Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

How to Review OAUTH Application Permissions for Popular Sites https://isc.sans.edu/forums/diary/OAuth+and+Its+High+Time+for+Some+Personal+SecurityScaping+Today/22400/ Apple Working on Firmware Integrity Check http://apple.stackexchange.com/questions/282028/pop-up-firmware-changes-detected-randomly-appear Panda Mobile Anti Malware Releases Patch for Evilgrade Bug https://www.contextis.com/resources/blog/exploiting-vulnerable-pandas/ ASUS RT Router Vulnerabilities https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/ Microsoft Edge SOP Bypass https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/ Linux Kernel Packet Socket Vulnerability Exploit https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html

Microsoft Path Tuesday Summary https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+and+Adobe/22396/ Snake For Mac OS X Included in Handbrake https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/ Cisco Patches CMP-Telnet Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp WolfSSL Library X.509 Certificate Text Parsing Code Execution Vulnerability http://blog.talosintelligence.com/2017/05/wolfssl-x509-vuln.html

Exploring a P2P Transient Botnet - From Discovery to Enumeration https://isc.sans.edu/forums/diary/Exploring+a+P2P+Transient+Botnet+From+Discovery+to+Enumeration/22392/ Video Conversion Application Handbrake Compromised https://forum.handbrake.fr/viewtopic.php?f=33&t=36364 Emergency Update for Microsoft Malware Protection Engine https://technet.microsoft.com/en-us/library/security/4022344 OS X Keychain OTR Vulnerability https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605

Tenable Discovers Details Regarding Intel AMT Vulnerability http://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability Android Apps Use Ultrasound Beacons To Track Users http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf HTTP Headers... the Achilles' Heel of Many Applications https://isc.sans.edu/forums/diary/HTTP+Headers+the+Achilles+heel+of+many+applications/22382/

Google OAUTH Spam Wrapup https://threatpost.com/1-million-gmail-users-impacted-by-google-docs-phishing-attack/125436/ Artificial Master Fingerprint Set https://wp.nyu.edu/memon/the-master-print/ rpcbind denial of service https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ Debian Discontinue FTP Support for Downloads https://www.debian.org/News/2017/20170425

Google Docs OAUTH Phishing E-Mails https://isc.sans.edu/forums/diary/OAUTH+phishing+against+Google+Docs+beware/22372/ Review Google App Permissions https://myaccount.google.com/u/0/permissions?pli=1 SS7 Exploits Documented in Banking Attacks http://www.sueddeutsche.de/digital/it-sicherheit-schwachstelle-im-mobilfunknetz-kriminelle-hacker-raeumen-konten-leer-1.3486504 http://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/

Scans Sighted for Ports Used by Intel Remote Management Interface https://isc.sans.edu/port.html?port=16992 https://isc.sans.edu/port.html?port=16993 Outlook Forms Can Run Macros https://sensepost.com/blog/2017/outlook-forms-and-shells/ Jenkins Vulnerability https://jenkins.io/security/advisory/2017-04-26/ Google Android May Patchday https://source.android.com/security/bulletin/2017-05-01 IBM Storwize USB Stick Malware http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E

Intel AMT, SBT and ISM Escalation of Privilege Vulnerability https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ Local Root Exploit in chkrootkit https://lepetithacker.wordpress.com/2017/04/30/local-root-exploit-in-chkrootkit/ Escape Sequence Exploits in Various Linux Terminals http://www.openwall.com/lists/oss-security/2017/05/01/13

Simple Javascript Word Macro Not Recognized By Many AV Products https://isc.sans.edu/forums/diary/Another+Day+Another+Obfuscation+Technique/22354/ OS X Malware Adds Proxy To Intercept HTTPS http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/ OVH Vulnerability Put Servers at Risk https://jrwr.io/doku.php?id=blog:ovh_vrack_security_issue

VISA IP Block Hijacked By Russian ISP https://isc.sans.edu/forums/diary/BGP+Hijacking+The+Internet+is+StillAgain+Broken/22350/ Antminer "Checking" DoS Vulnerability http://www.antbleed.com Symantec Offers Audits To Stave Off Google's CA Blacklisting https://www.symantec.com/connect/blogs/symantec-ca-proposal NoMX Security E-Mail Appliance Pentest https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/ vendor response: www.nomx.com SANS Defending Web Applications https://www.sans.org/dev522

