Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Oblivious DoH https://blog.cloudflare.com/oblivious-dns/ HTTP Archive Almanach https://almanac.httparchive.org/en/2020/security Open Source IoT TCP/IP Stack Vulnerabilities https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/ Fireeye Red Team Tool Signatures https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/December+2020+Microsoft+Patch+Tuesday+Exchange+Sharepoint+Dynamics+and+DNS+Spoofing/26860/ Adobe Patch Tuesday https://helpx.adobe.com/security.html OpenSSL Patch (Tuesday) https://www.openssl.org/news/secadv/20201208.txt

Corrupt BASE64 Strings: Detection and Decoding https://isc.sans.edu/forums/diary/Corrupt+BASE64+Strings+Detection+and+Decoding/26616/ Microsoft Teams Remote Code Execution Vulnerability (Patched) https://github.com/oskarsve/ms-teams-rce PlayStation Now RCE https://hackerone.com/reports/873614 Cisco Security Manager Java Deserialization Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD

Proxy Scanner Attempting to Connect to Specific Hostname https://isc.sans.edu/forums/diary/Is+IP+91199118137+testing+Access+to+aahwwx52hostxyz/26852/ Recovering Passwords From Pixelized Screenshots https://www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema/ Tomcat Information Leak http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E Google Updates https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html

Traffic Analysis Quiz: Mr. Natural https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Mr+Natural/26844/ An iOS Zero-Click Radio Proximity Exploit Odyssey https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html Github "State of the Octoverse" Report https://octoverse.github.com/static/2020-security-report.pdf Christopher Hurless: Open-Source Endpoint Detection and Response with CIS Benchmarks, OSQuery, Elastic Stack and The Hive https://www.sans.org/reading-room/whitepapers/incident/open-source-endpoint-detection-response-cis-benchmarks-osquery-elastic-stack-thehive-39900

Prevelance of DNS Spoofing https://arxiv.org/abs/2011.12978 New npm Malware Includes Bladabindi Trojan https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware DarkIRC Bot Exploits Recent Oracle WebLogic Vulnerablity https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability

Xanthe Docker Aware Miner https://blog.talosintelligence.com/2020/12/xanthe-docker-aware-miner.html#more Ocean Lotus Mac Backdoor https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html OpenClinic vs OpenClinic GA https://labs.bishopfox.com/advisories/openclinic-version-0.8.2 https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01 https://sourceforge.net/p/open-clinic/discussion/1231980/thread/a2e8909fc5/ Register For Cyberstart https://www.cyberstartamerica.org

Decrypting PowerShell Payloads https://isc.sans.edu/forums/diary/Decrypting+PowerShell+Payloads+video/26838/ Trend Micro ServerProtect for Linux https://success.trendmicro.com/solution/000281950 WebKit Vulnerabilities https://blog.talosintelligence.com/2020/11/vuln-spotlight-webkit-use-after-free-nov-2020.html New Skimmer JS https://twitter.com/AffableKraut/status/1333258498910588928

Live Patching Windows API Calls Using PowerShell https://isc.sans.edu/forums/diary/Live+Patching+Windows+API+Calls+Using+PowerShell/26826/ Threat Hunting with JARM https://isc.sans.edu/forums/diary/Threat+Hunting+with+JARM/26832/ https://isc.sans.edu/forums/diary/Quick+Tip+Using+JARM+With+a+SOCKS+Proxy/26834/ Be Careful With IoT Gifts https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/ https://www.cyberscoop.com/smart-doorbells-amazon-ebay-ncc-vulnerabilities/ Active Exploitation of Mobile Iron Vulnerabilities https://www.ncsc.gov.uk/news/alert-multiple-actors-attempt-exploit-mobileiron-vulnerability

The Special Case of TCP Resets https://isc.sans.edu/forums/diary/The+special+case+of+TCP+RST/26824/ VMWare Workspace Vulnerability https://www.theregister.com/2020/11/24/vmware_urges_sysadmins_to_implement/ Holiday Hack Challenge 2020 https://holidayhackchallenge.com/2020/

Quick Tip: Cobalt Strike Beacon Analysis https://isc.sans.edu/forums/diary/Quick+Tip+Cobalt+Strike+Beacon+Analysis/26818/ Godaddy Social Engineering Used to Compromise Bitcoin Exchange Domains https://blog.liquid.com/security-incident-november-13-2020 Spoofed FBI Domains https://www.ic3.gov/Media/Y2020/PSA201123

