Surge in Scans for Juniper t128 Default User
Lasst week, we dedtect a significant surge in ssh scans for the username t128 . This user is used by Juniper s Session Smart Routing, a product they acquired from 128 Technologies which is the reason for the somewhat unusual username.
https://isc.sans.edu/diary/Surge%20in%20Scans%20for%20Juniper%20%22t128%22%20Default%20User/31824
Vulnerable Verizon API Allowed for Access to Call Logs
An API Verizon offered to users of its call filtering application suffered from an authentication bypass vulnerability allowing users to access any Verizon user s call history. While using a JWT to authenticate the user, the phone number used to retrieve the call history logs was passed in a not-authenticated header.
https://evanconnelly.github.io/post/hacking-call-records/
Google Offering End-to-End Encryption to G-Mail Business Users
Google will add an end-to-end encryption feature to commercial GMail users. However, for non GMail users to read the emails they first must click on a link and log in to Google.
https://workspace.google.com/blog/identity-and-security/gmail-easy-end-to-end-encryption-all-businesses

Apple Patches Everything
Apple released updates for all of its operating systems. Most were released on Monday with WatchOS patches released today on Tuesday. Two already exploited vulnerabilities, which were already patched in the latest iOS and macOS versions, are now patched for older operating systems as well. A total of 145 vulnerabilities were patched.
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20March%2031st%202025%20Edition/31816
VMWare Workstation and Fusion update check broken
VMWare s automatic update check in its Workstation and Fusion products is currently broken due to a redirect added as part of the Broadcom transition
https://community.broadcom.com/vmware-cloud-foundation/question/certificate-error-is-occured-during-connecting-update-server
NIM Postgres Vulnerability
NIM Developers using prepared statements to send SQL queries to Postgres may expose themselves to a SQL injection vulnerability. NIM s Postgres library does not appear to use actual prepared statements; instead, it assembles the code and the user data as a string and passes them on to the database. This may lead to a SQL injection vulnerability
https://blog.nns.ee/2025/03/28/nim-postgres-vulnerability/

Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440
Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the same attackers are scanning for a wide range of additional vulnerabilities. The vulnerability is a static credential issue and trivial to exploit after the credentials were published last fall.
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Cisco%20Smart%20Licensing%20Utility%20CVE-2024-20439%20and%20CVE-2024-20440/31782
Legacy Driver Exploitation Through Bypassing Certificate Verification
Ahnlab documented a new type of "bring your own vulnerable driver" vulnerability. In this case, an old driver used by an anit-malware and anti-rootkit system can be used to shut down arbitrary processeses, including security related processeses.
https://asec.ahnlab.com/en/86881/
Synology Vulnerability Updates
Synology updates some security advisories it release last year adding addition details and vulnerable systems.
https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
https://www.synology.com/en-global/security/advisory/Synology_SA_24_24

How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter?
https://isc.sans.edu/diary/How%20much%20HTTP%20%28not%20HTTPS%29%20Traffic%20is%20Traversing%20Your%20Perimeter%3F/31372
VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Unifi Security Advisory Bulletin 043
https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7
Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability.
https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability
Atlassian Security Bulletin - October 15 2024
https://confluence.atlassian.com/security/security-bulletin-october-15-2024-1442910972.html
OneDev Arbitrary file reading for unauthenticated user
https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489

The new "LinkedInSecureMessage" Phish
https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/
Apple M1 Optimized Malware
https://objective-see.com/blog/blog_0x62.html
QNAP Surveilance Station Vulnerability
https://www.qnap.com/en/security-advisory/qsa-21-07
Masslogger Exfiltrates User Credentials
https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html

More Weirdness on TCP Port 26
https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/
Microsoft Pulls Servicing Stack Update
https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/
Network Monitoring Company Centreon Compromised
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
VSCode NPM Extension RCE
https://github.com/jackadamson/CVE-2021-26700

