ISC StormCast for Wednesday, May 18th, 2022

By Dr. Johannes B. Ullrich Use Your Browser Internal Password Vault… or Not?
https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/
SQL Server Brute Forcing
https://twitter.com/MsftSecIntel/status/1526680337216114693
UpdateAgent Adapts Again
https://www.jamf.com/blog/updateagent-adapts-again/
Updated Exploited Vulnerabilities
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/10/cisa-adds-one-known-exploited-vulnerability-catalog
More Here      

ISC StormCast for Monday, May 16th, 2022

By Dr. Johannes B. Ullrich From 0-Day to Mirai: 7 days of BIG-IP Exploits
https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/
Sonicwall Vulnerabilities Patched
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009
Zonealarm Patch
https://www.zonealarm.com/software/extreme-security/release-history
Taking over npm account
https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/
More Here      

ISC StormCast for Friday, May 13th, 2022

By Dr. Johannes B. Ullrich When Get-WebRequest Fails You
https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/
HP PC BIOS Security Updates
https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788
INTEL BIOS Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html
Zyxel RCE Vulnerability
https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
More Here      

ISC StormCast for Thursday, May 12th, 2022

By Dr. Johannes B. Ullrich TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware
https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/
Google Drive Emerges as Top App for Malware Downloads
https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/
Vanity URL Abuse
https://www.varonis.com/blog/url-spoofing
npm Supply Chain Attack Turns Out to be Part of Penetration Test
https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/
More Here