Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

SANS Data Incident 2020 - Indicators of Compromise https://www.sans.org/blog/sans-data-incident-2020-indicators-of-compromise/ Large File Used to Obfuscate Malware https://isc.sans.edu/forums/diary/Definition+of+overkill+using+130+MB+executable+to+hide+24+kB+malware/26464/ Mac Malware Spreading via XCode https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf Citrix Broker Service Detected as Trojan by Windows Defender https://support.citrix.com/article/CTX279897

Decrypting Voice over LTE Calls https://revolte-attack.net/ Vulnerabilities found on Amazon's Alexa https://research.checkpoint.com/2020/amazons-alexa-hacked/ DROVORUB Russian GRU Linux Malware https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF

To the Brim at the Gates of Mordor https://isc.sans.edu/forums/diary/To+the+Brim+at+the+Gates+of+Mordor+Pt+1/26456/ Large Group of Malicious Tor Exit Nodes https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 Intel Updates https://www.intel.com/content/www/us/en/security-center/default.html SANS Data Incident https://www.sans.org/dataincident2020

vBulletin 0-Day Exploit https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/ Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2020+Patch+Tuesday/26452/ Adobe Patches https://helpx.adobe.com/security.html Citrix End Point Management Updates https://www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/

Small Challenge: A Simple Word Maldoc (Solution) https://isc.sans.edu/forums/diary/Small+Challenge+A+Simple+Word+Maldoc+Part+2/26444/ Scoping Web Application Pentests https://isc.sans.edu/forums/diary/Scoping+web+application+and+web+service+penetration+tests/26448/ Problems With Chrome Extensions https://adguard.com/en/blog/fake-ad-blockers-part-3.html PDF Test Suite https://github.com/RUB-NDS/PDF101 https://raw.githubusercontent.com/RUB-NDS/PDF101/master/eval.png Teamviewer Update https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/m-p/99129

Scanning Activity Against WIFICAM Using Netcat https://isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/ Qualcom Snapdragon Vulnerabilities https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/ China Blocking TLS 1.3 and ESNI https://gfw.report/blog/gfw_esni_blocking/en/

FTCode Ransomware Resurfaces https://isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434/ Microsoft Anti-Malware Flaging Host File Manipulation https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/ Reviving older printer vulnerablity https://www.blackhat.com/us-20/briefings/schedule/#a-decade-after-stuxnets-printer-vulnerability-printing-is-still-the-stairway-to-heaven-19685

Malware Analysis Quiz https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Whats+the+Malware+From+This+Infection/26430/ Exploiting CVE-2020-9854 on MacOS https://objective-see.com/blog/blog_0x4D.html iOS OAuth2 Vulnerablity https://www.computest.nl/en/knowledge-platform/blog/vulnerability-new-touchid-feature-iCloud-accounts-at-risk-breached/ Limiting Location Data Exposure https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF

A Reminder to Patch CVE-2020-3452. Active Exploitation Seen https://isc.sans.edu/forums/diary/Reminder+Patch+Cisco+ASA+FTD+Devices+CVE20203452+Exploitation+Continues/26426/ Internet Choke Points: Concentration of Authoritative Name Servers https://isc.sans.edu/forums/diary/Internet+Choke+Points+Concentration+of+Authoritative+Name+Servers/26428/ August Android Patches Released https://source.android.com/security/bulletin/2020-08-01 Possible New iOS Jailbreak Affecting Secure Enclave https://twitter.com/SparkZheng/status/1286599007834271744

VBA Macro With Multiple Command and Control Channels https://isc.sans.edu/forums/diary/Powershell+Bot+with+Multiple+C2+Protocols/26420/ Boothole Patch Causes Unbootable Systems https://access.redhat.com/solutions/5272311 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass#Recovery Disabling MacOS TCC https://objective-see.com/blog/blog_0x4C.html CISA Publishes Details about Chinese Malware https://us-cert.cisa.gov/ncas/current-activity/2020/08/03/chinese-malicious-cyber-activity

Pages Hit By Bad Bots https://isc.sans.edu/forums/diary/What+pages+do+bad+bots+look+for/26414/ KeePassRPC Vulnerablity https://forum.kee.pm/t/a-critical-security-update-for-keepassrpc-is-available/3040 QNAP Updates Malware Remover https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/ Android Phone Updates https://www.theregister.com/2020/07/31/nearly_a_third_of_secondhand/

