Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Analysis of a Distributed Denial of Service Attack https://isc.sans.edu/forums/diary/Analysis+of+a+Distributed+Denial+of+Service+DDoS/21109/ Bluecoat CA http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/ Google Requires Symantec CAs to Comply With Certificate Transparency https://cabforum.org/pipermail/public/2016-May/007573.html

Keeping an Eye on Tor Traffic https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Tor+Traffic/21103/ Next Generation Tor Passed First Test https://blog.torproject.org/blog/mission-montreal-building-next-generation-onion-services DDoS Prives Drop https://www.incapsula.com/blog/unmasking-ddos-for-hire-fiverr.html Older Microsoft Office Vulnerabilities Still Used by "APT" Actors https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/

DNS Covert Channel Used in Targeted Attacks http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/ Genius Web Annotation Serivce Is Removing Security Headers http://www.theverge.com/2016/5/25/11505454/news-genius-annotate-the-web-content-security-policy-vulnerability Canary Tokens For Windows Binaries http://blog.thinkst.com/2016/05/certified-canarytokens-alerts-from_25.html Cisco Patches IPv6 ND DoS Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

Verisign/US-Cert Warn of The Use of Local TLDs for WPAD http://www.verisign.com/assets/labs/MitM-Attack-by-Name-Collision-Cause-Analysis-and-WPAD-Vulnerability-Assessment-in-the-New-gTLD-Era.pdf Proposal To Use TLS for DNS https://www.rfc-editor.org/rfc/rfc7858.txt Azure Blacklists Common Password https://blogs.technet.microsoft.com/ad/2016/05/24/another-117m-leaked-usernames-and-passwords-new-best-practices-azuread-and-msa-can-help/ Google Attempts to Eliminate Passwords http://www.androidauthority.com/google-kills-passwords-trust-api-694394/

Detailed Technical Report Released About Targeted Attack Against RUAG https://isc.sans.edu/forums/diary/Technical+Report+about+the+RUAG+attack/21091/ New Variation of PastJacking Exploit Affecting vim https://github.com/dxa4481/Pastejacking Xen qemu Patch Released to Limit Log File Size http://xenbits.xen.org/xsa/advisory-180.html

Missing MRU Registry Keys For Files Opened With Winzip https://isc.sans.edu/forums/diary/The+strange+case+of+WinZip+MRU+Registry+key/21087/ OWASP Asking for Top 10 Overhaul Input https://twitter.com/wichers/status/733855223832272896 Google is Updating the Safe Browsing API https://security.googleblog.com/2016/05/evolving-safe-browsing-api.html Facebook Sued Over Scanning Of Private Messages https://cdn2.vox-cdn.com/uploads/chorus_asset/file/6509911/campbell-certification-order.0.pdf Malware Stores Code in Macro UI Buttons https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a-sneaky-new-trick/ SANSFIRE 2016 https://www.sans.org/event/sansfire-2016

EITest Campaign Still Going Strong https://isc.sans.edu/forums/diary/EITest+campaign+still+going+strong/21081/ Android Malware Affecting Google Pay Acceptance http://www.theregister.co.uk/2016/05/19/android_pay_analysis/ OS 9.3 Restricts Use Of Fingerprint https://www.apple.com/business/docs/iOS_Security_Guide.pdf

Teslacrypt Shutting Down and Releasing Master Key http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/ Office 365 Risks https://www.skyhighnetworks.com/cloud-security-blog/7-charts-reveal-the-meteoric-rise-of-office-365/ LinkedIn Data Leaked From Past Breach https://twitter.com/troyhunt/status/732838759390191617 Google Discontinuing SSLv3/RC4 Support for SMTP http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html

Exploit for Recently Patched Cisco IKEv1/v2 Bufferoverflow Published https://isc.sans.edu/forums/diary/Exploit+Available+For+Cisco+IKEv1+and+IKEv2+Buffer+Overflow+Vulnerability/21065/ Symantec Antivirus Engine Malformed PE Header Parser Vulnerability https://isc.sans.edu/forums/diary/CVE20162208+Symantec+Antivirus+Engine+Malformed+PE+Header+Parser+Memory+Access+Violation/21069/ New CryptXXX Decryption Tool From Kaspersky https://blog.kaspersky.com/cryptxxx-decryption-20/12091/ More Malware in Google Play Store http://blog.checkpoint.com/2016/05/09/viking-horde-a-new-type-of-android-malware-on-google-play/ iPadPro Crashes After Updating to iOS 9.3.2 http://www.macrumors.com/2016/05/17/9-7-inch-ipad-pro-crashing-issues-safari/ New Remote Code Execution in Magento E-Commerce Software http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/

