Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Russian Malspam Distributing Troldesh Ransomware https://isc.sans.edu/forums/diary/Malspam+distributing+Troldesh+ransomware/21717/ Poisontap Exploits USB Ethernet Adapters https://samy.pl/poisontap/ Symantec Patches Untrusted DLL Loading Vulnerability https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161115_00 VMWare Patches VM Escape Vulnerablity http://www.vmware.com/security/advisories/VMSA-2016-0019.html Some Android Phones Leak Data To China http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html Jacksonville ISC2 Meeting https://www.eventbrite.com/e/isc2-ne-florida-chapter-meeting-november-2016-tickets-29050701430

Vulnerability in LUKS Can Be used to Boot Encrypted Linux Systems http://betanews.com/2016/11/15/linux-security-bug-cryptsetup-luks/ Shazam Keeps Microphone Turned on Even While not "Listening" https://objective-see.com/blog/blog_0x13.html nginx Privilege Escalation Vulnerability (Debian Only) http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html

Indictment for the theft of FIFA Game Coins https://regmedia.co.uk/2016/11/14/fifafraudindictment.pdf Crysis Ransomware Master Encryption Key Released http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/ Adult Friend Finder Breached https://www.leakedsource.com/blog/friendfinder Lightbulb Web Application Firewall Auditing Framework http://seclist.us/lightbulb-is-an-open-source-python-framework-for-auditing-web-applications-firewalls.html

EMET Will Defeat Shell Code Executing Inside Word https://isc.sans.edu/forums/diary/VBA+Shellcode+and+EMET/21705/ Bitcoin Miners Distributed via FTP Exploits https://isc.sans.edu/forums/diary/Bitcoin+Miner+File+Upload+via+FTP/21707/ 5 Russian Banks Suffer DoS Attack https://www.rt.com/news/366172-russian-banks-ddos-attack/ Wifi May Reveal Mobile Phone Passwords http://dl.acm.org/citation.cfm?id=2978397

ICMP Unreachable DoS Attacks https://isc.sans.edu/forums/diary/ICMP+Unreachable+DoS+Attacks+aka+Black+Nurse/21699/ OpenSSL 1.1.0 Patch https://www.openssl.org/news/secadv/20161110.txt OWASP ModSecurity Core Rule Set Version 3.0.0 Release https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2016-November/002265.html

DoS Attack Turns off Heat for More then a Week http://www.hs.fi/kotimaa/a1478495966653 (finish only) DLink HNAP Vulnerability https://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt PoC Exploits Available for Two MSFT Vulnerabilities https://github.com/tinysec/public/tree/master/CVE-2016-7255 https://g-laurent.blogspot.com/2016/11/ms16-137-lsass-remote-memory-corruption.html OpenSSL Patch Pre-Announced https://mta.openssl.org/pipermail/openssl-announce/2016-November/000085.html Hue Lightbulb Exploit/Worm http://iotworm.eyalro.net (Sophos labels this link as "Spam", but appears to be harmless)

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2016+Microsoft+Patch+Day/21689/ Adobe Updates https://helpx.adobe.com/security/products/connect/apsb16-35.html https://helpx.adobe.com/security/products/flash-player/apsb16-37.html

Tesco Bank Limits Online Banking After Online Criminal Activity https://yourcommunity.tescobank.com/t5/News/Message-for-Current-Account-customers/td-p/6599 Belkin WeMo Devices Used To Attack Mobile Devices https://www.blackhat.com/eu-16/briefings/schedule/index.html#breaking-bhad-abusing-belkin-home-automation-devices-4640 Fake Retail Apps Flooding Apple App Store http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html?_r=0 Netflix Password Recovery via Phone Call Vulnerability https://slashcrypto.org/2016/11/07/Netflix/ Webcast: 8 Ways To Watch The Invisible: Analyzing Encrypted Network Traffic https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277

Hancitor Maldoc Bypasses Application Whitelisting https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Bypasses+Application+Whitelisting/21683/ Microsoft Extends EMET Support Deadline https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/ Wifi Based IMSI Catcher https://www.blackhat.com/docs/eu-16/materials/eu-16-OHanlon-WiFi-IMSI-Catcher.pdf

Reconstruct Binaries Sent via Telnet https://isc.sans.edu/forums/diary/Extracting+Malware+Transmitted+Via+Telnet/21673/ Wix.com DOM Based XSS https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com DNS Based Mail Security https://nccoe.nist.gov/projects/building_blocks/secured_email Web of Trust Plugin Released Anonymized User Data https://www.mywot.com/en/forum/70396--virus-spyware-do-not-install-uninstall-as-soon-as-possible

