Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Those never-ending waves of Locky Malspam https://isc.sans.edu/forums/diary/Those+neverending+waves+of+Locky+malspam/21505/ Windows Anti Malware Scan Interface (AMSI) http://www.labofapenetrationtester.com/2016/09/amsi.html Cloudflare Intorducing SSL Re-Write https://blog.cloudflare.com/opportunistic-encryption-bringing-http-2-to-the-unencrypted-web/ Australian Police Warns of Malicious USB Sticks https://www.vicpolicenews.com.au/news/harmful-usb-drives-found-in-letterboxes

MacOS Sierra and Safari 10 Released https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/ BackConnect BGP Hijacks http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/ Metasploit Vulnerablity https://github.com/justinsteven/advisories/blob/master/2016_metasploit_rce_static_key_deserialization.md

Taking Over Facebook Pages http://arunsureshkumar.me/index.php/2016/09/16/facebook-page-takeover-zero-day-vulnerability/ Exchange Auto-Discovery Vulnerability http://www.theregister.co.uk/2016/09/19/ms_exchange_alleged_bug/ Spyware Apps Targeting Travelers Removed From Goolge App Store https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/ Firefox Will Patch HSTS Vulnerability https://threatpost.com/mozilla-patching-firefox-certificate-pinning-vulnerability/120694/ OpenSSL Patch Pre-Announcement https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html

Cisco Issues Advisories for IKEv1 "heartbleed like" Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1 Intercepting OS X Passwords https://www.scriptjunkie.us/2016/09/intercepting-passwords-to-escalate-privileges-on-os-x/ Vulnerabilities Introduced By Converting 32 Bit to 64 Bit https://www.tu-braunschweig.de/Medien-DB/sec/pubs/2016-ccs.pdf HSTS Preload Database and Webservices https://hstspreload.com

Locky Ransomware Updates https://blog.avira.com/locky-ransomware-goes-autopilot/ https://blogs.forcepoint.com/security-labs/locky-distributor-uses-newly-released-quant-loader-sold-russian-underground https://isc.sans.edu/forums/diary/Is+2+out+of+3+good+enough+for+AntiMalware/21485/ Critical Update For Cisco WebEx Server https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem Dualtoy Malware Attacks iOS and Android http://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/ Certificate Pinning Issue in Firefox/Tor Browser https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.9jnte0u52

Exploit Attempts for Drupal RESTWS Module Vulnerablity https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Drupal+RESTWS+x+Module+Vulnerability/21481/ Google France XSS Vulnerability https://sysdream.com/news/lab/2016-09-12-cross-site-scripting-vulnerability-found-on-www-google-fr/ Pokemon Go Continues to Lead to Malware https://securelist.com/blog/mobile/76081/rooting-pokemons-in-google-play-store/ VMWare Update Fixes Escape Vulnerablity https://www.vmware.com/security/advisories/VMSA-2016-0014.html

Microsoft Patches https://isc.sans.edu/mspatchdays.html?viewday=2016-09-13 Adobe Air Patches https://helpx.adobe.com/security/products/air/apsb16-31.html iOS 10 Update https://isc.sans.edu/forums/diary/Apple+iOS+10+and+1001+Released/21473/

If it's Free, YOU are the Product https://isc.sans.edu/forums/diary/If+its+Free+YOU+are+the+Product/21469/ Weak MySQL Configurations Can Lead To Privilege Escalation http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html Full Disk Encryption Ransomware https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho?trk=prof-post

Upgrading Security to MacOS Sierra https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/ PCI PIN Transation Security / Point of Interaction Update https://www.pcisecuritystandards.org/documents/PCI_PTS_POI_SRs_v5.pdf IMAPS Scans https://isc.sans.edu/forums/diary/Ongoing+IMAP+Scan+Anyone+Else/21463/

Spikes in SNMP Traffic: Looking for PCAPs https://isc.sans.edu/forums/diary/Curious+SNMP+Traffic+Spike/21457/ New Version of Wireshark Released https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html XEN Hypervisor Vulnerabilities https://xenbits.xen.org/xsa/ Google Moving Ahead With HTTP Phaseout https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html Old Windows Media Player DRM Feature Still Used To Install Malware http://blog.cyren.com/articles/windows-media-player-drm-feature-used-for-malware-delivery-again.html SEC503 Intrusion Detection in Depth Online Training https://www.sans.org/vlive/details/sec503-19sep2016-johannes-ullrich-phd

