What Setting Live Traps For Cybercriminals Taught Me About Security https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038 TeamViewer Compromise https://www.teamviewer.com/en-us/resources/trust-center/statement/ Fortra File Catalyst Vulnerability and PoC https://s…

Critical Progress MOVEit Authentication Bypass Vulnerability https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/ https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806 Polyfill.io Supply Chain Attack https://cside.dev/blog/more-than-100k-web…

TCP Latency Sidechannel https://www.snailload.com/snailload.pdf Microsoft Management Console for Intial Access and Evasion https://www.elastic.co/security-labs/grimresource Wyze Camera Vulnerabilities https://forums.wyze.com/t/security-advisory/289256Bởi Dr. Johannes B. Ullrich

Configuration Scans Expand https://isc.sans.edu/diary/Configuration%20Scanners%20Adding%20Java%20Specific%20Configuration%20Files/31032 SQL Server Emergency Fix https://support.microsoft.com/en-us/topic/june-20-2024-kb5041054-os-build-20348-2529-out-of-band-b746ffbd-934e-42ac-9c66-ed0636edf7f1 Juniper Security Analytics Update https://supportportal…

Sysinternals Process Monitor Version 4 Released https://isc.sans.edu/diary/Sysinternals%27%20Process%20Monitor%20Version%204%20Released/31026 Kaspersky Sanctions https://home.treasury.gov/news/press-releases/jy2420 Phoenix UEFI Buffer Overflow Affects Wide Range of Systems https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-v…

No Excuses: Free Tools to Help Secure Authentication in Ubuntu https://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024 Handling BOM MIME Files https://isc.sans.edu/diary/Handling+BOM+MIME+Files/31022 Atlasiun Confluence Data Center and Server Vuln https://conf…

New NetSupport Campaign Deleivered Through MSIX Packages https://isc.sans.edu/diary/New%20NetSupport%20Campaign%20Delivered%20Through%20MSIX%20Packages/31018 D-Link Router Backdoor https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398 iTerm2 Vulnerablity https://vin01.…

Overview of My Tools That Handle JSON Data https://isc.sans.edu/diary/Overview%20of%20My%20Tools%20That%20Handle%20JSON%20Data/31012 Python Serialization and "Sleepy Pickle" https://x.com/MarkBaggett/status/1801732554740969561 Detecting Headless Chrome https://deviceandbrowserinfo.com/learning_zone/articles/detecting-headless-chrome-puppeteer-2024 …

The Art of JQ and Command-Line Fu https://isc.sans.edu/diary/The%20Art%20of%20JQ%20and%20Command-line%20Fu%20%5BGuest%20Diary%5D/31006 Microsoft Outlook Vulnerablity Details https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability Keeping our Outlook Personal Email Users Safe https://techcommunity.microsoft.com/t5/outlook-blog/keep…

MSMQ Packets https://isc.sans.edu/diary/Port%201801%20Traffic%3A%20Microsoft%20Message%20Queue/31004 Adobe Updates https://helpx.adobe.com/security/products/magento/apsb24-40.html Black Basta Exploited CVE-2024-26169 Prior to Patch https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day Pixel Phone 0-Day P…

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202024/31000 JetBrains IntelliJ Based IDE GitHub Plugin Vulnerability https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/ Veeam Recovery Orchestrator (VRO) vulnerability CVE-2024-29855 http…

Veeam Exploit CVE-2024-29849 https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/ SORBS Shutdown https://www.theregister.com/2024/06/07/sorbs_closed/ Rogue Cell Tower Shut Down in London https://www.cityoflondon.police.uk/news/city-of-london/news/2024/june/two-people-arrested-in-connection-with-investigation-into-homemad…

PHP Unicode Remote Code Execution Exploit https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ PyTorch Distributed RPC Framework Remote Code Execution https://huntr.com/bounties/39811836-c5b3-4999-831e-46fee8fcade3 https://www.cve.org/CVERecord?id=CVE-2024-5480 Mali…

Malicious Python Script with a "Best Before" Date https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20%22Best%20Before%22%20Date/30988 FBI Obtained 7,000 LockBit Ransomware Keys https://www.fbi.gov/news/speeches/fbi-cyber-assistant-director-bryan-vorndran-s-remarks-at-the-2024-boston-conference-on-cyber-security Apple Guarantees 5 Y…