Exchange Web Service Two-Factor Authentication Bypass http://www.blackhillsinfosec.com/?p=5396 Barracuda DoS Disrupts Mail Delivery http://status.barracuda.com Targobank Looses Account Data After Maintenance http://www.spiegel.de/wirtschaft/service/targobank-kunden-fehlt-geld-auf-dem-konto-it-probleme-a-1119434.html (german only) Ouch! Security Awareness Newsletter http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201611_en.pdf

Malvertising On Google AdWords Targeting macOS Users http://blog.cylance.com/malvertising-on-google-adwords-targeting-macos-users Microsoft Response to Google Privilege Escalation Disclosure https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/ Memcached Remote Code Execution Vulnerabilities http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html SAP Vulnerability Details Released https://erpscan.com/press-center/blog/0-day-sap-vulnerability-published-heres-can/

snapshot.ps1 DFIR Capture https://isc.sans.edu/forums/diary/SEC505+DFIR+capture+script+snapshotps1/21659/ Predicting Domain Reputation http://www.icir.org/vern/papers/predator-ccs16.pdf Mozilla Removing Battery Status API For Privacy Reasons https://www.fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/ Windows Privilege Escalation 0-day Actively Exploited https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html

Volatility Bot: Automated Memory Analysis https://isc.sans.edu/forums/diary/Volatility+Bot+Automated+Memory+Analysis/21655/ 911 System Fragility Exposed in Accidental DoS Attacks https://staging.mcso.org/Multimedia/PressRelease/911%20Cyber%20Attack.pdf Vulnerability in Mirai Botnet https://www.invincealabs.com/blog/2016/10/killing-mirai/ XNU Kernel (iOS/macOS) task_t Privildge Escalation https://googleprojectzero.blogspot.de/2016/10/taskt-considered-harmful.html

Small Changes to Ransomware E-Mails May Fool Some Mail Filters https://isc.sans.edu/forums/diary/Your+Bill+Is+Not+Overdue+today/21647/ Microsoft / Google Release Browser Updates to Address Flash Vulnerablity https://technet.microsoft.com/en-us/library/security/ms16-128.aspx https://googlechromereleases.blogspot.com Social Media "Support" Phishing https://www.proofpoint.com/us/corporate-blog/post/cybercriminals-spoof-every-major-bank-masquerade-branded-customer-service-twitter-accounts Path Traversal Vulnerablity in gnu tar https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt Podcast Survey https://dshield.typeform.com/to/lVgHr5

Adobe Releases Emergency Patch For Flash https://isc.sans.edu/forums/diary/Critical+Flash+Player+Update+APSB1636/21643/ Mobile Pwn2Own Writeup http://blog.trendmicro.com/results-mobile-pwn2own-2016/ Mozilla Will Stick With Blacklisting Startcom/WoSign https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ Joomla Exploit Released https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.b8gks1jar Google Spreadsheet Vulnerability https://www.rodneybeede.com/Google_Spreadsheet_Vuln_-_CSRF_and_JSON_Hijacking_allows_data_theft.html

Joomla Fixes Two Critical Vulnerablities; https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html Letsencrypt Domain Verification Problem https://dan.enigmabridge.com/lets-encrypts-vulnerability-as-a-feature-authz-reuse-and-eternal-account-key/ New Locky Variants: Pumpkin Locky http://blog.talosintel.com/2016/10/pumpkin-locky.html Pagers still in use for Critical Infrastructure http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/industrial-plant-beepers-leaking-secrets

Updates For iOS, MacOS, Safari https://support.apple.com/en-us/HT201222 LTE Intercept Vulnerability http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ Rowhammer Exploit Demonstrated Against Android https://www.vusec.net/projects/drammer/

ISC Briefing: Large DDoS Attack Against Dyn https://isc.sans.edu/forums/diary/ISC+Briefing+Large+DDoS+Attack+Against+Dyn/21627/ TCP Port 4786: Cisco Memory Leak Vulnerability https://isc.sans.edu/forums/diary/Request+for+Packets+TCP+4786+CVE20166385/21625/ Dirty Cow PoC Exploits Available https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs To register for today's SANS Technology Institute's Professional Lecture Series, pleaes e-mail info@sans.edu

NanoCore RAT Malspam Update https://isc.sans.edu/forums/diary/Malspam+delivers+NanoCore+RAT/21615/ Dirty Cow Privilege Escalation Flaw https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 Lexmark Markvision Enterprise Application Vulnerability https://www.digitaldefense.com/blog-zero-day-lexmark-markvision/ WebRTC Security Overview https://webrtc-security.github.io UPnP Scanner https://www.tenable.com/blog/do-you-know-where-your-upnp-is