ MSFT Patch Tuesday Followup https://portal.msrc.microsoft...

https://isc.sans.edu/podcastdetail.html?id=7210

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2020+Patch+Tuesday/26672/ Adobe Updates https://helpx.adobe.com/security/products/flash-player/apsb20-58.html

https://isc.sans.edu/podcastdetail.html?id=7208

Nested .MSGs: Turtles All The Way Down https://isc.sans.edu/forums/diary/Nested+MSGs+Turtles+All+The+Way+Down/26668/ Microsoft Attempting To Take Down Trickbot C2 Infrastructure https://blogs.m...

https://isc.sans.edu/podcastdetail.html?id=7206

Phishing Kits As Far As The Eye Can See https://isc.sans.edu/forums/diary/Phishing+kits+as+far+as+the+eye+can+see/26660/ Open Packaging Conventions https://isc.sans.edu/forums/diary/Open+Packag...

https://isc.sans.edu/podcastdetail.html?id=7204

Hashicorp Vault Vulnerabilities https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html Ryuk Ransomware Writeup https://thedfirreport.com/2020/10/08/ryuk...

https://isc.sans.edu/podcastdetail.html?id=7202

Today, Nobody is Going to Attack You https://isc.sans.edu/forums/diary/Today+Nobody+is+Going+to+Attack+You/26654/ Google Chrome Patches https://chromereleases.googleblog.com/2020/10/stable-chan...

https://isc.sans.edu/podcastdetail.html?id=7200

Apple T2 Chip Vulnerability https://ironpeak.be/blog/crouching-t2-hidden-danger/ NVIDIA Patches https://nvidia.custhelp.com/app/answers/detail/a_id/5075 Cloudflare DDoS Alerts https://blog.cl...

https://isc.sans.edu/podcastdetail.html?id=7198

Obfuscation and Repetition https://isc.sans.edu/forums/diary/Obfuscation+and+Repetition/26648/ Compromised UEFI Payload Found https://securelist.com/mosaicregressor/98849/ Privilege Escalatio...

https://isc.sans.edu/podcastdetail.html?id=7196

Analysis of a Phishing Kit https://isc.sans.edu/forums/diary/Analysis+of+a+Phishing+Kit/26634/ Hoaxcalls Botnet Scanning for Huawei Home Gateway https://isc.sans.edu/forums/diary/Scanning+for+S...

https://isc.sans.edu/podcastdetail.html?id=7194

Making Sensor of Azure AD Activity Logs https://isc.sans.edu/forums/diary/Making+sense+of+Azure+AD+AAD+activity+logs/26626/ IOCs Turning into IOOIs https://isc.sans.edu/forums/diary/IOCs+turnin...

https://isc.sans.edu/podcastdetail.html?id=7192

Scans for FPURL.xml: Reconnaissance or Not? https://isc.sans.edu/forums/diary/Scans+for+FPURLxml+Reconnaissance+or+Not/26622/ HP Device Manager Backdoor https://support.hp.com/us-en/document/c0...

https://isc.sans.edu/podcastdetail.html?id=7190

Managing Remote Access for Contractors and Partners https://isc.sans.edu/forums/diary/Managing+Remote+Access+for+Partners+Contractors/26614/#comments Updated Windows ZeroLogon Advisory https://...

https://isc.sans.edu/podcastdetail.html?id=7188

Some Tyler Technologies Customers Targeted after Breach https://isc.sans.edu/forums/diary/Some+Tyler+Technologies+Customers+Targeted+with+The+Installation+of+a+Bomgar+Client/26610/ Obfuscated P...

https://isc.sans.edu/podcastdetail.html?id=7186

Securing Exchange Online https://isc.sans.edu/forums/diary/Securing+Exchange+Online+Guest+Diary/26600/ Decoding Corrupt BASE64 https://isc.sans.edu/forums/diary/Decoding+Corrupt+BASE64+Strings/...

https://isc.sans.edu/podcastdetail.html?id=7184

Party in Ibiza with PowerShell https://isc.sans.edu/forums/diary/Party+in+Ibiza+with+PowerShell/26594/ Microsoft Tracking Zerologon Exploits https://twitter.com/MsftSecIntel/status/130894150470...

https://isc.sans.edu/podcastdetail.html?id=7182

Dynamic Malicious Word Document https://isc.sans.edu/forums/diary/Malicious+Word+Document+with+Dynamic+Content/26590/ Old Versions of SAMBA Affected by ZeroLogon Vulnerability https://www.samba...

https://isc.sans.edu/podcastdetail.html?id=7180

Citrix ADC Udpates https://support.citrix.com/article/CTX281474 Firefox Version 81 Released https://www.mozilla.org/en-US/firefox/81.0/releasenotes/ Simple Scan Drops Ransomware Risk https://...

https://isc.sans.edu/podcastdetail.html?id=7178

Slightly Broken Overlay Phishing https://isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/ MacOS Code Injection via Third Party Frameworks https://www.trustedsec.com/blog/macos-...

https://isc.sans.edu/podcastdetail.html?id=7176

A Mix of Python and VBA in a Malicious Word Document https://isc.sans.edu/forums/diary/A+Mix+of+Python+VBA+in+a+Malicious+Word+Document/26578/ Salesforce Phish https://isc.sans.edu/forums/diary...

https://isc.sans.edu/podcastdetail.html?id=7174

OSSEC Active Response https://isc.sans.edu/forums/diary/Suspicious+Endpoint+Containment+with+OSSEC/26576/ Microsoft Patch for Office for Mac https://docs.microsoft.com/en-us/officeupdates/relea...

https://isc.sans.edu/podcastdetail.html?id=7172

Most Recent "Mirai" Bot Includes Code to Target Backups https://isc.sans.edu/forums/diary/Do+Vulnerabilities+Ever+Get+Old+Recent+Mirai+Variant+Scanning+for+20+Year+Old+Amanda+Version/26572/ App...

https://isc.sans.edu/podcastdetail.html?id=7170

Traffic Analysis Quiz: Oh No... Another Infection https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Oh+No+Another+Infection/26566/ Magento 1 Stores Targeted By Recent Attack https://sanse...

https://isc.sans.edu/podcastdetail.html?id=7168

Not Everything About ".well-known" is Well Known https://isc.sans.edu/forums/diary/Not+Everything+About+wellknown+is+Well+Known/26564/ BLE Lock Vulnerable to Replay Attack https://www.pentestpa...

https://isc.sans.edu/podcastdetail.html?id=7166

Pillaging and Protecting the Clipboard https://isc.sans.edu/forums/diary/Whats+in+Your+Clipboard+Pillaging+and+Protecting+the+Clipboard/26556/ Critical Vulnerability in PANOS https://security.p...

https://isc.sans.edu/podcastdetail.html?id=7164

Recent Dridex Activity https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/ Zoom Bombings and Zoom 2FA https://arxiv.org/abs/2009.03822 https://blog.zoom.us/secure-your-zoom-account...

https://isc.sans.edu/podcastdetail.html?id=7162

MacOS 11 Network Traffic https://isc.sans.edu/forums/diary/A+First+Look+at+macOS+11+Big+Sur+Network+Traffic+New+Now+with+more+GREASE/26548/ Azure Offers Automatic Windows VM Patching https://a...

https://isc.sans.edu/podcastdetail.html?id=7160

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2020+Patch+Tuesday/26544/ Adobe Security Bulletins https://helpx.adobe.com/security.html Intel Patches https://ww...

https://isc.sans.edu/podcastdetail.html?id=7158

A Blast From The Past: XXEncoded VB 6.0 Trojan https://isc.sans.edu/forums/diary/A+blast+from+the+past+XXEncoded+VB60+Trojan/26538/ Office: About OLE and ZIP Files https://isc.sans.edu/forums/d...

https://isc.sans.edu/podcastdetail.html?id=7156

Sandbox Evasion Using NTP https://isc.sans.edu/forums/diary/Sandbox+Evasion+Using+NTP/26534/ Android DNS over HTTPS https://blog.chromium.org/2020/09/a-safer-and-more-private-browsing.html Ci...

https://isc.sans.edu/podcastdetail.html?id=7154

Python and Risky Windows API Calls https://isc.sans.edu/forums/diary/Python+and+Risky+Windows+API+Calls/26530/ QNAP Updates https://www.qnap.com/en/release-notes/qts/4.3.6.1411/20200825 https:...

https://isc.sans.edu/podcastdetail.html?id=7152

Exposed Domain Controllers Used in DDoS Attacks https://isc.sans.edu/forums/diary/Exposed+Windows+Domain+Controllers+Used+in+CLDAP+DDoS+Attacks/26526/ Microsoft Reviving SHA-1 https://techcommu...

https://isc.sans.edu/podcastdetail.html?id=7150

Finding The Original Maldoc https://isc.sans.edu/forums/diary/Finding+The+Original+Maldoc/26520/ Slack Remote Code Execution https://hackerone.com/reports/783877 Apple Approved Malware https:...