Bots Disrupts US ISP https://www.bleepingcomputer.com/news/security/us-isp-goes-down-as-two-malware-families-go-to-war-over-its-modems/ Samsung Smart TV Wi-Fi Direct Exploit http://seclists.org/fulldisclosure/2017/Apr/101 Adobe Publishes ColdFusion Update https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html SNMP Misconfiguration Eliminates Community String Validation https://stringbleed.github.io/#

CAA Records and Certificate Issuance https://isc.sans.edu/forums/diary/CAA+Records+and+Certificate+Issuance/22342/ Hyundai Blue Link Infomration Disclosure https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed HP, Philips, Fujitsu Display Software Privilege Escalation http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html

Android Malware MilyDoor Builds Backdoor Into Networks Via SSH/SOCKS http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/ Remote Code Execution Flaw in Squirrelmail http://seclists.org/fulldisclosure/2017/Apr/81 Atlassian Confluence Update https://confluence.atlassian.com/doc/confluence-security-advisory-2017-04-19-887071137.html TCP Proxy Over Named Pipes / SMB https://github.com/dxflatline/flatpipes

Increase in Port 81 Traffic https://isc.sans.edu/forums/diary/WTF+tcp+port+81/22332/ Analyzing a Document and Malware Trying to Exploit CVE-2017-0199 (HTA) https://isc.sans.edu/forums/diary/Malicious+Documents+A+Bit+Of+News/22334/ DOUBLEPULSAR Detected on Tens of Thousands of Systems http://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/ NVidia Includes Node.js Server With Drivers http://blog.sec-consult.com/2017/04/application-whitelisting-application.html Android SMSVova Spyware Survives in Google Play Store for 3 Years https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store

Detecting Covert DNS Channels https://isc.sans.edu/forums/diary/DNS+Query+Length+Because+Size+Does+Matter/22326/ Ambient Light Sensors May Become Accessible Via JavaScript https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ BIND Name Server Update https://kb.isc.org/article/AA-01491 Entropy As A Service https://www.getnetrandom.com Webcast: NoSQL Doesn't Make You NoVulnerable https://www.sans.org/webcasts/nosql-doesnt-novulnerable-104897

Hunting and Analyzing Malicious Excel Files https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Excel+Sheets/22322/ Bose May Be Spying on Listeners https://www.scribd.com/document/345620278/Bose-Privacy-Complaint Microsoft No-Password Sign In https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-password-phone-sign-in-for-microsoft-accounts/ Owncloud/Nextcloud Bug Reports Include Passwords https://blog.hboeck.de/archives/885-Passwords-in-the-Bug-Reports-OwncloudNextcloud.html Fuzzing Used to Find a Tcpdump Vulnerability https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/ DNS Homograph Detection https://github.com/dutchcoders/homographs For Friday's (and other upcoming webcasts), see https://www.sans.org/webcasts

Details about how to exploit CVE-2017-0199 https://rewtin.blogspot.com.au/2017/04/cve-2017-0199-practical-exploitation-poc.html User Provided Patch To Help Update Old Operating Systems on New CPU https://github.com/zeffy/kb4012218-19 Forensics Tools and Issues With Windows 10 Compact OS https://www.heise.de/security/artikel/Forensik-Tools-patzen-bei-neuer-Windows-Kompression-3676075.html

Detecting IDN Phishing Domains https://isc.sans.edu/forums/diary/Tool+to+Detect+Active+Phishing+Attacks+Using+Unicode+LookAlike+Domains/22310/ Old Linux Kernel Bug Allows for Remote Code Execution via UDP https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191 Microsoft Edge JavaScript "fetch" Function Can Be Used to Leak User Data http://mov.sx/2017/04/16/microsoft-edge-leaks-url.html

Detecting SMB Cover Channel "Doublepulsar" https://isc.sans.edu/forums/diary/Detecting+SMB+Covert+Channel+Double+Pulsar/22312/ ETERNALBLUE: Windows SMBv1 Exploit https://isc.sans.edu/forums/diary/ETERNALBLUE+Windows+SMBv1+Exploit+Patched/22304/

Packet Captures Filtered By Process https://isc.sans.edu/forums/diary/Packet+Captures+Filtered+by+Process/22296/ C-LDAP Used to Amplify DDoS Attack https://isc.sans.edu/forums/diary/Akamai+reports+UDP+DDOS+Using+CLDAP+reaching+24Gbps/22300/ Juniper Updates https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES SAP Patches Code Injection in TREX https://erpscan.com/press-center/press-release/critical-vulnerability-affects-sap-hana-dozen-sap-applications/ More Details About Dallas Siren Hack https://duo.com/blog/the-dallas-county-siren-hack