DShield Blocklist Update https://isc.sans.edu/forums/diary/Updated+DShield+Blocklist/21453/ Fortinet FortiWAN Load Balancer Mulitple Unpatched Vulnerabilities http://www.kb.cert.org/vuls/id/724487 Rapid7 Published NSM Vulnerabilities http://www.theregister.co.uk/2016/09/07/natwork_magement_vulns/ OPM Breached by Two Different Attackers https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf

Google September Android Security Update https://source.android.com/security/bulletin/2016-09-01.html Hard Coded Password / Key Issue Gets Worse http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html Snagging Credentials From Locked Machines (Windows and OS X) https://room362.com/post/2016/snagging-creds-from-locked-machines/

Apple Patches OS X and Safari for Trident/Pegasus Vulnerabilities https://support.apple.com/en-us/HT201222 Malware Delivered via ".pub" Files https://isc.sans.edu/forums/diary/Malware+Delivered+via+pub+Files/21443/ Sophos Anti Virus False Positive Causes Blue Screen of Death https://community.sophos.com/kb/en-us/125000 Adobe Reviving Flash for Linux https://blogs.adobe.com/flashplayer/2016/08/beta-news-flash-player-npapi-for-linux.html Google Patches Nexuse 5X Vulnerability https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/

Malware Using Maxmind For Geolocation https://isc.sans.edu/forums/diary/Maxmindcom+Abused+As+AntiAnalysis+Technique/21435/ Content Security Policy of Limited Use in Real World https://research.google.com/pubs/pub45542.html CryptWare Bitlocker Enhancement Vulnerability https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160831-0_CryptWare_CryptoPro_Manipulation_of_pre-boot_authentication_v10.txt Google Releases Chrome 53 http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html

Abobe ColdFusion Update https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html OS X Bittorrent Client Transmission Backdoored http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/ Arrested Lurk Hacking Group Likely Developed Angler Exploit Kit https://securelist.com/analysis/publications/75944/the-hunt-for-lurk/ Vulnerable REDIS Instances Used by Fake Ransomware https://duo.com/blog/over-18-000-redis-instances-targeted-by-fake-ransomware

Today's Locky Variant Arrives as a Windows Script File https://isc.sans.edu/forums/diary/Todays+Locky+Variant+Arrives+as+a+Windows+Script+File/21423/ OneLogin Breached and Secure Notes Lost https://www.onelogin.com/blog/august-2016-incident USB Memory Stick Can Be Used to Exfiltrate Data Wireless http://cyber.bgu.ac.il/t/USBee.pdf Jail Break App in Apple's App Store https://www.reddit.com/r/jailbreak/comments/506eyp/release_ppjailbreak_on_the_appstore/

CA WoSign Law Validation Policy https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I FBI Warns Of Vulnerabilities in State Election Websites https://www.scribd.com/document/322473050/FBI-Flash-Aug-2016#from_embed Bug in "Keeper" Password Safe Allows Attackers to Steal Passwords https://bugs.chromium.org/p/project-zero/issues/detail?id=917 Bank ATMs Compromised via Malicious EMV Chip https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html

Spam with Obfuscated Javascript https://isc.sans.edu/forums/diary/Spam+with+Obfuscated+Javascript/21415/ Another Day - Another Ransomware Sample https://isc.sans.edu/forums/diary/Another+Day+Another+Ransomware+Sample/21413/ OpenSSL Update https://www.openssl.org/news/openssl-1.1.0-notes.html Opera Sync Server Breached https://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/ Fake Windows Update Delivers Ransomware http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/ Dropbox Resets Old Passwords After Data Leak https://www.dropbox.com/help/9257?oref=e

Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/ Malicious E-Mail Installs Proxy File to Redirect Requests to santander.com.br https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/ Nginx DNS Resolver Issue (Windows Only) http://blog.zorinaq.com/nginx-resolver-vulns/ Wifi Signals Can Be Used for Keystroke Sniffing https://www.sigmobile.org/mobicom/2015/papers/p90-aliA.pdf

Juniper/Cisco Updates Regarding #NSA Exploits https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10605&actp=search http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/ Wildfire Ransomware Takedown and Key Recovery https://blogs.mcafee.com/mcafee-labs/wildfire-ransomware-extinguished-tool-nomoreransom-unlock-files-free/ "Sandscout" tool to exploit iOS Sandbox Vulnerabilities http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html (sorry, only in German) Sweet32 Birthday Attack against 3DES and Blowfish (https/openvpn) http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html