https://isc.sans.edu/podcastdetail.html?id=7148

CenturyLink Outage https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/ New Zealand Stock Market Denial of Service Attack https://www.theregister.com/2020/08/27/nzx_ddos_t...

https://isc.sans.edu/podcastdetail.html?id=7146

A Reminder about Security.txt https://isc.sans.edu/forums/diary/Securitytxt+one+small+file+for+an+admin+one+giant+help+to+a+security+researcher/26510/ DNS Queries to Root Name Servers https://b...

https://isc.sans.edu/podcastdetail.html?id=7144

Malicious Excel Sheet with a NULL VT Score https://isc.sans.edu/forums/diary/Malicious+Excel+Sheet+with+a+NULL+VT+Score/26506/ APT Attack Uses Autodesk Plugin https://www.bitdefender.com/files/...

https://isc.sans.edu/podcastdetail.html?id=7142

Keep an Eye on LOLBins https://isc.sans.edu/forums/diary/Keep+An+Eye+on+LOLBins/26502/ Malicious iOS Adnetwork SDK https://snyk.io/research/sour-mint-malicious-sdk/ Apache Update https://http...

https://isc.sans.edu/podcastdetail.html?id=7140

Tracking a Malware Campaign Through VT https://isc.sans.edu/forums/diary/Tracking+A+Malware+Campaign+Through+VT/26498/ Zoom Outage https://www.cnn.com/2020/08/24/us/zoom-outage-worldwide-trnd/i...

https://isc.sans.edu/podcastdetail.html?id=7138

A Word of Caution: Helping Cyber Stalking Victims https://isc.sans.edu/forums/diary/A+Word+of+Caution+Helping+Out+People+Being+Stalked+Online/26422/ RDP and Telnet Scans https://isc.sans.edu/fo...

https://isc.sans.edu/podcastdetail.html?id=7136

Office 365 Mail Forwarding Rules (and other Mail Rules too) https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/ Spoofing GMail/GSuite Customers ht...

https://isc.sans.edu/podcastdetail.html?id=7134

Example of a Word Document Delivering Qakbot https://isc.sans.edu/forums/diary/Example+of+Word+Document+Delivering+Qakbot/26482/ PGP/SMime Implementation Weaknesses https://www.nds.ruhr-uni-boc...

https://isc.sans.edu/podcastdetail.html?id=7132

Using APIs to Track Attackers https://isc.sans.edu/forums/diary/Using+APIs+to+Track+Attackers/26472/ Jenkins Security Advisory https://www.jenkins.io/security/advisory/2020-08-17/ Chrome Will...

https://isc.sans.edu/podcastdetail.html?id=7130

Apache Struts Patch and PoC Exploit https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability https://cwiki.apache.org/confluence/display/WW/S2-059 ...

https://isc.sans.edu/podcastdetail.html?id=7128

SANS Data Incident 2020 - Indicators of Compromise https://www.sans.org/blog/sans-data-incident-2020-indicators-of-compromise/ Large File Used to Obfuscate Malware https://isc.sans.edu/forums/d...

https://isc.sans.edu/podcastdetail.html?id=7126

Decrypting Voice over LTE Calls https://revolte-attack.net/ Vulnerabilities found on Amazon's Alexa https://research.checkpoint.com/2020/amazons-alexa-hacked/ DROVORUB Russian GRU Linux Malwa...

https://isc.sans.edu/podcastdetail.html?id=7124

To the Brim at the Gates of Mordor https://isc.sans.edu/forums/diary/To+the+Brim+at+the+Gates+of+Mordor+Pt+1/26456/ Large Group of Malicious Tor Exit Nodes https://medium.com/@nusenu/how-malic...

https://isc.sans.edu/podcastdetail.html?id=7122

vBulletin 0-Day Exploit https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/ Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2020+Patch+Tuesday/26452/ ...

https://isc.sans.edu/podcastdetail.html?id=7120

Small Challenge: A Simple Word Maldoc (Solution) https://isc.sans.edu/forums/diary/Small+Challenge+A+Simple+Word+Maldoc+Part+2/26444/ Scoping Web Application Pentests https://isc.sans.edu/forum...

https://isc.sans.edu/podcastdetail.html?id=7118

Scanning Activity Against WIFICAM Using Netcat https://isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/ Qualcom Snapdragon Vulnerabilities https://blog.checkpoint.com/...

https://isc.sans.edu/podcastdetail.html?id=7116

FTCode Ransomware Resurfaces https://isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434/ Microsoft Anti-Malware Flaging Host File Manipulation https://www.bleepingcomput...

https://isc.sans.edu/podcastdetail.html?id=7114

Malware Analysis Quiz https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Whats+the+Malware+From+This+Infection/26430/ Exploiting CVE-2020-9854 on MacOS https://objective-see.com/blog/blog_...

https://isc.sans.edu/podcastdetail.html?id=7112

A Reminder to Patch CVE-2020-3452. Active Exploitation Seen https://isc.sans.edu/forums/diary/Reminder+Patch+Cisco+ASA+FTD+Devices+CVE20203452+Exploitation+Continues/26426/ Internet Choke Point...

https://isc.sans.edu/podcastdetail.html?id=7110

VBA Macro With Multiple Command and Control Channels https://isc.sans.edu/forums/diary/Powershell+Bot+with+Multiple+C2+Protocols/26420/ Boothole Patch Causes Unbootable Systems https://access.r...

https://isc.sans.edu/podcastdetail.html?id=7108

Pages Hit By Bad Bots https://isc.sans.edu/forums/diary/What+pages+do+bad+bots+look+for/26414/ KeePassRPC Vulnerablity https://forum.kee.pm/t/a-critical-security-update-for-keepassrpc-is-availa...

https://isc.sans.edu/podcastdetail.html?id=7106

Python Developers: Prepare! https://isc.sans.edu/forums/diary/Python+Developers+Prepare/26408/ Office 365 Phishing Hiding in Google Ads https://cofense.com/threat-actors-bypass-gateways-google-...

https://isc.sans.edu/podcastdetail.html?id=7104

Consumer VPNs: You May Be Fine Without It https://isc.sans.edu/forums/diary/Consumer+VPNs+You+May+Be+Fine+Without/26404/ Tails Update https://tails.boum.org/news/version_4.9/index.en.html Fir...

https://isc.sans.edu/podcastdetail.html?id=7102

New Datafeeds https://isc.sans.edu/forums/diary/All+I+want+this+Tuesday+More+Data/26400/ Emotet Stealing Email Attachments https://twitter.com/CofenseLabs/status/1288167724594671618 Magento U...

https://isc.sans.edu/podcastdetail.html?id=7100

In Memory of Donald Smith https://isc.sans.edu/forums/diary/In+Memory+of+Donald+Smith/26396/ Analyzing Metasploit ASP .Net Payloads https://isc.sans.edu/forums/diary/Analyzing+Metasploit+ASP+NE...

https://isc.sans.edu/podcastdetail.html?id=7098

Compromized Desktop Applications By Web Technologies https://isc.sans.edu/forums/diary/Compromized+Desktop+Applications+by+Web+Technologies/26384/ Cracking Maldoc VBA Project Passwords https://...

https://isc.sans.edu/podcastdetail.html?id=7096

Simple Blocklisting with MISP and pfSense https://isc.sans.edu/forums/diary/Simple+Blocklisting+with+MISP+pfSense/26380/ ISC Intel Feed (Beta. DO NOT USE AS BLOCKLIST) https://isc.sans.edu/api/...

https://isc.sans.edu/podcastdetail.html?id=7094

A Few IoCs Releated to the F5 Vulnerablity CVE-2020-5092 https://isc.sans.edu/forums/diary/A+few+IoCs+related+to+CVE20205092/26378/ PDF Signature Weaknesses https://pdf-insecurity.org/ Sharep...

https://isc.sans.edu/podcastdetail.html?id=7092

Comparing Covid19 Remote Services in Different Countries https://isc.sans.edu/forums/diary/Couple+of+interesting+Covid19+related+stats/26374/ Adobe Patches Photoshop https://helpx.adobe.com/sec...

https://isc.sans.edu/podcastdetail.html?id=7090

Sextortion Follow the Money Wrapup https://isc.sans.edu/forums/diary/Sextortion+Update+The+Final+Final+Chapter/26334/ "BadPower" USB-C Charger Firmware Weakness (link in chinese) https://xlab.t...

https://isc.sans.edu/podcastdetail.html?id=7088

#SigRed Update https://isc.sans.edu/forums/diary/Hunting+for+SigRed+Exploitation/26362/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/ Exploitation of ZeroSh...

https://isc.sans.edu/podcastdetail.html?id=7086

Twitter Compromise https://twitter.com/TwitterSupport/status/1283591846464233474?s=20 SIGRed PoC hxxps://github.com/maxpl0it/CVE-2020-1350-DoS Apple Updates https://support.apple.com/en-us/HT...