WatchGuard VPN Brutefording https://isc.sans.edu/diary/Brute%20Force%20Attacks%20Against%20Watchguard%20VPN%20Endpoints/30984 TotalRecall Tool To Extract Data from Microsoft Recall https://github.com/xaitax/TotalRecall WebEx Flaw https://www.helpnetsecurity.com/2024/06/05/cisco-webex-cloud-vulnerability/ https://netzbegruenung.de/blog/netzbegruenun…

No Defender Yes Defender https://isc.sans.edu/diary/No-Defender%2C%20Yes-Defender/30980 Fake Job Ads Lead to Stolen Crypto Currency https://www.ic3.gov/Media/Y2024/PSA240604 Zyxel NAS Vulnerabilities https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/Bởi Dr. Johannes B. Ullrich

A Wireshark Lua Dissector for Fixed Field Length Protocols https://isc.sans.edu/diary/A%20Wireshark%20Lua%20Dissector%20for%20Fixed%20Field%20Length%20Protocols/30976 COX Cable Modem Admin API Weakness https://samcurry.net/hacking-millions-of-modems Malicous Stack Overflow Answers https://www.bleepingcomputer.com/news/security/cybercriminals-pose-a…

K1w1 Infostealer Uses gofile.io for Exfiltration https://isc.sans.edu/diary/%22K1w1%22%20InfoStealer%20Uses%20gofile.io%20for%20Exfiltration/30972 Kaspersky Linux Malware Scanner https://www.kaspersky.com/blog/kvrt-for-linux/51375/ Snowflake Incident https://www.helpnetsecurity.com/2024/06/01/snowflake-breach-data-theft/ HuggingFace Space Secrets L…

Feeding MISP with OSSEC https://isc.sans.edu/diary/Feeding%20MISP%20with%20OSSEC/30968 Checkpoint VPN https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/ The Pumpkin Eclipse https://blog.lumen.com/the-pumpkin-eclipse/ Michael Dunking: Detecting Cypher Injection with Open-Source Network Intrusion Detection https://www.sans.edu/c…

Is that It? Finding the Unknown: Correlations Between Honeypot Logs and PCAPs https://isc.sans.edu/diary/Is%20that%20It%3F%20%20Finding%20the%20Unknown%3A%20Correlations%20Between%20Honeypot%20Logs%20%26%20PCAPs%20%5BGuest%20Diary%5D/30962 Checkpoint 0-Day https://blog.checkpoint.com/security/enhance-your-vpn-security-posture Okta warns of Credenti…

Preventing SQL Injection with Python https://www.youtube.com/watch?v=1cQy9N1Xndk PoC Exploit for CVE-2024-23108 in Fortinet FortiSIEM https://www.horizon3.ai/attack-research/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/ ShrinkLocker: Turning BitLocker into ransomware https://securelist.com/ransomware-abuses-bitlocker/1126…

Files with TGZ Extension used as malspam attachements https://isc.sans.edu/diary/Files%20with%20TXZ%20extension%20used%20as%20malspam%20attachments/30958 Google 0-Day https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html Google Stops Trusting Globaltrust CA https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w…

Analysis of 'redtail' file uploads to ISC Honeypot https://isc.sans.edu/diary/Analysis%20of%20%3Fredtail%3F%20File%20Uploads%20to%20ICS%20Honeypot%2C%20a%20Multi-Architecture%20Coin%20Miner%20%5BGuest%20Diary%5D/30950 Veeam Vulnerablity https://www.veeam.com/kb4581 C-Root Server Lost Touch With Peers https://arstechnica.com/security/2024/05/dns-gli…

NMAP Scanning Without Scanning - The ipinfo API https://isc.sans.edu/diary/NMAP%20Scanning%20without%20Scanning%20%28Part%202%29%20-%20The%20ipinfo%20API/30948 Why Your WiFi Router Doubles As An Apple Airtag https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551 https://account.microsoft.com/privacy/locatio…

Scanning without Scanning with nmap https://isc.sans.edu/diary/Scanning%20without%20Scanning%20with%20NMAP%20%28APIs%20FTW%29/30944 iTerm2 Vulnerablities https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html GitHub Enterprise Vulnerablity CVE-2024-4985 ht…