ISC StormCast for Friday, December 9th, 2022
Finding Gaps in Syslog https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314
Internet Explorer Vulnerabilty used in Malicious Word Documenthttps://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/
Zombinder Obfuscation Service used by Ermachttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html
Cisco IP Phone Vulnerability CVE-2022-20968https://tools.cisco.com/security/ce
MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics
<div>The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity.
"The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the United Arab Emirates," Deep Instinct researcher Simon Kenin said in a technical write-up.</div>
Researchers Uncover Darknet Service Allowing Hackers to Trojanize Legit Android Apps
<div>Researchers have shed light on a new hybrid malware campaign targeting both Android and Windows operating systems in a bid to expand its pool of victims.
The attacks entail the use of different malware such as ERMAC, Erbium, Aurora, and Laplas, according to a ThreatFabric report shared with The Hacker News.
"This campaign resulted in thousands of victims," the Dutch cybersecurity company said,</div>
Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver
<div>The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands.
"The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling said. "All the</div>
Galaxy S22 falls for two zero-day attacks during one event
Samsung Galaxy S22 Falls For Two Zero-Day Attacks At The Pwn2Own Event. The STAR Labs and the Chim team carried out the exploits.
Samsung's Galaxy S22 falls to two zero-day hacks in one day
Hackers have discovered not one, but two zero-day vulnerabilities within the Samsung Galaxy S22 in the span of a day.
Google discovered North Korea exploiting an Internet Explorer zero-day vulnerability in October
A new blog post from Google’s Threat Analysis Group (TAG) reveals that an Internet Explorer zero-day vulnerability was ...
Zero-Day Hackers Breach Samsung Galaxy S22 Twice In 24 Hours
Elite hackers have exposed and exploited zero-day vulnerabilities in Samsung's flagship Galaxy S22 smartphone on day one of ...
North Korean hackers exploited Internet Explorer zero-day to spread malware
North Korean hackers exploited a previously unknown zero-day vulnerability in Internet Explorer to target South Korean users ...
Cloud Computing Provider Rackspace Hit by Ransomware Attack
A ransomware attack is disrupting Texas-based cloud computing provider Rackspace. The attack ensnared Rackspace’s Hosted ...
Vulnerabilities in "lights out" server management firmware
A number of high-profile server vendors inherit vulnerabilities in baseboard management controllers from American Megatrends ...
Ransomware Simulation Debrief
Col. Sean Hannah joins cybersecurity experts Nicole Eagan and Charles Carmakal on stage to debrief the results of the ...
Major cloud, email hosting provider blames ransomware attack for outage
Email hosting provider Rackspace Technology confirmed on Tuesday that a ransomware attack is behind an outage that has been ...
This broken ransomware can't decrypt your files, even if you pay the ransom
Victims of a recently uncovered form of ransomware are being warned not to pay the ransom demand, simply because the ...
APT37 Uses Internet Explorer Zero-Day to Spread Malware
<div>IE is still a vector: South Koreans lured in with references to the deadly Halloween celebration crowd crush in Seoul last October.</div>
Lack of Cybersecurity Expertise Poses Threat for Public-Safety Orgs
<div>More than three-quarters of police and emergency responders worry about ransomware attacks and data leaks, while their organizations lag behind in technology adoption.</div>
Single Sign-on: It's Only as Good as Your Ability to Use It
<div>Increased federal cybersecurity regulations provide a pivot point for manufacturers to reconsider their access management strategy.</div>
How Do I Use the Domain Score to Determine if a Domain Is a Threat?
<div>To be most effective, protective DNS services need to constantly reassess and rescore domains as additional data comes in.</div>
3 Ways Attackers Bypass Cloud Security
<div>At Black Hat Europe, a security researcher details the main evasion techniques attackers are currently using in the cloud.</div>
CNAPP Shines a Light Into Evolving Cloud Environments
<div>Cloud-native application protection platform (CNAPP) addresses security challenges in multicloud environments, including integrating applications across multicloud or hybrid cloud environments.</div>