https://isc.sans.edu/podcastdetail.html?id=7084

MSFT DNS Server Vulnerability https://isc.sans.edu/forums/diary/PATCH+NOW+SIGRed+CVE20201350+Microsoft+DNS+Server+Vulnerability/26356/ https://www.sans.org/webcasts/about-windows-dns-vulnerabili...

https://isc.sans.edu/podcastdetail.html?id=7082

MSFT Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+July+2020+Patch+Tuesday+Patch+Now/26350/ Adobe Patches https://helpx.adobe.com/security.html

https://isc.sans.edu/podcastdetail.html?id=7080

Purged VBA Code https://isc.sans.edu/forums/diary/Maldoc+VBA+Purging+Example/26342/ Password protected VBA Code https://isc.sans.edu/forums/diary/VBA+Project+Passwords/26346/ MacOS mount_apfs...

https://isc.sans.edu/podcastdetail.html?id=7078

Excel Spreadsheet Macro Kicks Off Formbook Infection https://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/ Zoom Update Fixing Zoom on Windows 7 Vulnerabil...

https://isc.sans.edu/podcastdetail.html?id=7076

Citrix Scanning https://isc.sans.edu/forums/diary/Active+Exploit+Attempts+Targeting+Recent+Citrix+ADC+Vulnerabilities+CTX276688/26330/ https://www.youtube.com/watch?time_continue=6&v=1_D4_9BKHSc...

https://isc.sans.edu/podcastdetail.html?id=7074

Obfuscated Malware https://isc.sans.edu/forums/diary/If+You+Want+Something+Done+Right+You+Have+To+Do+It+Yourself+Malware+Too/26320/ PaloAlto Networks PAN-OS CVE-2020-2034 https://security.paloa...

https://isc.sans.edu/podcastdetail.html?id=7072

F5 Big IP Wrapup https://twitter.com/NCCGroupInfosec/status/1280593966879125504 https://www.sans.org/webcasts/116065 Citrix ADC / Citrix Gateway Patches https://www.citrix.com/blogs/2020/07/07...

https://isc.sans.edu/podcastdetail.html?id=7070

More BigIP Exploits https://isc.sans.edu/forums/diary/Summary+of+CVE20205902+F5+BIGIP+RCE+Vulnerability+Exploits/26316/ Special F5 BigIP Webcast https://www.sans.org/webcasts/116065 Microsoft...

https://isc.sans.edu/podcastdetail.html?id=7068

F5 BigIP Critical RCE https://support.f5.com/csp/article/K52145254 https://isc.sans.edu/forums/diary/CVE20205902+F5+BIGIP+Exploitation+Attempt/26310/ https://github.com/rapid7/metasploit-framew...

https://isc.sans.edu/podcastdetail.html?id=7066

Alina PoS Malware Exfiltrating Data via DNS https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/ Evil Quest "Ransomware" Update https://objective-see.com/blog/blog_0x5...

https://isc.sans.edu/podcastdetail.html?id=7064

Window 10 / 2019 Server Out of Order Patch https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE...

https://isc.sans.edu/podcastdetail.html?id=7062

Sysmon 11.10 and ADS Logging https://isc.sans.edu/forums/diary/Sysmon+and+Alternate+Data+Streams/26292/ Paloalto PAN-OS SAML Vulnerability https://security.paloaltonetworks.com/CVE-2020-2021 ...

https://isc.sans.edu/podcastdetail.html?id=7060

MacOS 11 Security Changes https://www.sentinelone.com/blog/macos-big-sur-9-big-surprises-for-enterprise-security/ Certificate Lifetime Limited to 1 Year Starting September https://chromium.goog...

https://isc.sans.edu/podcastdetail.html?id=7058

Recordings of the Tech Tuesday Workshop https://isc.sans.edu/forums/diary/Tech+Tuesday+Recap+Recordings+Part+2+Installing+the+Honeypot+release/26280/ https://www.youtube.com/channel/UCfbOsqPmWg1...

https://isc.sans.edu/podcastdetail.html?id=7056

Using Shell Links as zero-touch downloaders and to initiate network connections https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26...

https://isc.sans.edu/podcastdetail.html?id=7054

Analysis Of Traffic Targeting CyberBunker IP Space https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/ Microsoft Offering Enterpr...

https://isc.sans.edu/podcastdetail.html?id=7052

Comparing Office Documents with WinMerge https://isc.sans.edu/forums/diary/Comparing+Office+Documents+with+WinMerge/26268/ VMWare Tools and Microsoft Office Updates for macOS https://www.vmware...

https://isc.sans.edu/podcastdetail.html?id=7050

Sigma Rules! The Generic Signature Format for SIEM Systems https://isc.sans.edu/forums/diary/Sigma+rules+The+generic+signature+format+for+SIEM+systems/26258/ Pi Zero Honeypot https://isc.sans.e...

https://isc.sans.edu/podcastdetail.html?id=7048

Broken Phishing Accidentially Exploiting Outlook Zero-Day https://isc.sans.edu/forums/diary/Broken+phishing+accidentally+exploiting+Outlook+zeroday/26254/ Webcast: https://www.sans.org/webcasts...

https://isc.sans.edu/podcastdetail.html?id=7046

Odd Protest Spam (Scam?) Targeting Atlanta Police Foundation https://isc.sans.edu/forums/diary/Odd+Protest+Spam+Scam+Targeting+Atlanta+Police+Foundation/26248/ Zoom Publishes End-to-End Encrypt...

https://isc.sans.edu/podcastdetail.html?id=7044

Sextortion to the Next Level https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/ TMobile Outage Due to Configuration Error https://www.scmagazine.com/home/security-news/outage...

https://isc.sans.edu/podcastdetail.html?id=7042

HTML Based Phishing Run https://isc.sans.edu/forums/diary/HTML+based+Phishing+Run/26242/ Major T-Mobile Outage (may affect other carriers as well) https://twitter.com/NevilleRay/status/12726507...

https://isc.sans.edu/podcastdetail.html?id=7040

Fileless Excel Malware https://isc.sans.edu/forums/diary/Malicious+Excel+Delivering+Fileless+Payload/26232/ Windows Update Issues https://support.microsoft.com/en-us/help/4566779/usb-printer-po...

https://isc.sans.edu/podcastdetail.html?id=7038

Anti-Debugging JavaScript Techniques https://isc.sans.edu/forums/diary/AntiDebugging+JavaScript+Techniques/26228/ Facebook Messenger Desktop App Vulnerability https://blog.reasonsecurity.com/20...

https://isc.sans.edu/podcastdetail.html?id=7036

Job Application Themed Malspam Pushes ZLoader https://isc.sans.edu/forums/diary/Job+applicationthemed+malspam+pushes+ZLoader/26222/ More Expiring Root CAs https://scotthelme.co.uk/impending-doo...

https://isc.sans.edu/podcastdetail.html?id=7034

Microsoft Patch Day https://isc.sans.edu/forums/diary/Microsoft+June+2020+Patch+Tuesday/26220/ SMBleed https://github.com/ZecOps/CVE-2020-1206-POC Adobe Patches https://helpx.adobe.com/securi...

https://isc.sans.edu/podcastdetail.html?id=7032

Translating BASE64 Obfuscated Scripts https://isc.sans.edu/forums/diary/Translating+BASE64+Obfuscated+Scripts/26214/ Fake Ransomware Decryptor https://www.bleepingcomputer.com/news/security/fak...

https://isc.sans.edu/podcastdetail.html?id=7030

PHP FastCGI Attacks https://isc.sans.edu/forums/diary/Not+so+FastCGI/26208/ Protest Cybersecurity https://isc.sans.edu/forums/diary/Cyber+Security+for+Protests/26210/ uBlock Origin Blocks Por...

https://isc.sans.edu/podcastdetail.html?id=7028

Anti-Debugging Technique Based on Memory Protection https://isc.sans.edu/forums/diary/AntiDebugging+Technique+based+on+Memory+Protection/26200/ Suspending Suspicious Domain Feed/Update to Resea...

https://isc.sans.edu/podcastdetail.html?id=7026

Polish Malspam Pushes ZLoader Malware https://isc.sans.edu/forums/diary/Polish+malspam+pushes+ZLoader+malware/26196/ Cisco Patches IP-in-IP Flaw https://securityaffairs.co/wordpress/104192/secu...

https://isc.sans.edu/podcastdetail.html?id=7024

Type 2 Strackstrings https://isc.sans.edu/forums/diary/Stackstrings+type+2/26192/ More Details About AddTrust External CA Root Expiration https://www.agwa.name/blog/post/fixing_the_addtrust_roo...

https://isc.sans.edu/podcastdetail.html?id=7022

Apple Patches Unc0ver https://support.apple.com/en-us/HT201222 Office 365 Adds Details About Malicious E-Mail Attachments https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchte...

https://isc.sans.edu/podcastdetail.html?id=7020

Sectigo AddTrust CA Expired https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 Critical Sign In With Apple Flaw https://bhavukjain.com/blog/20...