Securing and Optimizing Networks Using pfSense Traffic Shaper to Combat Bufferbloat
https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Combat+Bufferbloat/27102/
Apple to Proxy Safe Browsing Requests
https://twitter.com/othermaciej/status/1359736220809531393
Power Outages and Some Network Outages as a Result
https://downdetector.com
Phone Scam Success Rates
https://www.helpnetsecurity.com/2021/02/15/lost-money-to-phone-scams/
https://nakedsecurity.sophos.com/2021/02/12/sms-tax-scam-unmasked-bogus-but-believable-dont-fall-for-it/

AgentTesla Dropped Through Automatic Click in Microsoft Help File
https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/
Telegram used to Defraud Delivery Serivces
https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/
Singtel Suffers Zero-DAy Cyberattack
https://threatpost.com/singtel-zero-day-cyberattack/163938/
Vulnerabilities in Mobile Health Apps
https://approov.io/download/all-that-we-let-in_hacking-mhealth-apps-and-apis.pdf
Bloomberg Supermicro Story
https://www.bloomberg.com/features/2021-supermicro/
https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/

Agent Tesla Hidden in Historical Anti-Malware Tool
https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/
McAfee Total Protection Vulnerabilities
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx
Intel Patches
https://blogs.intel.com/technology/2021/02/ipas-security-advisories-for-february-2021
Discord Used to Distribute Malware
https://www.zscaler.com/blogs/security-research/discord-cdn-popular-choice-hosting-malicious-payloads

Phishing Message to the ISC Handlers E-Mail Distro
https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/
Google Phishing Statistics
https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams
Adobe Security Updates
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
Apple Sudo Patch
https://support.apple.com/en-us/HT212177
Number:Jack ISN Generation Weaknesses
https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/

Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/
https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/
Dependency Confusion
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf

Tshark and Malware Analysis
https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/
Barcode Scanner Going Bad
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
Morse Code Obfuscation
https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/
Water Treatment Facility Compromised
https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-to-poison-supply-sheriff-says-idUSKBN2A82FV

VBA Macro Trying to Alter the Application Menus
https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/
The Great Suspender Going Malicious
https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/
https://github.com/greatsuspender/thegreatsuspender/issues/1263
Google Chrome Zero Day
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
Plex Media SSDP Amplication DDoS
https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack

Abusing Google Chrome Extension Syncing For Data Exfiltration and C&C
https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/
Microsoft Defender ATP Google Chrome False Positive
https://twitter.com/itquartz/status/1356940218138509312
Social Engineering Attacks against Security Researchers Used IE 0 day
https://enki.co.kr/blog/2021/02/04/ie_0day.html#
https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/

A Network Nerd's Take on Emergency Preparedness
https://isc.sans.edu/diary/A%20Network%20Nerd%27s%20Take%20on%20Emergency%20Preparedness/31356
HM Surf Vulnerability Access to Camera Exploited CVE-2024-44133
https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/
Fortinet releases patches for undisclosed critical FortiManager vulnerability
https://www.helpnetsecurity.com/2024/10/21/fortimanager-critical-vulnerability/
ScienceLogic Vulnerability
https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6
https://docs.sciencelogic.com/latest/Content/Web_Admin_and_Accounts/System_Administration/sys_admin_system_upgrade.htm

Excel Spreadsheets Push SystemBC Malware
https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/
SolarWinds Vulnerability
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28389
SolarWinds SANS Lightning Summit
https://www.sans.org/webcasts/solarwinds-lightning-summit-118550
SonicWall Patch
https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/
Cisco Advisories
https://tools.cisco.com/security/center/publicationListing.x
Realtek RTL8195A Wi-Fi Module Vulnerability
https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered

New Example of XSL Script Processing aka "Mitre T1220"
https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/
Camerfirma Certificate Authority Revocation
https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw
Kobalos HPC Linux Malware
https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/
Agent Tesla Overwries Windows AMSI
https://threatpost.com/agent-tesla-microsoft-asmi/163581/

MacOS 11.2 Update
https://support.apple.com/en-us/HT212147
Objective-See Tools Now Open Sources
https://twitter.com/patrickwardle/status/1356149073045143553
iMessage Blastdoor
https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html
SonicWall Update
https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/

