Avsnitt
-
Analyzing PDF Streams
https://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908
F5 Next Central Manager Vulnerabilities
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
Veeam Patches
https://www.veeam.com/kb4441
https://www.veeam.com/kb4509
Citrix Hypervisor Security Update CVE-2024-31497
https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-for-cve202431497 -
Analzying Synology Disks
https://isc.sans.edu/diary/Analyzing%20Synology%20Disks%20on%20Linux/30904
RSA Panel
https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques%20You%20Need%20to%20Know%20About
SANS.edu Research Journal
https://www.sans.edu/cyber-security-research -
Saknas det avsnitt?
-
Detecting XFinity/Comcast DNS Spoofing
https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898
Weblogic PoC CVE-2024-21006
https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/
https://github.com/momika233/CVE-2024-21006
PDF.js React PDF Vulnerablity
https://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/
Tinyproxy Response
https://github.com/tinyproxy/tinyproxy/issues/533 -
DNS Debugging with nslookup
https://isc.sans.edu/diary/nslookups+Debug+Options/30894/
Microsoft Plans DNS Lockdown
https://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366
Microsoft Graph API Abuse
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats
SANSFIRE SEC522 Defending Web Applications
https://www.sans.org/cyber-security-training-events/sansfire-2024/ -
https://isc.sans.edu/diary/Scans%20Probing%20for%20LB-Link%20and%20Vinga%20WR-AC1200%20routers%20CVE-2023-24796/30890
Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796
Buffer Overflow Vulnerabilities in ArubaOS
https://www.arubanetworks.com/support-services/security-bulletins/
The Cuttlefish Malware
https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/ -
Linux Trojan - Xorddos with Filename eyshcjdmzg
https://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880
AWS S3 Denial of Wallet Amplification Attack
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d
EU iOS Safari Allows User Tracking
https://www.mysk.blog/2024/04/28/safari-tracking/
BentoML Critical Deserialization Vuln CVE-2024-2912
https://nvd.nist.gov/vuln/detail/CVE-2024-2912 -
Another Day, Another NAS: Attacks against Zyxel NAS326 Devices CVE-2023-4473, CVE-2023-4474
https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884
R-Bitrary Code Execution: Vulnearbility in R's Deserialization
https://hiddenlayer.com/research/r-bitrary-code-execution/
Coordinated Docker Hub Attacks using Malicious Repositories
https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/
NVMe-oF/TCP Vulnerabilities
https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller -
DLink NAS Exploit Variation
https://www.qnap.com/en/security-advisory/qsa-24-09
Muddling Meerkat DNS Abuse
https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/
Android TV Data Leakage
https://www.youtube.com/watch?v=QiyBXXO8QpA
https://www.404media.co/android-tvs-can-expose-user-email-inboxes/
SEC522: SANSFIRE
https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices/
SEC522 Demo (requires free account):
https://www.sans.org/ondemand/get-demo/316 -
Okta warns of increase in credential stuffing
https://sec.okta.com/blockanonymizers
Fake payment cards used by Police in Japan
https://twitter.com/vxunderground/status/1783522097425211887
Phishing Campaigns Targeting USPS
https://www.akamai.com/blog/security-research/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic
Chrome 124 Breaks TLS Handshake
https://www.reddit.com/r/sysadmin/comments/1carvpd/chrome_124_breaks_tls_handshake/ -
Does it matter if iptables isn't running on my honeypot?
https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/
Unplugging PlugX: Singholing the PlugX USB worm botnet
https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
pfSense Updates
https://docs.netgate.com/advisories/index.html
GitLab Updates
https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/
Matthew Alan Vorhees: Prevention Strategies for Modern Living Off the Land Usage
https://www.sans.edu/cyber-research/prevention-strategies-modern-living-off-land-usage/ -
API Rug Pull - The NIST NVD Database and API
https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868
Cisco Patches Vulnerabilities and Discovers Arcane Backdoor
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
MySQL2: Dangers of User-Defined Database Connections
https://blog.slonser.info/posts/mysql2-attacker-configuration/
Netgear Nighthawk Vulnerabilities
https://jvn.jp/en/vu/JVNVU91883072/ -
Struts2 devmode Still a Problem Ten Years Later
https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/
Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028
https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
April 2024 Exchange Server Hotfix Update
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536
CVE-2024-2389: Command Injection Vulnerability in Progress Flowmon
https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/ -
Number of Industrial Devices Accessible From Internet Up 30 Thousand over three years
https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860
Evil XDR: Turning an XDR into an Offensive Tool
https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware
GitLab Comment Bug
https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/
SEC522 Demo: https://www.sans.org/ondemand/get-demo/316 -
The CVE's They are A-Changing
https://isc.sans.edu/diary/The%20CVE%27s%20They%20are%20A-Changing!/30850
CrushFTP 0-Day Vulnerability
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/
GitHub Comment Bug Used to Distribute Malware
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
YubiKey Manager Privilege Escalation
https://www.yubico.com/support/security-advisories/ysa-2024-01/
Palo Alto Networks GlobalProtect Update
https://security.paloaltonetworks.com/CVE-2024-3400 -
Delinea Secret Server Authn Authz Bypass
https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3
Ivanti Avalanche Poc/Details
https://www.tenable.com/security/research/tra-2024-10
Advanced Phishing Campaign
https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit
Hashicorp go-getter update CVE-2024-3817
https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040
OfflRouter Virus
https://blog.talosintelligence.com/offlrouter-virus-causes-upload-confidential-documents-to-virustotal/ -
Malicious PDF File As Delivery Mechanism
https://isc.sans.edu/diary/Malicious%20PDF%20File%20Used%20As%20Delivery%20Mechanism/30848
Updated Palo Alto Networks GlobalProtect Guidance
https://security.paloaltonetworks.com/CVE-2024-3400
Coordinated Social Engineering Takeovers of Open Source Projects;
https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/
OpenMetaData Attacks
https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/ -
Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400
https://isc.sans.edu/forums/diary/Palo%20Alto%20Networks%20GlobalProtect%20exploit%20public%20and%20widely%20exploited%20CVE-2024-3400/30844/
Putty Private Key Recovery
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuapr2024.html
Ivanti Avalanche MDM Patches
https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US -
Quick Palo Alto Networks Global Protect Vulnerablity Update CVE-2024-3400
https://isc.sans.edu/diary/30838
Delinea patches critical vulnerability in secret manager
https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3
Lancom Windows Setup Assistant May Reset Password
https://www.lancom-systems.com/service-support/general-security-information
PHP Patches
https://seclists.org/oss-sec/2024/q2/113
Duo SMS and VoiP Logs Leaked
https://app.securitymsp.cisco.com/e/es?e=2785&eid=opguvrs&elq=bd1c1886a59e40c09915b029a74be94e
Lastpass Stops Deepfake Attack
https://blog.lastpass.com/posts/2024/04/attempted-audio-deepfake-call-targets-lastpass-employee - Visa fler