https://isc.sans.edu/podcastdetail.html?id=7018

USBFuzz Finds Numerous USB Flaws https://www.nebelwelt.net/files/20SEC3.pdf Cisco Products Vulnerable to Saltstack Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdv...

https://isc.sans.edu/podcastdetail.html?id=7016

Phishing With Google Cloud https://isc.sans.edu/forums/diary/Frankensteins+phishing+using+Google+Cloud+Storage/26174/ Trend Micro AntiVirus Blocked by Microsoft https://billdemirkapi.me/How-to-...

https://isc.sans.edu/podcastdetail.html?id=7014

Where is SHA3 https://isc.sans.edu/forums/diary/Seriously+SHA3+where+art+thou/26170/ Apple Updates https://support.apple.com/en-us/HT201222 Google ZDI Releases Details Regarding Unpatched Win...

https://isc.sans.edu/podcastdetail.html?id=7012

Malicious PowerPoint Add-Ins Deliver Malware https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Virtual Machine Delivers Malware https://news.sophos....

https://isc.sans.edu/podcastdetail.html?id=7010

Malware Triage with FLOSS: API Calls Based Behavior https://isc.sans.edu/forums/diary/Malware+Triage+with+FLOSS+API+Calls+Based+Behavior/26156/ Verizon Breach Report https://enterprise.verizon....

https://isc.sans.edu/podcastdetail.html?id=7008

IceID Malware Update https://isc.sans.edu/forums/diary/Microsoft+Word+document+with+malicious+macro+pushes+IcedID+Bokbot/26146/ NXNSAttack DNS Amplification https://www.nxnsattack.com/ https:/...

https://isc.sans.edu/podcastdetail.html?id=7006

Spike of Scans for Port 62234 https://isc.sans.edu/forums/diary/What+is+up+on+Port+62234/26144/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x https://tools.cisco.c...

https://isc.sans.edu/podcastdetail.html?id=7004

Antivirus & Multiple Detections https://isc.sans.edu/forums/diary/Antivirus+Multiple+Detections/26134/ Office 365 Returning Search Results from Other Organizations https://www.theregister.co.uk...

https://isc.sans.edu/podcastdetail.html?id=7002

OWA Scans https://isc.sans.edu/forums/diary/Scanning+for+Outlook+Web+Access+OWA+Microsoft+Exchange+Control+Panel+ECP/26132/ Edison iOS E-Mail Client Leaks Data https://www.theverge.com/2020/5/1...

https://isc.sans.edu/podcastdetail.html?id=7000

Rethinking Severity https://isc.sans.edu/forums/diary/Patch+Tuesday+Revisited+CVE20201048+isnt+as+Medium+as+MS+Would+Have+You+Believe/26124/ Top Exploited Vulnerabilities https://www.us-cert.go...

https://isc.sans.edu/podcastdetail.html?id=6998

Malspam with Links to ZIP Archives Pushes Dridex Malware https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/ Ramsay Cyber Espionage Toolkit https:/...

https://isc.sans.edu/podcastdetail.html?id=6996

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/ Adobe Security Updates https://helpx.adobe.com/security.html Android Applications Expose Fire...

https://isc.sans.edu/podcastdetail.html?id=6994

Excel 4 Macro Analysis: XLMMacroDeobfuscator https://isc.sans.edu/forums/diary/Excel+4+Macro+Analysis+XLMMacroDeobfuscator/26110/ LinkedIn Phish https://youtu.be/g0WHz6rikoc ThunderSpy Thunde...

https://isc.sans.edu/podcastdetail.html?id=6992

YARA 4.0.0 Released https://isc.sans.edu/forums/diary/YARA+v400+BASE64+Strings/26106/ VMWare Patches vRealize to Address Saltstack Vulnerabilities https://www.vmware.com/security/advisories/VMS...

https://isc.sans.edu/podcastdetail.html?id=6990

Scanning With NMAP NSE Scripts https://isc.sans.edu/forums/diary/Scanning+with+nmaps+NSE+scripts/26096/ iOS Psychic Paper Vulerability https://siguza.github.io/psychicpaper/ World Password Da...

https://isc.sans.edu/podcastdetail.html?id=6988

Keeping an Eye on Malicious Files Life Time https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Malicious+Files+Life+Time/26092/ Fake Crypto Wallet Chrome Extensions https://www.theregister.co....

https://isc.sans.edu/podcastdetail.html?id=6986

Do Cloud Security Features Replace Pesonnel Security Capabilities? https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/ Cit...

https://isc.sans.edu/podcastdetail.html?id=6984

Exploring the Sysmon 11 File Deletion Protection https://isc.sans.edu/forums/diary/Sysmon+and+File+Deletion/26084/ Digicert CT Compromise https://groups.google.com/a/chromium.org/forum/#!topic/...

https://isc.sans.edu/podcastdetail.html?id=6982

ZIP Files and AES https://isc.sans.edu/forums/diary/ZIP+AES/26080/ Saltstack Vulnerability Exploited in the Wild https://status.ghost.org/ Mobile Device Manager Compromise https://research.ch...

https://isc.sans.edu/podcastdetail.html?id=6980

Collecting IOCs from IMAP Folder https://isc.sans.edu/forums/diary/Collecting+IOCs+from+IMAP+Folder/26070/ Attack Traffic on TCP Port 9673 https://isc.sans.edu/forums/diary/Attack+traffic+on+TC...

https://isc.sans.edu/podcastdetail.html?id=6978

Privacy Preserving Protocols to Trace Covid19 Exposure https://isc.sans.edu/forums/diary/Privacy+Preserving+Protocols+to+Trace+Covid19+Exposure/26066/ Google Chrome Update https://chromerelease...

https://isc.sans.edu/podcastdetail.html?id=6976

Agent Tesla Delivered by the Same Phishing Campagin for Over a Year https://isc.sans.edu/forums/diary/Agent+Tesla+delivered+by+the+same+phishing+campaign+for+over+a+year/26062/ VMWare ESXi Patc...

https://isc.sans.edu/podcastdetail.html?id=6974

Powershell Payload Stored in a PSCredential Object https://isc.sans.edu/forums/diary/Powershell+Payload+Stored+in+a+PSCredential+Object/26058/ Microsoft Teams Account Takeover Bug https://www.c...

https://isc.sans.edu/podcastdetail.html?id=6972

Malware Bazaar https://isc.sans.edu/forums/diary/MALWARE+Bazaar/26052/ CIRA Luanches Canadian Shield https://www.cira.ca/newsroom/canadian-shield/cira-launches-canadian-shield-provide-free-priv...

https://isc.sans.edu/podcastdetail.html?id=6970

GCC's New Security Analyzer Finds Flaw in OpenSSL https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/ IBM Spectrum Protect Server Stack Based Buffer Overflow https://www.ib...

https://isc.sans.edu/podcastdetail.html?id=6968

iOS Mail 0Day https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/ Zoom 5 To Be Released Shortly Addressing Encryption Issues https://blog.zoom.us/wo...

https://isc.sans.edu/podcastdetail.html?id=6966

SpectX: Log Parser for DFIR https://isc.sans.edu/forums/diary/SpectX+Log+Parser+for+DFIR/26040/ Microsoft Patches Autodesk Library in Office https://www.autodesk.com/trust/security-advisories/a...

https://isc.sans.edu/podcastdetail.html?id=6964

KPOT AutoIt Script: Analysis https://isc.sans.edu/forums/diary/KPOT+AutoIt+Script+Analysis/26012/ FPGA Vulnerablity https://www.usenix.org/conference/usenixsecurity20/presentation/ender Nagio...

https://isc.sans.edu/podcastdetail.html?id=6962

Weaponized RTF Document Generator Mailer in PowerShell https://isc.sans.edu/forums/diary/Weaponized+RTF+Document+Generator+Mailer+in+PowerShell/26030/ Microsoft Fixes Bad Anti-Malware Signature...

https://isc.sans.edu/podcastdetail.html?id=6960

Applocker vs. Living off the Land Attacks https://isc.sans.edu/forums/diary/Using+AppLocker+to+Prevent+Living+off+the+Land+Attacks/26032/ Netlink GPON 0-Day https://blog.netlab.360.com/multiple...

https://isc.sans.edu/podcastdetail.html?id=6958

Hunting Without IOCs https://isc.sans.edu/forums/diary/No+IOCs+No+Problem+Getting+a+Start+Hunting+for+Malicious+Office+Files/26026/ Cloudflare/Online Banking Outages https://twitter.com/eastdak...

https://isc.sans.edu/podcastdetail.html?id=6956

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2020+Patch+Tuesday/26022/ Adobe Security Bulletins https://helpx.adobe.com/security.html Microsoft Extending EOL For ...

https://isc.sans.edu/podcastdetail.html?id=6954

Comparing the same Phishing Campaign 3 Months Appart https://isc.sans.edu/forums/diary/Look+at+the+same+phishing+campaign+3+months+apart/26018/ Setting 3D Printers On Fire https://www.coalfire....