Updates for VMWare ESXi; Fusion and Workstation https://www.vmware.com/security/advisories/VMSA-2020-0026.html IBM DB2 Vulnerability https://www.ibm.com/support/pages/node/6370025 https://www.ibm.com/support/pages/node/6370023 Fortinet SSL VPN Exploit Used to Collect Credentials https://twitter.com/Bank_Security/status/1329426020647243778

PowerShell Dropper Delivering Formbook https://isc.sans.edu/forums/diary/PowerShell+Dropper+Delivering+Formbook/26806/ Google Leading the Way in Phishing https://www.armorblox.com/blog/ok-google-build-me-a-phishing-campaign Identifying Malicious Servers With JARM https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a Daniel Behrens: Industrial Traffic Collection: Understanding the Implications of Deploying Visibility Without Impacting Production https://www.sans.org/reading-room/whitepapers/ICS/industrial-traffic-collection-understanding-implications-deploying-visibility-impacting-production-39810

When Security Controls Lead to Security Issues https://isc.sans.edu/forums/diary/When+Security+Controls+Lead+to+Security+Issues/26804/ Google Chrome Update https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html Firefox 83 HTTPS Only Mode https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ OOB Windows Kerberos Update https://docs.microsoft.com/en-us/windows/release-information/windows-message-center Cisco WebEx Patch Fixes "Ghost Users" https://securityintelligence.com/posts/ibm-works-with-cisco-exorcise-ghosts-webex-meetings/ Ransomware Flooding Printers https://twitter.com/Irlenys/status/1327784305465188353

Apple Binaries Used to Bypass 3rd Party Security Products on MacOS 11 https://twitter.com/patrickwardle/status/1327726496203476992 Apple Improving Privacy on App Certificate Checks https://support.apple.com/en-us/HT202491 Cisco Security Manager Vulnerabilities https://gist.github.com/Frycos/8bf5c125d720b3504b4f28a1126e509e https://tools.cisco.com/security/center/publicationListing.x

Old Vulnerbilities Don't Die https://isc.sans.edu/forums/diary/Heartbleed+BlueKeep+and+other+vulnerabilities+that+didnt+disappear+just+because+we+dont+talk+about+them+anymore/26798/ Citrix Virtual Apps and Desktops Security Update https://support.citrix.com/article/CTX285059 Zoom Security Improvements https://blog.zoom.us/new-ways-to-combat-zoom-meeting-disruptions/ Firefox File Read Vulnerability Details https://medium.com/@kanytu/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d

Oledump Removed Macro Indicator https://isc.sans.edu/forums/diary/oledumps+Indicator/26794/ Old Worm But New Obfuscation Technique https://isc.sans.edu/forums/diary/Old+Worm+But+New+Obfuscation+Technique/26792/ MacOS OCSP Disaster https://blog.cryptohack.org/macos-ocsp-disaster VoltPillager: Hardware-base fault injection attacks against Instel SGX Enclaves using the SVID voltage scaling interface https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf

Preventing Exposed Azure Blob Storage https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/ Apple Security Updates https://support.apple.com/en-us/HT201222 DNS Cache Poisoning Attack Reloaded https://dl.acm.org/doi/pdf/10.1145/3372297.3417280 Rebel Powell: Poisoned Postman; Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment https://www.sans.org/reading-room/whitepapers/cloud/poisoned-postman-detecting-manipulation-compliance-features-microsoft-exchange-online-environment-39850

Traffic Analysis Quiz https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+DESKTOPFX23IK5/26780/ Open Source Security Scorecards https://github.com/ossf/scorecard Bitdefender: UPX Unpacking Featuring Ten Memory Corruptions https://landave.io/2020/11/bitdefender-upx-unpacking-featuring-ten-memory-corruptions/ Ubuntu 20.04 Privilege Escalation https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+November+2020+Patch+Tuesday/26778/ "Platypus" Attack against Intel SGX https://platypusattack.com/ Adobe Updates https://helpx.adobe.com/security.html Firefox Updates https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950 Fingerprinting ADS-B Signals https://icnp20.cs.ucr.edu/proceedings/aimcom2/Real-World%20ADS-B%20signal%20recognition%20based%20on%20Radio%20Frequency%20Fingerprinting.pdf