Perl.com Domain Hijacked
https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html
Spamcop Domain Expired
https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/
libgcrypt vulnerability
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
Fingerprinting QUIC
https://arxiv.org/pdf/2101.11871.pdf

New Cryptojacking Malware
https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/
SlipStreaming
https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/
Shadowsocks
https://shadowsocks.org/en/index.html

Emotet vs. Windows Attack Surface Reduction
https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/
Go Lang Vulnerability
https://blog.golang.org/path-security
Azure Docker Escape
https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/

Critical sudo Vulnerability
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Quakbot (QBot) Update
https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/
Targeting Security Researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Apple Updates iOS, iPad, tvOS, watchOS, Xcode and iCloud for Windows
https://support.apple.com/en-us/HT201222

Fun With nmap nse Scripts and DoH (DNS over HTTPS)
https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/
Malicious NPM Module Stealing Discord Passwords
https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains
Mitigating the $I30 Bug
https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/
https://github.com/OSRDrivers/i30Flt
ProtonVPN BSOD
https://protonstatus.com/incidents/124

Another File Extension to Block: JNLP
https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/
SonicWall Vulnerability Used to Breach SonicWall
https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/
iObit Forum Breached / Used for Ransomware Distribution
https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/

Powershell Ropping REvil Ransomware
https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/
SAP Exploit Circulating
https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2021.html
RDP Used for DDoS
https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification
Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI
https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010

Microsoft 365: Partially incomplete log data due to monitoring agent issue
https://m365admin.handsontek.net/multiple-services-partially-incomplete-log-data-due-to-monitoring-agent-issue/
End-to-End Encrytped Cloud Storage in the Wild: A Broken Ecosystem
https://brokencloudstorage.info/paper.pdf
ESET Branded Malware
https://x.com/ESETresearch/status/1847192384448172387
Synology Update
https://www.synology.com/en-us/security/advisory/Synology_SA_24_17
Spring Framework Update CVe-2024-38819 CVE-2024-38820
https://spring.io/blog/2024/10/17/spring-framework-cve-2024-38819-and-cve-2024-38820-published
Grafana Security Release CVE-2024-9264
https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/

SolarWinds Updates
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/
Cisco Advisories
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html
Oracle Business Intelligence Enterprise Edition XSS
https://www.exploit-db.com/exploits/49444

Qakbot Activity Resumes After Holiday Break
https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/
Multiple dnsmasq Vulnerabilities
https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf
FreakOut Malware
https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/
Kids Break Screensaver
https://github.com/linuxmint/cinnamon-screensaver/issues/354

Doc And RTF Malicious Document
https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/
Center for Internet Security Cisco NX-OS Benchmark
https://www.cisecurity.org/cis-benchmarks/
Exploit for Shazam Geolocation Vulnerablity
https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
Voice Phishing and Internal Messaging Systems Used to Escalate Privileges
https://www.ic3.gov/Media/News/2021/210115.pdf

Scans for DNS over HTTPs
https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/
https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments
Netlogon Domain Controller Enforcement Mode Starting February 9th
https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/
Apple Removing ContentFilterExclusionList
https://www.patreon.com/posts/46179028

Dynamically Analzying A Heavily Obfuscted Excel 4 Macro Malicious File
https://isc.sans.edu/forums/diary/Dynamically+analyzing+a+heavily+obfuscated+Excel+4+macro+malicious+file/26986/
Odd Filename Corrupts NTFS Disks
https://twitter.com/jonasLyk/status/1347900440000811010
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x

Hancitor Activity Resumes After a Holiday Break
https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/
Intel Hardware-Enabled Ransomware Protections
https://www.cybereason.com/blog/cybereason-and-intel-introduce-hardware-enabled-ransomware-protections-for-businesses
Making Clouds Rain: RCE in Microsoft Office 365
https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html#fn:1
SAP Security Patch Day
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

MSFT January 2021 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/
Adobe Patches
https://helpx.adobe.com/security.html
MimeCast Cert Stolen
https://www.mimecast.com/blog/important-update-from-mimecast/
Leaking Silhouettes of Cross-Origin Images
https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/