https://isc.sans.edu/podcastdetail.html?id=6952

Dynamic Analysis Technique to Get Decrypted KPOT Malware https://isc.sans.edu/forums/diary/Reader+Analysis+Dynamic+analysis+technique+to+get+decrypted+KPOT+Malware/26010/ VMWare vCenter Server ...

https://isc.sans.edu/podcastdetail.html?id=6950

Spoofing OS Fingerprints https://isc.sans.edu/forums/diary/Performing+deception+to+OS+Fingerprint+Part+1+nmap/25960/ Dell iDRAC Patch https://www.dell.com/support/article/de-de/sln320717/dsa-20...

https://isc.sans.edu/podcastdetail.html?id=6948

German Malspam Pushes ZLoader Malware; Decrypting HTTPs https://isc.sans.edu/forums/diary/German+malspam+pushes+ZLoader+malware/25996/ Microsoft Purchases Corp.com https://krebsonsecurity.com/2...

https://isc.sans.edu/podcastdetail.html?id=6946

RDP Scanning Increase https://isc.sans.edu/forums/diary/Increase+in+RDP+Scanning/25994/ Atlassian Advices Users To Secure Jira Service Desk https://community.atlassian.com/t5/Jira-Service-Desk-...

https://isc.sans.edu/podcastdetail.html?id=6944

ROSTELECOM Reroutes Traffic for Multiple Cloud Providers https://twitter.com/bgpmon/status/1246842916502302723 https://bgpstream.com/event/230837 Vuln Cost Security Scanner for VS Code https:/...

https://isc.sans.edu/podcastdetail.html?id=6942

New Bypass Technique or Corrupt Word Document https://isc.sans.edu/forums/diary/New+Bypass+Technique+or+Corrupt+Word+Document/25984/ CitizenLab Analyzes Zoom Encryption https://citizenlab.ca/20...

https://isc.sans.edu/podcastdetail.html?id=6940

Twitter Cache Bug in Firefox https://privacy.twitter.com/en/blog/2020/data-cache-firefox MS-SQL Server Attack https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/ More Zoo...

https://isc.sans.edu/podcastdetail.html?id=6938

Quakbot Malspam Sent From an Infected Windows Host https://isc.sans.edu/forums/diary/Qakbot+malspam+sent+from+an+infected+Windows+host/25972/ TPOT Cowrie to ISC Logs https://isc.sans.edu/forums...

https://isc.sans.edu/podcastdetail.html?id=6936

Kwampirs Update https://isc.sans.edu/forums/diary/Kwampirs+Targeted+Attacks+Involving+Healthcare+Sector/25968/ Exposed RDP https://blog.shodan.io/trends-in-internet-exposure/ D-Link DSL-2640B...

https://isc.sans.edu/podcastdetail.html?id=6934

Crashing Windows Explorer Without a Click https://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/ Zoom Privacy Policy https://blogs.harvard.edu/doc/2020/03/27/zoom/ Zoom...

https://isc.sans.edu/podcastdetail.html?id=6932

Covid19 Domain Classifier https://isc.sans.edu/covidclassifier.html https://www.youtube.com/watch?v=yNIlyJ3gI-4 Attackers Mail Malicious USB Drives and Teddy Bears https://www.trustwave.com/en...

https://isc.sans.edu/podcastdetail.html?id=6930

Very Large Sample as an Obfuscation Technique https://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/ iOS VPN Bypass https://protonvpn.com/blog/apple-ios-vulnerability-d...

https://isc.sans.edu/podcastdetail.html?id=6928

Dridex Update https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/ Covid-19 Ransom https://twitter.com/johullrich/status/1242983197555789824 HP Enterprise SSD Firmware Bug https://...

https://isc.sans.edu/podcastdetail.html?id=6926

Updated Microsoft Advisory 200006 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006 Memcached Denial of Service Vulnerability https://github.com/memcached/memcached/...

https://isc.sans.edu/podcastdetail.html?id=6924

Windows Font Parsing 0-Day https://isc.sans.edu/forums/diary/Windows+Zeroday+Actively+Exploited+Type+1+Font+Parsing+Remote+Code+Execution+Vulnerability/25936/ Covid-19 Malware Summary https://g...

https://isc.sans.edu/podcastdetail.html?id=6922

More Covid19 Malware https://isc.sans.edu/forums/diary/More+COVID19+Themed+Malware/25930/ Working Exploit for the Kr00k Wifi Exploit https://hexway.io/research/r00kie-kr00kie/ ZDI Pwn2Own Res...

https://isc.sans.edu/podcastdetail.html?id=6920

COVID-19 Themed Multistage Malware https://isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/ Cisco SD-WAN Patches https://tools.cisco.com/security/center/publicationListing.x ...

https://isc.sans.edu/podcastdetail.html?id=6918

TrendMicro Update https://success.trendmicro.com/solution/000245571 More VMWare Updates https://www.vmware.com/security/advisories/VMSA-2020-0005.html EnigmaSpark Malware https://securityinte...

https://isc.sans.edu/podcastdetail.html?id=6916

A Quick Summary of Current Reflective DNS DDoS Attacks https://isc.sans.edu/forums/diary/A+Quick+Summary+of+Current+Reflective+DNS+DDoS+Attacks/25916/ Trickbot gtag red5 distributed as DLL File...

https://isc.sans.edu/podcastdetail.html?id=6914

Desktop.ini as a post-exploitation tool https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/ VMWAre Workstatation/Fusion Update https://www.vmware.com/security/advisor...

https://isc.sans.edu/podcastdetail.html?id=6912

Phishing PDFs With Incremental Updates https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/ VPN Access and Active Monitoring https://isc.sans.edu/forums/diary/VPN+Acce...

https://isc.sans.edu/podcastdetail.html?id=6910

Microsoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 Hancitor Distributed Through ...

https://isc.sans.edu/podcastdetail.html?id=6908

Mystery SMB3 Flaw Update https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/ COVID19 Malware https://blog.reasonsecurity.com/2020/03/09/covid-19-info-ste...

https://isc.sans.edu/podcastdetail.html?id=6906

Microsoft Patch Tuesday https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005 https://isc.sans.edu/diary.html?storyid=25886

https://isc.sans.edu/podcastdetail.html?id=6904

Malicious Spreadsheet With Data Connection and Excel 4 Macros https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/ Take a Way: Exploring the Se...

https://isc.sans.edu/podcastdetail.html?id=6902

Excel Maldocs: Hidden Sheets https://isc.sans.edu/forums/diary/Excel+Maldocs+Hidden+Sheets/25876/ Wireshark 3.2.2. Released https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html Linux ...

https://isc.sans.edu/podcastdetail.html?id=6900

Survey Phish https://isc.sans.edu/forums/diary/Will+You+Put+Your+Password+in+a+Survey/25866/ Healthcare.gov Sending E-Mail Looking Like Phishing https://twitter.com/johullrich/status/1235740586...

https://isc.sans.edu/podcastdetail.html?id=6898

MSFT Subdomain Takeover https://vullnerability.com/blog/microsoft-subdomain-account-takeover Homoglyph Attacks in the News Again https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day ...

https://isc.sans.edu/podcastdetail.html?id=6896

Introduction to EvtxEcmd (Evtx Explorer) https://isc.sans.edu/forums/diary/Introduction+to+EvtxEcmd+Evtx+Explorer/25858/ Let's Encrypt Revoking Certificates https://community.letsencrypt.org/t/...

https://isc.sans.edu/podcastdetail.html?id=6894

SSL Distribution by Country https://isc.sans.edu/forums/diary/Secure+vs+cleartext+protocols+couple+of+interesting+stats/25854/ Checkpoint Evasion Encyclopedia https://research.checkpoint.com/20...

https://isc.sans.edu/podcastdetail.html?id=6892

Show me Your Clipboard Data! https://isc.sans.edu/forums/diary/Show+me+Your+Clipboard+Data/25846/ Hazelcast IMDB Discover Scan https://isc.sans.edu/forums/diary/Hazelcast+IMDG+Discover+Scan/258...

https://isc.sans.edu/podcastdetail.html?id=6890

Ultrasonic Triggers for Cellphone Assistants. https://source.wustl.edu/2020/02/surfing-attack-hacks-siri-google-with-ultrasonic-waves/ Comparing Information Leakage from Different Browsers http...

https://isc.sans.edu/podcastdetail.html?id=6888

Kr00k WiFi Attack https://www.eset.com/int/kr00k/ Impersonating LTE Users https://imp4gt-attacks.net/ Zyxel RCE Vulnerablity https://www.kb.cert.org/vuls/id/498544/

https://isc.sans.edu/podcastdetail.html?id=6886

Fraudulant Paypal Charges (links in German) https://twitter.com/iblueconnection/status/1232259071602044928 https://www.heise.de/security/meldung/Google-Pay-Luecke-in-virtuellen-Kreditkarten-erla...