419 Death Scams Still Going Around https://isc.sans.edu/forums/diary/An+oldie+but+a+goodie+419+Death+Scam/21061/ Apple Updates https://support.apple.com/en-us/HT201222 Flash Zero Day Details https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html Google "HTML5 By Default" Draft https://docs.google.com/presentation/d/106_KLNJfwb9L-1hVVa4i29aw1YXUy9qFX-Ye4kvJj-4/edit#slide=id.p

Python Malware https://isc.sans.edu/forums/diary/Python+Malware+Part+1/21057/ Ubiquity AirOS Worm http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940 Google Chrome Update http://www.theregister.co.uk/2016/05/13/google_crushes_five_vulns_with_patch_run_and_20k_in_bug_bounties/ More Banks Affected By Fake SWIFT Transactions http://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html?_r=0 Microsoft Releases Windows 10 Security Auditing And Monitoring Reference https://www.microsoft.com/en-us/download/details.aspx?id=52630

Adobe Flash Player Update Released https://helpx.adobe.com/security/products/flash-player/apsb16-15.html Microsoft Excel Phishing https://isc.sans.edu/forums/diary/Another+Day+Another+Wave+of+Phishing+Emails/21045/ Squid Proxy Bug Allows For Cache Poisoning http://bugs.squid-cache.org/show_bug.cgi?id=4501 Nation State Attackers May Exploit Firefox https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/

Exploited Flash Vulnerablity Patched Only For Windows https://helpx.adobe.com/security/products/flash-player/apsa16-02.html SAP Vulnerabilities Exploited https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications Free Decryption Tool For CryptXXX No Longer Works https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool Multiple 7-Zip Vulnerabilities http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html Ransomware Overview https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/edit#gid=0

Windows Patch Tuesday https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10 Adobe Patch Tuesday https://helpx.adobe.com/security.html

Network Forensics With DShell https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/ Aruba Vulnerabilities (and Patches) http://seclists.org/fulldisclosure/2016/May/19 Allwinner Android Device Debug Backdoor http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/ ImageTragick Flaw Being Exploited https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/ Attacking JSON Web Tokens https://www.notsosecure.com/crafting-way-json-web-tokens/ ASUS UEFI Red Screen Of Death Workaround https://www.asus.com/support/FAQ/1016356/

A Quick Introduction To Linux Capabilities https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/ Review of TLS Proxy Security Issues http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf Ransomware Claims to Donate Proceeds To Charity https://heimdalsecurity.com/blog/security-alert-new-ransomware-donate-earnings-charity/

Large Number of Credentials Offered For Sale http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6 Alphalocker: Affordable Ransom Ware https://blog.cylance.com/an-introduction-to-alphalocker JAKU Botnet https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf Juniper Update http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734&cat=SIRT_1&actp=LIST

Malicious Ads Seens On CBS TV Stations https://blog.malwarebytes.org/threat-analysis/2016/05/cbs-affiliated-television-stations-expose-visitors-to-angler-exploit-kit/ ImageMagick Vulnerability https://isc.sans.edu/forums/diary/ImageTragick+Another+Vulnerability+Another+Nickname/21023/ Fake DDoS Threats Continue http://www.actionfraud.police.uk/news/online-extortion-demands-affecting-businesses-apr16/ Cisco Patches Tele Presence Equipment https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml Cracking PeopleSoft PS_TOKEN with oclHashcat http://blog.gosecure.ca/2016/05/04/oracle-peoplesoft-still-a-threat-for-enterprises/

OpenSSL Update Released https://isc.sans.edu/forums/diary/OpenSSL+Updates/21015/ Gerber Exploit Kit Installed By Neutrino EK https://isc.sans.edu/forums/diary/Neutrino+exploit+kit+sends+Cerber+ransomware/21017/ Image Magick Vulnerablity https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 http://www.openwall.com/lists/oss-security/2016/05/03/18 Microsoft Will No Longer Consider SHA-1 Certificates As Secure https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/

Fake Google Chrome Update Installs Malware on Android https://www.zscaler.com/blogs/research/android-infostealer-posing-fake-google-chrome-update Android May Security Bulletin https://source.android.com/security/bulletin/2016-05-01.html Google Chrome Update https://source.android.com/security/bulletin/2016-05-01.html Pwned List Got Pwned http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/