Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

How Attackers Brush Up Their Malicious Scripts https://isc.sans.edu/forums/diary/How+Attackers+Brush+Up+Their+Malicious+Scripts/26770/ RansomEXX Trojan Attacks Linux Systems https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/ Fake Microsoft Teams Updates Lead to Cobalt Strike Deployment https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/ More NPM Malare Found https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys- The Internet is Getting Safer: Fall 2020 RPKI Update https://blog.cloudflare.com/rpki-2020-fall-update/

Cryptojacking Targeting WebLogic TCP/7001 Cryptojacking Targeting WebLogic TCP/7001 https://isc.sans.edu/forums/diary/Cryptojacking+Targeting+WebLogic+TCP7001/26768/ Extracting VBA Code From Maldocs https://isc.sans.edu/forums/diary/Quick+Tip+Extracting+all+VBA+Code+from+a+Maldoc/26772/ Let's Encrypt May No Longer Be Recognized by Older Android Versions https://letsencrypt.org/2020/11/06/own-two-feet.html Linux Kernel to Remove set_fs() http://lkml.iu.edu/hypermail/linux/kernel/2010.3/00552.html BigIP Vulnerability https://support.f5.com/csp/article/K43310520

Did You Spot "Invoke-Expression" ? https://isc.sans.edu/forums/diary/Did+You+Spot+InvokeExpression/26762/ Apple Security Updates https://support.apple.com/en-us/HT201222 Corporte VoIP Phone System Attacks https://blog.checkpoint.com/2020/11/05/whos-calling-gaza-and-west-bank-hackers-exploit-and-monetize-corporate-voip-phone-system-vulnerability-internationally/ Mark Lucas: Replacing WINS in an Open Environment with Policy Managed DNS Servers https://www.sans.org/reading-room/whitepapers/dns/replacing-wins-open-environment-policy-managed-dns-servers-39820

Cisco AnyConnect Security Mobility Client https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK Google Chrome Root CA Policy https://www.chromium.org/Home/chromium-security/root-ca-policy Android November 2020 Security Bulletin https://source.android.com/security/bulletin/2020-11-01

Attackers Exploiting WebLogic Servers to Install Cobalt Strike https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752 New SaltStack Vulnerabilities https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ Adobe Releases Acrobat/Reader Update https://helpx.adobe.com/security/products/acrobat/apsb20-67.html Malicious Twilio NPM Package https://www.npmjs.com/advisories/1574 GitHub Workflow Injection Vulnerabilities https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids

Emotet -> Qakbot -> More Emotet https://isc.sans.edu/forums/diary/Emotet+Qakbot+more+Emotet/26750/ WebLogic Bad News https://www.oracle.com/security-alerts/alert-cve-2020-14750.html https://twitter.com/80vul/status/1322078337137700865 Google Chrome Update https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html NAT Slipstreaming Re-Discovered https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html

Quick Status of the CAA DNS Record Adoption https://isc.sans.edu/forums/diary/Quick+Status+of+the+CAA+DNS+Record+Adoption/26738/ Windows Kernel cng.sys pool-based buffer overflow CVE-2020-17087 https://bugs.chromium.org/p/project-zero/issues/detail?id=2104 Operation Earth Kitsune https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations

PATCH NOW: CVE-2020-14882 WebLogic Actively Exploited https://isc.sans.edu/forums/diary/PATCH+NOW+CVE202014882+Weblogic+Actively+Exploited+Against+Honeypots/26734/ Zonealarm Update https://www.zonealarm.com/software/extreme-security/release-history Ransomware Targeting Healthcare https://us-cert.cisa.gov/ncas/alerts/aa20-302a OpenEMR Vulnerabilities https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability Mishka McCowan: Mitigating Risk with the CSA 12 Critical Risks for Serverless Applications https://www.sans.org/reading-room/whitepapers/cloud/mitigating-risk-csa-12-critical-risks-serverless-applications-39845

SMBGhost Remains Unpatched on 8% of Exposed SMB Servers https://isc.sans.edu/forums/diary/SMBGhost+the+critical+vulnerability+many+seem+to+have+forgotten+to+patch/26732/ Microsoft Defender ATP Cobalt Strike False Positive https://twitter.com/ffforward/status/1321375690084810753?s=20 QNAP Security Advisory https://www.qnap.com/en/security-advisory/QSA-20-09 New Linux Trickbot Version Sighted https://www.netscout.com/blog/asert/dropping-anchor Abuse.ch Needs Help https://abuse.ch/blog/moving-forward/