https://isc.sans.edu/podcastdetail.html?id=6884

ScrollToTextFragment Privacy Concerns in Google Chrome 80 https://github.com/WICG/ScrollToTextFragment/issues/76#issue-538137989 https://docs.google.com/document/d/1YHcl1-vE_ZnZ0kL2almeikAj2gkwC...

https://isc.sans.edu/podcastdetail.html?id=6882

Old Style Excel Macro Malware https://isc.sans.edu/forums/diary/Maldoc+Excel+4+Macros+in+OOXML+Format/25830/ Simple But Efficient VBScript Obfuscation https://isc.sans.edu/forums/diary/Simple+b...

https://isc.sans.edu/podcastdetail.html?id=6880

Enumerating Who "Owns" a Workstation for IR https://isc.sans.edu/forums/diary/Whodat+Enumerating+Who+owns+a+Workstation+for+IR/25822/ Special Update for Adobe After Effects and Media Encoder ht...

https://isc.sans.edu/podcastdetail.html?id=6878

Sonicwall Vulnerabilities https://psirt.global.sonicwall.com/vuln-list https://blog.scrt.ch/2020/02/11/sonicwall-sra-and-sma-vulnerabilties/ SQL Server RCE Exploit https://www.mdsec.co.uk/2020...

https://isc.sans.edu/podcastdetail.html?id=6876

Discovering Contents of Folders Without Permission https://isc.sans.edu/forums/diary/Discovering+contents+of+folders+in+Windows+without+permissions/25816/ Ring Enforces 2FA https://blog.ring.co...

https://isc.sans.edu/podcastdetail.html?id=6874

More about Curl on Windows https://isc.sans.edu/forums/diary/curl+and+SSPI/25812/ WHO Warns of Coronavirus Phishing https://www.who.int/about/communications/cyber-security DUO Security / Goog...

https://isc.sans.edu/podcastdetail.html?id=6872

Keep an Eye on Command-Line Browsers https://isc.sans.edu/forums/diary/Keep+an+Eye+on+CommandLine+Browsers/25804/ Old Tricks in New Bots: KBOT https://securelist.com/kbot-sometimes-they-come-ba...

https://isc.sans.edu/podcastdetail.html?id=6870

Changes to Microsoft LDAP/AD And How to Cope with them https://isc.sans.edu/forums/diary/Authmageddon+deferred+but+not+averted+Microsoft+LDAP+Changes+now+slated+for+Q3Q4+2020/25800/ https://isc....

https://isc.sans.edu/podcastdetail.html?id=6868

Malspam Pushes Ursnif https://isc.sans.edu/forums/diary/Malpsam+pushes+Ursnif+through+Italian+language+Word+docs/25792/ Safe Documents in Office 365 Advanced Threat Protection https://docs.micr...

https://isc.sans.edu/podcastdetail.html?id=6866

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+February+2020/25790/ Adobe Patches https://helpx.adobe.com/security.html Ransomware Abuses Out of Date Dr...

https://isc.sans.edu/podcastdetail.html?id=6864

Paypal Phish is Asking for Everything https://isc.sans.edu/forums/diary/Current+PayPal+phishing+campaign+or+give+me+all+your+personal+information/25786/ Dell SupportAssist Client Uncontrolled S...

https://isc.sans.edu/podcastdetail.html?id=6862

Sandbox Detection Tricks and Nice Obfuscation in a Single VBScript https://isc.sans.edu/forums/diary/Sandbox+Detection+Tricks+Nice+Obfuscation+in+a+Single+VBScript/25780/ Emotet Spreads via Wif...

https://isc.sans.edu/podcastdetail.html?id=6860

Criticial Bluetooth Vulnerability in Android (CVE-2020-0022) https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/ Wacom Tablets Reports Application Details ...

https://isc.sans.edu/podcastdetail.html?id=6858

Fake Browser Updates installing NetSupport RAT https://isc.sans.edu/forums/diary/Fake+browser+update+pages+are+still+a+thing/25774/ Google Android Update https://source.android.com/security/bul...

https://isc.sans.edu/podcastdetail.html?id=6856

Google Chrome 80 Released https://www.chromium.org/updates/same-site https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html File Read Vulnerablity in WhatsApp htt...

https://isc.sans.edu/podcastdetail.html?id=6854

Triple Encrypted AZORult Installer https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/ New sudo Vulnerability (pwfeedback) https://www.sudo.ws/alerts/pwfe...

https://isc.sans.edu/podcastdetail.html?id=6852

Stego and Cryptominers (with video) https://isc.sans.edu/forums/diary/Video+Stego+Cryptominers/25764/ Corona Virus Phishing / Scams https://blog.knowbe4.com/heads-up-scam-of-the-week-coronaviru...

https://isc.sans.edu/podcastdetail.html?id=6850

Chrome Same-Site Cookie Change https://www.chromestatus.com/feature/5088147346030592 https://docs.microsoft.com/en-us/office365/troubleshoot/miscellaneous/chrome-behavior-affects-applications h...

https://isc.sans.edu/podcastdetail.html?id=6848

Malware Using Text from Impeachment News Coverage https://www.bleepingcomputer.com/news/security/malware-tries-to-trump-security-software-with-potus-impeachment/ Coronavirus Themed Malware Targ...

https://isc.sans.edu/podcastdetail.html?id=6846

Recent Emotet Infection installs Trickbot https://isc.sans.edu/forums/diary/Emotet+epoch+1+infection+with+Trickbot+gtag+mor84/25752/ Apple Updates https://support.apple.com/en-us/HT201222 Zoo...

https://isc.sans.edu/podcastdetail.html?id=6844

Coronavirus Preparedness and Associated Scams https://isc.sans.edu/forums/diary/Network+Security+Perspective+on+Coronavirus+Preparedness/25750/ RD Gateway RCE Exploit Demoed https://twitter.com...

https://isc.sans.edu/podcastdetail.html?id=6842

Citrix Releases ADC Updates For All Versions https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/ Temporary Windows 0-Day Fix Breaks Printers https://www.redd...

https://isc.sans.edu/podcastdetail.html?id=6840

Simple vs. Complex Obfuscation https://isc.sans.edu/forums/diary/Complex+Obfuscation+VS+Simple+Trick/25738/ RD Gateway PoC Exploit Release https://github.com/ollypwn/BlueGate Citrix ADC Compr...

https://isc.sans.edu/podcastdetail.html?id=6838

German Malspam Pushing Ursnif https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/ Tracking Users Using Safari's Intelligent Tracking Prevention https://arxiv.org/pdf/...

https://isc.sans.edu/podcastdetail.html?id=6836

DeepBlueCLI https://isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/ https://github.com/sans-blue-team/DeepBlueCLI EFS Ransomware https://safebreach.com/Post/EFS-Ransomwa...

https://isc.sans.edu/podcastdetail.html?id=6834

Twist on Sextortion https://www.dailymail.co.uk/sciencetech/article-7886055/Sextortion-campaign-targets-users-Google-Nest-smart-camera.html Emotet Uses Extortion to Infect Systems https://www.b...

https://isc.sans.edu/podcastdetail.html?id=6832

Microsoft Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001 CVE-2020-0601 Update https://isc.sans.edu/forums/diary/Su...

https://isc.sans.edu/podcastdetail.html?id=6830

CVE-2020-0601 Update ("Curveball" , "Letsdecrypt") https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/ https://curveballtest.com Certain Netscaler...

https://isc.sans.edu/podcastdetail.html?id=6828

CVE-2020-0601 Followup https://isc.sans.edu/forums/diary/CVE20200601+Followup/25714/ Oracle Patches https://www.oracle.com/security-alerts/cpujan2020.html

https://isc.sans.edu/podcastdetail.html?id=6826

Microsoft January 2020 Patch Tuesday and #CryptoAPI Flaw Webcast: https://sans.org/cryptoapi-isc Diary: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/ NSA ...

https://isc.sans.edu/podcastdetail.html?id=6824

Upcoming Critical MSFT Patch https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ SIM Swapping is Easy https://www.issms2fasecure.com/assets/sim_swaps-01-10-...

https://isc.sans.edu/podcastdetail.html?id=6822

Citrix ADC Vulnerability Actively Exploited. Assume vulnerable systems are compromised. Updated Citrix Advisory: https://support.citrix.com/article/CTX267027 Exploit Activity Summary: https://...

https://isc.sans.edu/podcastdetail.html?id=6820

Another Malicious Word Document https://isc.sans.edu/forums/diary/Quick+Analyzis+of+another+Maldoc/25694/ SHA1 Update https://sha-mbles.github.io/ Cisco Updates https://tools.cisco.com/securi...

https://isc.sans.edu/podcastdetail.html?id=6818

Critical Firefox Update Fixing Exploited Bug https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ 3 Google Play Store Apps Exploit Android Zero-Day https://blog.trendmicro.com/trendla...

https://isc.sans.edu/podcastdetail.html?id=6816

Citrix ADC Update https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/ Pulse Secure SSLVPN Exploited https://devco.re/blog/2019/...

