Cobalt Strike and WebLogic; SaltSack; Adobe; Twilio NPM Brandjacking; GitHub Workflows

SANS Daily Network Security Podcast (Stormcast) for Wednesday, November 4th 2020
00:00
My Next Class
Defending Web Applications Security Essentials | Online | US Pacific | Mar 15th - Mar 20th 2021 |
Intrusion Detection In-Depth | Online | US Eastern | Apr 26th - May 1st 2021 |
Attackers Exploiting WebLogic Servers to Install Cobalt Strike
https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752
New SaltStack Vulnerabilities
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
Adobe Releases Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
Malicious Twilio NPM Package
https://www.npmjs.com/advisories/1574
GitHub Workflow Injection Vulnerabilities
https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids
https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752
New SaltStack Vulnerabilities
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
Adobe Releases Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
Malicious Twilio NPM Package
https://www.npmjs.com/advisories/1574
GitHub Workflow Injection Vulnerabilities
https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids
Discussion
New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form
Defending Web Applications Security Essentials | Online | US Pacific | Mar 15th - Mar 20th 2021 |
Intrusion Detection In-Depth | Online | US Eastern | Apr 26th - May 1st 2021 |
Intrusion Detection In-Depth | Online | British Summer Time | May 24th - May 29th 2021 |
Defending Web Applications Security Essentials | Online | Central European Summer Time | Jun 14th - Jun 19th 2021 |