ISC StormCast for Friday, September 30th, 2022

By Dr. Johannes B. Ullrich PNG Analysis with pngdump.py
https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/
Possible Exchange Server 0-Day Vulnerability
https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
More Here      

ISC StormCast for Thursday, September 29th, 2022

By Dr. Johannes B. Ullrich 10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability
https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098
IRS Reports Significant Increase in Texting Scams
https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant
Cloudflare Releases Turnsitle, a user-friendly, privacy-preserving CAPTCHA alternative
https://blog.cloudflare.com/turnstile-private-captcha-alternative/
Cisco Patches
https://kb.cert.org/vuls/id/855201
Chrome 106 Release
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html?m=1
More Here      

ISC StormCast for Tuesday, September 27th, 2022

By Dr. Johannes B. Ullrich Easy Python Sandbox Detection
https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090
Hackers use PowerPoint Files for “Mouseover” Malware Delivery
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Redis 7.0 XAUTOCLAIM Heap Overflow
https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9
Scoreboard Hacking
https://maxwelldulin.com/BlogPost?post=7118102528
More Here      

ISC StormCast for Monday, September 26th, 2022

By Dr. Johannes B. Ullrich Kids Like Cookies and Malware Likes them Too
https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082
Downloading Files from Removed Domains
https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/
WhatsApp Security Updates
https://www.whatsapp.com/security/advisories/2022/
Sophos RCE Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
CircleCI Phishing Attacks Used to Access GitHub Accounts
https://discuss.circleci.com/t/circleci-security-alert-warning-phishing-attempt-for-login-credentials/45408
More Here