https://isc.sans.edu/podcastdetail.html?id=6814

Spoofed Scans from 103/8 https://isc.sans.edu/forums/diary/Increase+in+Number+of+Sources+January+3rd+and+4th+spoofed/25678/ Iran Terror Threat https://www.dhs.gov/sites/default/files/ntas/alert...

https://isc.sans.edu/podcastdetail.html?id=6812

Quick Summary of the California Conumser Privacy Act https://isc.sans.edu/forums/diary/CCPA+Quick+Overview/25668/ Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListin...

https://isc.sans.edu/podcastdetail.html?id=6810

Ransomware written in JavaScript using Node.js https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/ Landry Restaurant PoS Breach https://www.landrysinc.com/CreditNotice/CANotice.asp ...

https://isc.sans.edu/podcastdetail.html?id=6808

ISC API Update https://isc.sans.edu/api https://isc.sans.edu/forums/diary/Miscellaneous+Updates+to+our+Threatfeed+API/25654/ CCC Conference https://fahrplan.events.ccc.de/congress/2019/Fahrpla...

https://isc.sans.edu/podcastdetail.html?id=6806

Breaking 2FA Soft Tokens https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf PiHole Dashboard https://isc.sans.edu/forums/diary/ELK+Dashboard+for+Pihole+Logs/25...

https://isc.sans.edu/podcastdetail.html?id=6804

Citrix Application Delivery Controller (Netscaler ADC) Critical Vulnerability https://www.ptsecurity.com/ww-en/about/news/citrix-vulnerability-allows-criminals-to-hack-networks-of-80000-companies...

https://isc.sans.edu/podcastdetail.html?id=6802

Extracting VBA Macros From .DWG Files https://isc.sans.edu/forums/diary/Extracting+VBA+Macros+From+DWG+Files/25634/ Cisco PKI Self-Signed Certificate Expiration https://www.cisco.com/c/en/us/su...

https://isc.sans.edu/podcastdetail.html?id=6800

More DNS over HTTPS Details https://isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/ Ransomware Outing Victims https://krebsonsecurity....

https://isc.sans.edu/podcastdetail.html?id=6798

An Emotet Update https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/ Emotet Used to Spread Malware From German Federal Agency Accounts (german) https://www.bsi.bund....

https://isc.sans.edu/podcastdetail.html?id=6796

Discovering DNS over HTTPS https://isc.sans.edu/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616/ Ring Camera Weaknesses https://www.vice.com/en_us/article/ep...

https://isc.sans.edu/podcastdetail.html?id=6794

Slack "Unshare" Not Working As Expected https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/ Google Making OAUTH Mandatory for GSuite https://gsuiteupdates.goo...

https://isc.sans.edu/podcastdetail.html?id=6792

VBA Macros in Autocad https://isc.sans.edu/forums/diary/Malicious+DWG+Files/25612/ OpenBSD Privilege Escalation Vulnerability https://www.qualys.com/2019/12/11/cve-2019-19726/local-privilege-es...

https://isc.sans.edu/podcastdetail.html?id=6790

Malware Information Sharing https://isc.sans.edu/forums/diary/Code+Data+Reuse+in+the+Malware+Ecosystem/25598/ Apple Improves Tracking Prevention Tracking in WebKit https://webkit.org/blog/9661/...

https://isc.sans.edu/podcastdetail.html?id=6788

German Malspam Installs Trickbot https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/ Vulnerable KeyWe Smart Lock https://labs.f-secure.com/advis...

https://isc.sans.edu/podcastdetail.html?id=6786

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+December+2019+Patch+Tuesday/25592/ https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95...

https://isc.sans.edu/podcastdetail.html?id=6784

Another Word Maldoc https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/ Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus https://news.sophos.com/en-us/2019...

https://isc.sans.edu/podcastdetail.html?id=6782

E-Mail Includes Entire HTML/Javascript Phishing Kit https://isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/ Great Canon / Red Canon Activated to Silen...

https://isc.sans.edu/podcastdetail.html?id=6780

OpenBSD Authentication Bypass and Privilege Escalation Vulnerability https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt?_ga=2.58244398.587934852.157553082...

https://isc.sans.edu/podcastdetail.html?id=6778

Atlasian Companion App / IBM Aspera Cloud https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/ https://confluence.atlassian.com/doc/administering-the-atlassian-companion-app-9584562...

https://isc.sans.edu/podcastdetail.html?id=6776

Avast Online Security and Avast Secure Browser Blocked for Spying on Users https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/ Google Android Updates ...

https://isc.sans.edu/podcastdetail.html?id=6774

Increased Scans on Port 26 https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/ Recent Ursnif Malspam https://isc.sans.edu/forums/diary/Ursnif+infection+with+Dridex/25566...

https://isc.sans.edu/podcastdetail.html?id=6772

Agent Tesla Malware Sample Analysis https://isc.sans.edu/forums/diary/Finding+an+Agent+Tesla+malware+sample/25554/ Search With SauronEye https://isc.sans.edu/forums/diary/ISC+Snapshot+Search+wi...

https://isc.sans.edu/podcastdetail.html?id=6770

Playing With Phishing https://isc.sans.edu/forums/diary/Lessons+learned+from+playing+a+willing+phish/25552/ HPE SSD Drives will Stop Working in 3 years https://support.hpe.com/hpsc/doc/public/d...

https://isc.sans.edu/podcastdetail.html?id=6768

DNS over HTTPS (DoH) in SOHO Networks https://isc.sans.edu/forums/diary/My+Little+DoH+Setup/25548/ Fortinet Weak Crypto https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-ha...

https://isc.sans.edu/podcastdetail.html?id=6766

Web Filter Misconfiguration Abused for Recognisance https://isc.sans.edu/forums/diary/Abusing+Web+Filters+Misconfiguration+for+Reconnaissance/25538/ Local Malware Analysis with Malice https://i...

https://isc.sans.edu/podcastdetail.html?id=6764

Weaknesses in Memory Encryption Solutions https://arxiv.org/abs/1908.11680 GetMonero Wallet Compromised https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html RIPlace Ransomwa...

https://isc.sans.edu/podcastdetail.html?id=6762

Latest Hancitor Malspam Update https://isc.sans.edu/forums/diary/Hancitor+infection+with+Pony+Evil+Pony+Ursnif+and+Cobalt+Strike/25532/ Oracle Payday Vulnerabilities Exploited https://www.onaps...

https://isc.sans.edu/podcastdetail.html?id=6760

JAWS DVR Bot https://isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/ TianFu Cup https://twitter.com/TianfuCup Microsoft Access Hotfix https://support.m...

https://isc.sans.edu/podcastdetail.html?id=6758

Carriers Filter SMS Messages Sent By Applications https://isc.sans.edu/forums/diary/SMS+and+2FA+Another+Reason+to+Move+away+from+It/25526/ Intel Removing BIOS Downloads for EOL Hardware https:/...

https://isc.sans.edu/podcastdetail.html?id=6756

TPM Fail Update https://downloadcenter.intel.com/download/28632 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html Office November Update Issues https://bornc...

https://isc.sans.edu/podcastdetail.html?id=6754

LokiBot Update (November 2019) https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/ Some Packet-Fu with Zeek https://isc.sans.edu/forums/diary/So...

https://isc.sans.edu/podcastdetail.html?id=6752

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2019+Microsoft+Patch+Tuesday/25516/ Adobe Update https://helpx.adobe.com/security.html Facebook Camera Bug https://www.cnet....

https://isc.sans.edu/podcastdetail.html?id=6750

Are We Going Back to TheMoon And How is Liquor Involved https://isc.sans.edu/forums/diary/Are+We+Going+Back+to+TheMoon+and+How+is+Liquor+Involved/25512/ New Update for Magento Shopping Cart htt...

https://isc.sans.edu/podcastdetail.html?id=6748

Microsoft Applications Diverted from Their Main Use https://isc.sans.edu/forums/diary/Microsoft+Apps+Diverted+from+Their+Main+Use/25502/ Did Bluekeep Malware Afect Patching https://isc.sans.edu...

https://isc.sans.edu/podcastdetail.html?id=6746

Adobe Mobile SDK Update Fixes TLS Defaults https://wwws.nightwatchcybersecurity.com/2019/11/06/insecure-defaults-in-adobes-mobile-sdks/ QNAP Updates QSnatch Advisory https://www.qnap.com/en/sec...

https://isc.sans.edu/podcastdetail.html?id=6744

Google Improving PlayStore Security With Partners https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html Xen Security Advisories https://xenbits.xen.org/xsa/ npcap poo...

https://isc.sans.edu/podcastdetail.html?id=6742

Formbook Malspam https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/ Honeypot Update https://github.com/DShield-ISC/dshield Office on Mac XLM Macros https://kb.cert...

https://isc.sans.edu/podcastdetail.html?id=6740

Clam AV Vulnerability https://twitter.com/hackerfantastic/status/1190685521153937408 https://pastebin.com/cfP7X89m XCode Vulnerability https://support.apple.com/en-is/HT210729 MikroTik DNS C...

