Internet Storm Center

Handler on Duty: Tom Webb

Threat Level: green

Podcast Detail

Unix IR with UAC; Bitwarden Phishing; PY#RATION Websockets; SkyHigh Security Gateway; Win Crypto API; BIND Update

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/8344.mp3

SANS Daily Network Security Podcast (Stormcast) for Friday, January 27th, 2023

00:00

My Next Class

Application Security: Securing Web Apps, APIs, and Microservices

Online | US Central

Feb 20th - Feb 25th 2023

… more classes

Interested in Internet Storm Center stickers? Check here if there are still some available for today.

Live Linux IR with UAC
https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480

Bitwarden Phishing
https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704
https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/

PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets
https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/

Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin
https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin

Windows Crypto API Vuln PoC
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689

BIND Patches
https://kb.isc.org/docs/cve-2022-3094

iTunes

MP3 Download

RSS Feed

Google

Listen on Google Podcasts

Stitcher

Podbean

Amazon Echo

YouTube

Spreaker

iOS App

Spotify

Discussion

Login here to join the discussion.

Application Security: Securing Web Apps, APIs, and Microservices

Online | US Central

Feb 20th - Feb 25th 2023