Python Developers: Prepare! https://isc.sans.edu/forums/diary/Python+Developers+Prepare/26408/ Office 365 Phishing Hiding in Google Ads https://cofense.com/threat-actors-bypass-gateways-google-ad-redirects/ Zoom Brute Forcing Vulnerability https://www.tomanthony.co.uk/blog/zoom-security-exploit-crack-private-meeting-passwords/ Netgear Vulnerabilities https://www.kb.cert.org/vuls/id/576779 https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders OPNSense Update https://opnsense.org/opnsense-20-7/ Microsoft Retiring SHA1 https://techcommunity.microsoft.com/t5/windows-it-pro-blog/sha-1-windows-content-to-be-retired-august-3-2020/ba-p/1544373

Consumer VPNs: You May Be Fine Without It https://isc.sans.edu/forums/diary/Consumer+VPNs+You+May+Be+Fine+Without/26404/ Tails Update https://tails.boum.org/news/version_4.9/index.en.html Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/ Chrome Update https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html GRUB2 Vulnerability https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ Facial Recognition With Masks https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf

New Datafeeds https://isc.sans.edu/forums/diary/All+I+want+this+Tuesday+More+Data/26400/ Emotet Stealing Email Attachments https://twitter.com/CofenseLabs/status/1288167724594671618 Magento Update https://helpx.adobe.com/security/products/magento/apsb20-47.html Explosed Docker Servers Infected with More Malware https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/

In Memory of Donald Smith https://isc.sans.edu/forums/diary/In+Memory+of+Donald+Smith/26396/ Analyzing Metasploit ASP .Net Payloads https://isc.sans.edu/forums/diary/Analyzing+Metasploit+ASP+NET+Payloads/26392/ Emotet Payloads Replaces with GIFs https://twitter.com/GossiTheDog/status/1286271503005290497 QNAP Devices Attacked https://us-cert.cisa.gov/ncas/alerts/aa20-209a

Compromized Desktop Applications By Web Technologies https://isc.sans.edu/forums/diary/Compromized+Desktop+Applications+by+Web+Technologies/26384/ Cracking Maldoc VBA Project Passwords https://isc.sans.edu/forums/diary/Cracking+Maldoc+VBA+Project+Passwords/26390/ Cisco Patching Treck IP Stack Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC Ubiquity Devices Breack Due to Malformed Feed https://community.ui.com/questions/Threat-Management-rules-silently-disabled-for-users-as-of-July-17-2020/35221bd2-843d-41a3-a957-33f57d9a8468

Simple Blocklisting with MISP and pfSense https://isc.sans.edu/forums/diary/Simple+Blocklisting+with+MISP+pfSense/26380/ ISC Intel Feed (Beta. DO NOT USE AS BLOCKLIST) https://isc.sans.edu/api/intelfeed?json (also see isc.sans.edu/api ) ASUS RT-AC1900P Router Vulnerability https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440 DLink Leaks Firmware Encryption Key https://nstarke.github.io/0036-decrypting-dlink-proprietary-firmware-images.html Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86

A Few IoCs Releated to the F5 Vulnerablity CVE-2020-5092 https://isc.sans.edu/forums/diary/A+few+IoCs+related+to+CVE20205092/26378/ PDF Signature Weaknesses https://pdf-insecurity.org/ Sharepoint Vulnerabliity PoC CVE-2020-1147 https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html Twilio Compromise https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/

Comparing Covid19 Remote Services in Different Countries https://isc.sans.edu/forums/diary/Couple+of+interesting+Covid19+related+stats/26374/ Adobe Patches Photoshop https://helpx.adobe.com/security/products/bridge/apsb20-44.html https://helpx.adobe.com/security/products/photoshop/apsb20-45.html Citrix Workspace App Vulnerability https://www.pentestpartners.com/security-blog/raining-system-shells-with-citrix-workspace-app/ Microsoft Publishes Sysinternals Procmon for Linux https://github.com/microsoft/ProcMon-for-Linux

Sextortion Follow the Money Wrapup https://isc.sans.edu/forums/diary/Sextortion+Update+The+Final+Final+Chapter/26334/ "BadPower" USB-C Charger Firmware Weakness (link in chinese) https://xlab.tencent.com/cn/2020/07/16/badpower/ Zoom Phishing https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/ Microsoft Office TLS 1.x Phaseout https://docs.microsoft.com/en-us/microsoft-365/compliance/prepare-tls-1.2-in-office-365?view=o365-worldwide