https://isc.sans.edu/podcastdetail.html?id=6738

Critical Google Chrome Update Fixes Exploited Vulnerability https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html Blue Keep Vulnerability Mass Exploited to Ins...

https://isc.sans.edu/podcastdetail.html?id=6736

Phishing Made Easy With EML Files and Outlook 365 https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/ Microsoft TLS Security Enhancements Lead to Timeouts htt...

https://isc.sans.edu/podcastdetail.html?id=6734

Apple Security Updates Details Released https://support.apple.com/en-us/HT201222 Untitled Goose Deserialization https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization Inse...

https://isc.sans.edu/podcastdetail.html?id=6732

xHelper Android Malware https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware Counterstrike Game Keys Used for Money Laundry https://blog.counter-strike.net/index.php/2019/...

https://isc.sans.edu/podcastdetail.html?id=6730

PHP 7 Remote Code Execution Vulnerability Exploited https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/ https://github.com/neex/phuip-fpizdam Finding...

https://isc.sans.edu/podcastdetail.html?id=6728

Odd Double Base64 Endoded "BS_REAL_IP" Header https://isc.sans.edu/forums/diary/Unusual+Activity+with+Double+Base64+Encoding/25458/ DNS Archeology With PowerShell https://isc.sans.edu/forums/di...

https://isc.sans.edu/podcastdetail.html?id=6726

XML External Entity Vuln in LSP4XML Affects Various Developer Tools https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true Google Chro...

https://isc.sans.edu/podcastdetail.html?id=6724

FTC Issues SIM Swapping Guidance https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself Discord Used as Info Stealer Backdoor https://www.bleepingcomputer.com/news/securi...

https://isc.sans.edu/podcastdetail.html?id=6722

Testing TLS 1.3 And Supported Ciphers https://isc.sans.edu/forums/diary/Testing+TLSv13+and+supported+ciphers/25442/ Google Chrome 78 Released https://chromereleases.googleblog.com/2019/10/stab...

https://isc.sans.edu/podcastdetail.html?id=6720

DNS over TLS Scans https://isc.sans.edu/forums/diary/Whats+up+with+TCP+853+DNS+over+TLS/25438/ NordVPN and Others Compromised https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/ ...

https://isc.sans.edu/podcastdetail.html?id=6718

Attacks Against NVMS-9000 DVR Web Vulnerability https://isc.sans.edu/forums/diary/Scanning+Activity+for+NVMS9000+Digital+Video+Recorder/25434/ Pixel 4 Face Unlock Works with Eyes Shut https://...

https://isc.sans.edu/podcastdetail.html?id=6716

Phishing E-Mail Spoofing SPF Protected Domain https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/ Purchased Domain Arrives with Paypal Accounts Linked to it https...

https://isc.sans.edu/podcastdetail.html?id=6714

Oracle CPU https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Jackson-Databind Vulnerablity https://github.com/FasterXML/jackson-databind/issues/2387 VMWare Cloud Fo...

https://isc.sans.edu/podcastdetail.html?id=6712

Adobe Updates https://helpx.adobe.com/security.html Symantec BSOD https://support.symantec.com/us/en/article.TECH256643.html OSX/Shlayer Bypasses Gatekeeper/XProtect https://blog.confiant.com...

https://isc.sans.edu/podcastdetail.html?id=6710

sudo vulnerability https://www.sudo.ws/alerts/minus_1_uid.html Apple Safebrowsing Controversy https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe...

https://isc.sans.edu/podcastdetail.html?id=6708

YARA Update https://isc.sans.edu/forums/diary/YARA+v3110+released/25408/ Hacking Back Against Ransomware https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decry...

https://isc.sans.edu/podcastdetail.html?id=6706

Mining Live Networks for OUI Data Oddness https://isc.sans.edu/forums/diary/Mining+Live+Networks+for+OUI+Data+Oddness/25404/ iTerm2 Vulnerability https://groups.google.com/forum/#!topic/iterm2-...

https://isc.sans.edu/podcastdetail.html?id=6704

What Data Does Vidar Malware Steal https://isc.sans.edu/forums/diary/What+data+does+Vidar+malware+steal+from+an+infected+host/25398/ NTLM MIC Bypass https://www.preempt.com/blog/drop-the-mic-2-...

https://isc.sans.edu/podcastdetail.html?id=6702

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/ Android Update https://source.android.com/security/bulletin/2019-10-01 vBulletin Update h...

https://isc.sans.edu/podcastdetail.html?id=6700

Cloudflare Warp + NordVPN on iOS Leads to Traffic in the Clear https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ WhatsApp Bug https://awakened1712.github.io/hacking/hacking-whats...

https://isc.sans.edu/podcastdetail.html?id=6698

visNetwork for Network Data https://isc.sans.edu/forums/diary/visNetwork+for+Network+Data/25390/ Android Priv. Escalation Vulnerability Exploited in the Wild https://bugs.chromium.org/p/project...

https://isc.sans.edu/podcastdetail.html?id=6696

Last Files Ransomware is Back With New Ruse https://isc.sans.edu/forums/diary/LostFiles+Ransomware/25382/ tcpdump vulnerabilities https://www.tcpdump.org/tcpdump-changes.txt TLS Manipulating ...

https://isc.sans.edu/podcastdetail.html?id=6694

Latest Emotet News https://isc.sans.edu/forums/diary/A+recent+example+of+Emotet+malspam/25378/ SANS Ouch! Newsletter https://www.sans.org/security-awareness-training/resources/four-simple-steps...

https://isc.sans.edu/podcastdetail.html?id=6692

PDF Encryption Flaw https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html Windows 7 Security Updates Beyond 2020 https://www.microsoft.com/en-us/microsoft-365/blog...

https://isc.sans.edu/podcastdetail.html?id=6690

Maldoc, PowerShell and BITS https://isc.sans.edu/forums/diary/Maldoc+PowerShell+BITS/25372/ Yet Another Critical Exim Flaw https://nvd.nist.gov/vuln/detail/CVE-2019-16928 CISCO Introduces Sem...

https://isc.sans.edu/podcastdetail.html?id=6688

Polycom Scans https://isc.sans.edu/forums/diary/New+Scans+for+Polycom+Autoconfiguration+Files/25366/ Apple Security Details https://support.apple.com/en-us/HT201222 iOS Jailbreak https://gith...

https://isc.sans.edu/podcastdetail.html?id=6686

vBulletin Botnet https://twitter.com/bad_packets/status/1177256656322695168 Cisco Industrial Router Security Bulletin https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco...

https://isc.sans.edu/podcastdetail.html?id=6684

Malspam Pushing Quasar RAT https://isc.sans.edu/forums/diary/Malspam+pushing+Quasar+RAT/25354/ vBulletin 0-Day Exploit Update https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-e...

https://isc.sans.edu/podcastdetail.html?id=6682

Remotewebaccess.com Domain in Certificate Transparency Logs https://isc.sans.edu/forums/diary/Huge+Amount+of+remotewebaccesscom+Sites+Found+in+Certificate+Transparency+Logs/25352/ Adobe Release...

https://isc.sans.edu/podcastdetail.html?id=6680

Microsoft Releases Special Patch for Exploited Vulnerability in Internet Explorer https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367 Cloudflare Adding "Bot Fight" ...

https://isc.sans.edu/podcastdetail.html?id=6678

Popular Android Selfie Apps Act as Adware https://www.wandera.com/mobile-security/google-play-adware/ Wireshark Update https://www.wireshark.org/docs/relnotes/wireshark-3.0.5.html Harbor Priv...

https://isc.sans.edu/podcastdetail.html?id=6676

Agent Tesla https://isc.sans.edu/forums/diary/Agent+Tesla+Trojan+Abusing+Corporate+Email+Accounts/25336/ Apple Updates https://support.apple.com/en-us/HT201222 https://developer.apple.com/docu...

https://isc.sans.edu/podcastdetail.html?id=6674

Analyzing a Current Emotet Sample https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/ Windows Defender "Scan Now" Failed Bug Fix https://www.bleepingcomputer.com/news/microsoft/wind...

https://isc.sans.edu/podcastdetail.html?id=6672

Investigating Gaps in Windows Event Logs https://isc.sans.edu/forums/diary/Investigating+Gaps+in+your+Windows+Event+Logs/25328/ SOHOpelesly Broken 2 https://www.securityevaluators.com/whitepape...

https://isc.sans.edu/podcastdetail.html?id=6670

Encrypted Sextortion https://isc.sans.edu/forums/diary/Encrypted+Sextortion+PDFs/25324/ SimJacker https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile LastPass Pas...

https://isc.sans.edu/podcastdetail.html?id=6668

Rig Exploit Kit Delivering VBScript https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+Delivering+VBScript/25318/ Pentesters Arrested During Physical Access Pentest https://arstechnica.com/infor...

https://isc.sans.edu/podcastdetail.html?id=6666