Vulnerable SonarQube Configurations Used to Steal Code https://beta.documentcloud.org/documents/20399900-fbi_flash_sonarqube_access_bc Microsoft Edge Security Updates (Chromium-Based) https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002 Microsoft Releases Flash Removal Tool https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player Bypassing MSFT Teams Policies https://o365blog.com/post/teams-policies/

Excel 4 Macros: "Abnormal Sheet Visibility" https://isc.sans.edu/forums/diary/Excel+4+Macros+Abnormal+Sheet+Visibility/26726/ HP Printer Applications Certificate Revoked https://eclecticlight.co/2020/10/23/why-have-my-hp-printers-stopped-working-how-to-check-their-software-signature/ Link Previews and Privacy https://www.mysk.blog/2020/10/25/link-previews/

An Alternative to Shodan: Censys https://isc.sans.edu/forums/diary/An+Alternative+to+Shodan+Censys+with+UserAgent+CensysInspect11/26718/ Sooty: SOC Analyst's All-in-One Tool https://isc.sans.edu/forums/diary/Sooty+SOC+Analysts+AllinOne+Tool/26714/ Adversarial ML Threat Matrix https://github.com/mitre/advmlthreatmatrix Samsung S20 RCE https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/ VMWare Advisory https://www.vmware.com/security/advisories/VMSA-2020-0023.html

BazarLoader Phishing Lures https://isc.sans.edu/forums/diary/BazarLoader+phishing+lures+plan+a+Halloween+party+get+a+bonus+and+be+fired+in+the+same+afternoon/26710/ Stalled Reviews for Secure Boot Shim https://github.com/rhboot/shim-review/issues/120 https://github.com/rhboot/shim-review/issues/102#issuecomment-698963751 Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x

Shipping Dangerous Goods https://isc.sans.edu/forums/diary/Shipping+dangerous+goods/26702/ Chinese State-Sponsored Actors Exploit Same Vulnerablities as Others https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF URL Bar Spoofing Vulnerabilities https://thehackernews.com/2020/10/browser-address-spoofing-vulnerability.html Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2020.html

Mirai-alike Python Scanner https://isc.sans.edu/forums/diary/Miraialike+Python+Scanner/26698/ Google Chrome Update (actively exploited vulnerability fixed) https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html QNAP Fixes ZeroLogon Vulnerability https://www.qnap.com/en/security-advisory/qsa-20-07 GravityRat Going Multi Platform https://usa.kaspersky.com/about/press-releases/2020_infamous-gravity-rat-spyware-evolves-to-target-multiple-platforms US Census Spoof https://beta.documentcloud.org/documents/20397864-fbi-flash-unattributed-entities-register-domains-10142020

Out of Band MSFT Patches https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023 Adobe Magento Patches https://helpx.adobe.com/security/products/magento/apsb20-59.html Attacks against SS7 https://www.haaretz.com/israel-news/tech-news/.premium-exclusive-intricate-hack-against-israeli-crypto-execs-mossad-investigating-1.9211991 https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/

CVE-2020-5135 SonicWall Buffer Overflow https://isc.sans.edu/forums/diary/CVE20205135+Buffer+Overflow+in+SonicWall+VPNs+Patch+Now/26692/ Spammer Attached Mass Mailer Configuration Instead of Malware https://isc.sans.edu/forums/diary/File+Selection+Gaffe/26694/ Traffic Analysis Quiz: Ugly-Wolf.net https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+UglyWolfnet/26688/ Qualcomm QCMAP Vulnerabilities https://www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities Discord Desktop App RCE https://mksben.l0.cm/2020/10/discord-desktop-rce.html

Obfuscated Python RAT https://isc.sans.edu/forums/diary/Nicely+Obfuscated+Python+RAT/26680/ BadNeighbor ICMPv6 Router Advertisement Update https://isc.sans.edu/forums/diary/CVE202016898+Windows+ICMPv6+Router+Advertisement+RRDNS+Option+Remote+Code+Execution+Vulnerability/26684/ BlueZ Vulnerability https://www.youtube.com/watch?v=qPYrLRausSw https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html https://security.googleblog.com/ (available "soon") Zoom Rolling Out End-to-End Encryption https://blog.zoom.us/zoom-rolling-out-end-to-end-encryption-offering/

TA551/Shathak Word Docs Push IcedID and Bokbot https://isc.sans.edu/forums/diary/More+TA551+Shathak+Word+docs+push+IcedID+Bokbot/26674/ MSFT Patch Tuesday Followup https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952 Apple T2 Chip Vulnerability Confirmed https://9to5mac.com/2020/10/13/t2-exploit-team/ SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2020+Patch+Tuesday/26672/ Adobe Updates https://helpx.adobe.com/security/products/flash-player/apsb20-58.html