Using the NVD Database API Part 3/3
https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/
Sysinternals Update
https://docs.microsoft.com/en-us/sysinternals/
Ubiquiti Breach
https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/
Run-Only AppleScript Reversing
https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/

Maldoc Strings Analysis
https://isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/
CVSS Reliablity Survey
https://user-surveys.cs.fau.de/index.php?r=survey/index&sid=248857
Fake Trump Video Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/
SMS Phishing (Smishing)
https://www.bbc.com/news/business-55563748
dnsren vulnerability
https://www.exploit-db.com/exploits/49394

Using the NIST Database and API to Keep Up with Vulnerabilities
https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/
Titan Security Key
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf
The Great Suspender Google Chrome Extension
https://www.theregister.com/2021/01/07/great_suspender_malware/
Brian Nishida: Ubuntu Artifacts Generated by Gnome Desktop Environment
https://www.sans.org/reading-room/whitepapers/forensics/ubuntu-artifacts-generated-gnome-desktop-environment-40035

Scanning Activity from Subnet 15.184.0.0/16.
https://isc.sans.edu/diary/Scanning%20Activity%20from%20Subnet%2015.184.0.0%2016/31362
Gatekeeper Bypass
/unit42.paloaltonetworks.com/gatekeeper-bypass-macos/
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2024.html
Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy
SAP Vulnerability
https://redrays.io/blog/poc-sap-note-3433192-code-injection-vulnerability-in-sap-netweaver-as-java/
Dept. of Commerce Sites Advertising Medication
https://x.com/tliston/status/1833542884047654984

Zyxel Exploitation Under Way
https://isc.sans.edu/forums/diary/Scans+for+Zyxel+Backdoors+are+Commencing/26954/
Fortinet Patches
https://www.fortiguard.com/psirt?date=01-2021
Foxit PhantomPDF Patches
https://www.foxitsoftware.com/support/security-bulletins.html
Firefox Android Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/

Netfox Detective: An Alternative Open-Source Packet Analysis Tool
https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/
ElectroRAT Drains Cryptocurrency Accounts
https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/
Chrome Will Prefer HTTPS over HTTP By Default
https://chromium-review.googlesource.com/c/chromium/src/+/2568448
Android January Patch Day
https://source.android.com/security/bulletin/2021-01-01
Telegram Publishes Users' Locations Online
https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html

From a Small BAT File to Mass Logger Infostealer
https://isc.sans.edu/forums/diary/From+a+small+BAT+file+to+Mass+Logger+infostealer/26946/
Citrix Releases Updates Addressing DTLS Flaw
https://support.citrix.com/article/CTX289674
Zend Framework Deserialization Flaw
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007
https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20 %20rce.md

Traffic Analysis Quiz
https://isc.sans.edu/forums/diary/End+of+Year+Traffic+Analysis+Quiz/26940/
Zyxel Backdoor
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
Microsoft Source Code Accessed As a Result of SolarWinds Backdoor
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/

Accessing Restricted Directory Listings via Your AV Solution
https://isc.sans.edu/forums/diary/Want+to+know+whats+in+a+folder+you+dont+have+a+permission+to+access+Try+asking+your+AV+solution/26932/
Coin Miner Malware Written in Go
https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/?fbclid=IwAR3eFiHCNoqr5mc2UAOcm8nocjUOjZn0cpcAiSoYmn__JtJfBbjqUUT1OwQ
AutoHotKey Credential Stealer
https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html

