# SANS ISC

• How Safe Are Your Docker Images?, (Thu, Apr 22nd) Thu, 22 Apr 2021 07:21:43 GMT
  Today, I don&#;x26;#;39;t know any organization that is not using Docker today. For only test and development only or to full production systems, containers are deployed everywhere! In the same way, most popular tools today have a "dockerized" version ready to use, sometimes maintained by the developers themselves, sometimes maintained by third parties. An example is the Docker container that I created with all Didier&#;x26;#;39;s tools[1]. Today, we are also facing a new threat: supply chain attacks (think about Solarwinds or, more recently, CodeCov[2]). Let&#;x26;#;39;s mix the attraction for container technologies and this threat, we realize that Docker images are a great way to compromise an organization!
• ISC Stormcast For Thursday, April 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7468, (Thu, Apr 22nd) Thu, 22 Apr 2021 02:00:03 GMT
• A Case for Lockdown and Isolation (and not the Covid kind), (Wed, Apr 21st) Wed, 21 Apr 2021 16:59:03 GMT
  A reader wrote in expressing concerns over a vendor software management platform that had 3rd party module vulnerabilities &#;x26;#;x5b;1&#;x26;#;x5d;. Reasonable risk assessment if you ask me. This comes along with the two "One Liners&#;x26;#;39;&#;x26;#;39; we posted yesterday &#;x26;#;x5b;2&#;x26;#;x5d; &#;x26;#;x5b;3&#;x26;#;x5d;. This sounds like a case for isolation and or lockdown. Considering 2021&#;x26;#;39;s climate, let&#;x26;#;39;s be clear here, Digital not Physical :).
• ISC Stormcast For Wednesday, April 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7466, (Wed, Apr 21st) Wed, 21 Apr 2021 02:20:02 GMT
• PulseSecure Out of Cycle Advisory: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/SA44784/, (Tue, Apr 20th) Tue, 20 Apr 2021 23:11:39 GMT
• SonicWall releases Security Notice: Email Security Zero-Day Vulnerabilities https://bit.ly/3eh1r9n, (Tue, Apr 20th) Tue, 20 Apr 2021 20:47:21 GMT
• ISC Stormcast For Tuesday, April 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7464, (Tue, Apr 20th) Tue, 20 Apr 2021 02:00:02 GMT
• Hunting phishing websites with favicon hashes, (Mon, Apr 19th) Mon, 19 Apr 2021 09:05:59 GMT
  HTTP favicons are often used by bug bounty hunters and red teamers to discover vulnerable services in a target AS or IP range. It makes sense – since different tools (and sometimes even different versions of the same tool) use different favicons[1] and services such as Shodan calculate MurmurHash values[2] for all favicons they discover and let us search through them, it can be quite easy to find specific services and devices this way.
• ISC Stormcast For Monday, April 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7462, (Mon, Apr 19th) Mon, 19 Apr 2021 02:00:02 GMT
• Decoding Cobalt Strike Traffic, (Sun, Apr 18th) Sun, 18 Apr 2021 11:42:21 GMT
  In diary entry "Example of Cleartext Cobalt Strike Traffic (Thanks Brad)" I share a capture file I found with unencrypted Cobalt Strike traffic. The traffic is unencrypted since the malicious actors used a trial version of Cobalt Strike.

# Reddit netsec

# Krebs On Security

• Note to Self: Create Non-Exhaustive List of Competitors Tue, 20 Apr 2021 21:46:52 +0000
  What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. [NYSE:IT] -- a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry.
• Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? Fri, 16 Apr 2021 12:57:19 +0000
  On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.
• Microsoft Patch Tuesday, April 2021 Edition Tue, 13 Apr 2021 23:12:19 +0000
  Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server -- the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.