ISC StormCast for Friday, January 27th, 2023

By Dr. Johannes B. Ullrich Live Linux IR with UAC
https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480
Bitwarden Phishing
https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704
https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/
PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets
https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/
Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin
https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin
Windows Crypto API Vuln PoC
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
BIND Patches
https://kb.isc.org/docs/cve-2022-3094
More Here      

ISC StormCast for Thursday, January 26th, 2023

By Dr. Johannes B. Ullrich First Malicious OneNote Document
https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470
Guidance for Securing Remote Monitoring and Management Software
https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF
Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts
https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts
Microsoft Blocking XLL Files Downloaded From Internet
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485
Lexmark Vulnerablities
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
VMware VRealize Update
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
More Here      

ISC StormCast for Wednesday, January 25th, 2023

By Dr. Johannes B. Ullrich Apple Patch Summary
https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/
ManageEngine News;
https://github.com/vonahisec/CVE-2022-47966-Scan
KSMBD Vulnerability
https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/
BitWarden Server Side Iterations
https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/
Packet Tuesday: Neighbor Advertisements
https://www.youtube.com/watch?v=CoaZjuuY1do
More Here      

ISC StormCast for Tuesday, January 24th, 2023

By Dr. Johannes B. Ullrich Who’s Resolving This Domain
https://isc.sans.edu/forums/diary/Who’s%20Resolving%20This%20Domain%3F/29462/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
NSA IPv6 Security Guidance
https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF
Roaming Mantis Implements new DNS Changer in tis malicious mobile app
https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html
More Here      

ISC StormCast for Monday, January 23rd, 2023

By Dr. Johannes B. Ullrich Imortance of Signing in Windows Environments
https://isc.sans.edu/diary/Importance%20of%20signing%20in%20Windows%20environments/29456
FanDuel Discloses Data Breach Caused by Recent Mailchimp Hack
https://www.bleepingcomputer.com/news/security/fanduel-discloses-data-breach-caused-by-recent-mailchimp-hack/
OneNote Documents Used to Embed Malicious Office Documents
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/
Cisco Unified Communications Manager SQL Injection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n
Possible KeePass Vulnerability
https://twitter.com/vomanc/status/1617135599030530054
More Here