SANS Internet Stormcast Feb 6th 2025: com- prefix domain phishing; Win 10 ESU pricing; Firefox CT Policy; Veeam and Netgear patches

Update: 2025-02-06

Description

Phishing via com- prefix domains

Every day, attackers are registering a few hunder domain names starting with com-. These are used in phishing e-mails, like for example "toll fee scams", to create more convincing phishing links.

https://isc.sans.edu/diary/Phishing%20via%20%22com-%22%20prefix%20domains/31654

Microsoft Windows 10 Extended Security Updates

Microsoft released pricing and additional details for the Windows 10 extended security updates. For the first year after official free updates stopped, security updates will be available for $61 for the first year.

https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates

Mozilla Enforcing Certificate Transparency

Mozilla is following the lead from other browsers, and will require certificates to include a certificate signature timestamp as proof of compliance with certificate transparency requirements.

https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/OagRKpVirsA/m/Q4c89XG-EAAJ

https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#Enterprise_Policies

Veeam Update

Veeam's internal backup process may be used to execute arbitrary code by an attacker with a machine in the middle position.

https://www.veeam.com/kb4712

Netgear Unauthenticated RCE

https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039

Comments (1)

Zerat

Johannes - regarding Mozilla and cert transparency - it seems it's affecting only CA's that belong to Mozilla Root CA program, so should be only public ones, not internal thanks for the great podcast though

Feb 6th

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing

2025-03-1706:38

SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln

2025-03-1406:07

SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates;

2025-03-1305:56

SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement

2025-03-1207:54

SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln;

2025-03-1104:59

SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution

2025-03-1006:45

SANS Stormcast Friday Mar 7th: Chrome vs Extensions; Kibana Update; PrePw0n3d Android TV Sticks; Identifying APTs (@sans_edu, Eric LeBlanc)

2025-03-0713:53

SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware

2025-03-0606:45

SANS Stormcast Wednesday Mar 5th: SMTP Credential Hunt; mac-robber.py update; ADSelfService Plus Account Takeover; Android Patch Day; PayPal Scams; VMWare Escape Fix

2025-03-0506:11

SANS Stormcast Tuesday Mar 4th: Mark of the Web Details; Sharepint and Click-Fix Phishing; Paragon Partionmanager BYOVD Exploit

2025-03-0406:17

SANS Stormcast Monday Mar 3rd: AI Training Data Leaks; MITRE Caldera Vuln; modsecurity bypass

2025-03-0307:08

SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware

2025-02-2814:27

SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln;

2025-02-2706:45

SANS Stormcast Wednesday Feb 26th: M365 Infostealer Botnet; Mixing OpenID Keys; Malicious Medical Image Apps

2025-02-2605:59

SANS Stormcast Tuesday Feb 25th: Unfurl Updates; Google Ditches SMS; Paypal Phish; Exim, libXML, Parallels Vuln

2025-02-2506:10

SANS Stormcast Monday Feb 24th: sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns;

2025-02-2405:20

SANS Stormcast Friday Feb 21st: Kibana Queries; Mongoose Injection; U-Boot Flaws; Unifi Protect Camera Vulnerabilities; Protecting Network Devices as Endpoint (Austin Clark @sans_edu)

2025-02-2112:29

SANS Stormcast Wednesday Feb 20th: XWorm Cocktail; Quantum Computing Breakthrough; Signal Phishing

2025-02-2007:01

SANS Stormcast Tuesday Feb 19th: ModelScan AI Model Security; OpenSSH Vuln; Juniper Patches; Dell BIOS Vulnerability

2025-02-1906:55

SANS Stormcast: Securing the Edge; PostgreSQL Exploit; Ivanti Exploit; WinZip Vulnerablity; Xerox Patch

2025-02-1804:39

00:00

SANS Internet Stormcast Feb 6th 2025: com- prefix domain phishing; Win 10 ESU pricing; Firefox CT Policy; Veeam and Netgear patches

#box-pro-ellipsis-174220089016936{-webkit-line-clamp:2;}SANS Internet Stormcast Feb 6th 2025: com- prefix domain phishing; Win 10 ESU pricing; Firefox CT Policy; Veeam and Netgear patches

Zerat

SANS Internet Stormcast Feb 6th 2025: com- prefix domain phishing; Win 10 ESU pricing; Firefox CT Policy; Veeam and Netgear patches

Dr. Johannes B. Ullrich

SANS Internet Stormcast Feb 6th 2025: com- prefix domain phishing; Win 10 ESU pricing; Firefox CT Policy; Veeam and Netgear patches