Extending Android Device Compatibility for Let's Encrypt Certificates
https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
Insufficient Patch for Windows 8.1/10 Print Spooler
https://bugs.chromium.org/p/project-zero/issues/detail?id=2096
Google Docs Vulnerability
https://savebreach.com/stealing-private-documents-through-a-google-docs-bug/
CCC Conferences Virtual
https://streaming.media.ccc.de/rc3

base64dump.py Supported Encodings
https://isc.sans.edu/forums/diary/base64dumppy+Supported+Encodings/26924/
String Analysis and Maldocs
https://isc.sans.edu/forums/diary/Quickie+String+Analysis+Maldocs/26922/
Malicious Word Document Delivering an Octopus Backdoor
https://isc.sans.edu/forums/diary/Malicious+Word+Document+Delivering+an+Octopus+Backdoor/26918/
Analysis Dridex Dropper, IoC extraction
https://isc.sans.edu/forums/diary/Analysis+Dridex+Dropper+IoC+extraction+guest+diary/26920/
AT&T Outage due to Nashville Explosion
https://about.att.com/pages/disaster_relief/nashville.html
SolarWinds SUPERNOVA Malware / API Vulnerability
https://www.solarwinds.com/securityadvisory
Citrix ADC DDoS Attack
https://support.citrix.com/article/CTX289674
Crowdstrike Reporting Tool for Azure
https://github.com/CrowdStrike/CRT

Malware Victim Selection Through WiFi Identification
https://isc.sans.edu/forums/diary/Malware+Victim+Selection+Through+WiFi+Identification/26910/
New Treck IP Stack Vulnerabilities
https://treck.com/vulnerability-response-information/
Detecting Treck IP Stack
https://github.com/Forescout/project-memoria-detector

What's The Deal With Openportstats.com?
https://isc.sans.edu/forums/diary/Whats+the+deal+with+openportstatscom/26912/
Dell Wyse ThinOS 8.6 Security Update
https://www.dell.com/support/kbdoc/en-hr/000180768/dsa-2020-281
SolarWinds 2nd Backdoor
https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
SolarWinds Domains
https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/

A slightly optimistic tale of how patching went for CVE-2019-19781
https://isc.sans.edu/forums/diary/A+slightly+optimistic+tale+of+how+patching+went+for+CVE201919781/26900/
Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working
https://isc.sans.edu/forums/diary/Headsup+VirusTotal+Functionality+in+Sysinternals+Tools+Not+Working/26906/
Kasachstan: Browsers Block Government Certificate Authority
https://www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate/
5G Vulnerabilities
https://positive-tech.com/about/news/vulnerabilities-in-standalone-5g-networks-could-allow-attackers-to-steal-credentials-and-falsify-subscriber-authentication/
Bouncy Castle BCrypt Password Verification Error
https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/

The Top 10 Not So Common SSH Usernames and Passwords
https://isc.sans.edu/diary/The%20Top%2010%20Not%20So%20Common%20SSH%20Usernames%20and%20Passwords/31360
CISA Product Security Bad Practices
https://www.cisa.gov/resources-tools/resources/product-security-bad-practices
Kubernetes Image Builder Vulnerability CVE-2024-9486 CVE-2024-9594
https://discuss.kubernetes.io/t/security-advisory-cve-2024-9486-and-cve-2024-9594-vm-images-built-with-kubernetes-image-builder-use-default-credentials/30119
Solarwinds Hardcoded Password Exploited CVE-2024-28987
https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/
Bypassing noexec and executing arbitrary binaries
https://iq.thc.org/bypassing-noexec-and-executing-arbitrary-binaries
Workshop Website:
https://www.sansapi.com/
https://www.sansapi.com/docs

Token Authentication Requirements for Git Operations
https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
Google Attempting to Speed Up OS Update Adoption
https://android-developers.googleblog.com/2020/12/treble-plus-one-equals-four.html
Trend Micro InterScan Web Security Virtual Appliance Vulnerability
https://success.trendmicro.com/solution/000283077
Malicios Browser Extensions
https://blog.avast.com/malicious-browser-extensions-avast

Cloud DNS Logs
https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/
Solarwinds Update
https://www.heise.de/news/l-f-SolarWinds-Backdoor-Hersteller-sorgte-fuer-Ausnahmen-von-AV-Ueberwachung-4990910.html
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Hewlett Packard Enterprise Systems Insight Manager (SIM) Vulnerability
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us
SAP HANA SAML Validation Weakness
https://www.secureauth.com/blog/secureauth-uncovers-saml-validation-weakness-in-sap-hana/