Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Broken Phishing Accidentially Exploiting Outlook Zero-Day https://isc.sans.edu/forums/diary/Broken+phishing+accidentally+exploiting+Outlook+zeroday/26254/ Webcast: https://www.sans.org/webcasts/sansatmic-catch-release-phishing-techniques-good-guys-115430 Cisco Updates Treck IP Stack: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC All Advisories: https://tools.cisco.com/security/center/publicationListing.x Netgear httpd Firmware Upload Stack-based Buffer Overflow RCE Vulnerability https://blog.grimm-co.com/2020/06/soho-device-exploitation.html Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935

Odd Protest Spam (Scam?) Targeting Atlanta Police Foundation https://isc.sans.edu/forums/diary/Odd+Protest+Spam+Scam+Targeting+Atlanta+Police+Foundation/26248/ Zoom Publishes End-to-End Encryption Whitepaper https://github.com/zoom/zoom-e2e-whitepaper Linux ACPI Bug Defeats UEFI Secure Boot https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935

Sextortion to the Next Level https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/ TMobile Outage Due to Configuration Error https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/ Vulnerability Analysis of 2500 Docker Hub Images https://arxiv.org/pdf/2006.02932.pdf Track IP Stack Contains Multiple Vulnerabilities https://www.kb.cert.org/vuls/id/257161

HTML Based Phishing Run https://isc.sans.edu/forums/diary/HTML+based+Phishing+Run/26242/ Major T-Mobile Outage (may affect other carriers as well) https://twitter.com/NevilleRay/status/1272650750665953280 https://status.duo.com/incidents/txv7kq6tr0h8 Vulnerabilities in LTE and 5G Networks https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf SANSFIRE Handler Talks Xavier Mertens: https://www.sans.org/webcasts/sansatmic-walk-logs-hell-115420 Bojan Zdrnja: https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerHTML Phishing

Fileless Excel Malware https://isc.sans.edu/forums/diary/Malicious+Excel+Delivering+Fileless+Payload/26232/ Windows Update Issues https://support.microsoft.com/en-us/help/4566779/usb-printer-port-missing-after-disconnecting-printer-while-windows-10 https://answers.microsoft.com/en-us/windows/forum/all/cumulative-updates-june-9th-2020/45a8a7f3-cb89-459e-acf1-32d9de15c099 Privnote.com Phishing https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/ SANS @Mic Talk: ISC Handler Bojan Zdrnja https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerabilities-115425

Anti-Debugging JavaScript Techniques https://isc.sans.edu/forums/diary/AntiDebugging+JavaScript+Techniques/26228/ Facebook Messenger Desktop App Vulnerability https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/ Outlook Massmailing Macros https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/ STI Student Research: Dennis Taggard; Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative? Paper: https://www.sans.org/reading-room/whitepapers/cloud/ebb-flow-network-flow-logging-staple-public-cloud-visibility-waning-imperative-39580 Video: https://youtu.be/faoFx7Q3_aM

Job Application Themed Malspam Pushes ZLoader https://isc.sans.edu/forums/diary/Job+applicationthemed+malspam+pushes+ZLoader/26222/ More Expiring Root CAs https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/ Black Lives Matter Themed Malware https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/

Microsoft Patch Day https://isc.sans.edu/forums/diary/Microsoft+June+2020+Patch+Tuesday/26220/ SMBleed https://github.com/ZecOps/CVE-2020-1206-POC Adobe Patches https://helpx.adobe.com/security.html Intel Patch Day https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/?linkId=100000012832617

Translating BASE64 Obfuscated Scripts https://isc.sans.edu/forums/diary/Translating+BASE64+Obfuscated+Scripts/26214/ Fake Ransomware Decryptor https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/ GNUTLS TLS 1.3 Machine in the Middle https://gitlab.com/gnutls/gnutls/-/issues/1011 CallStranger UPNP Vulnerability https://callstranger.com/ Shellcode Analysis 101 https://www.sans.org/webcasts/sansatmic-shellcode-analysis-101-114160

PHP FastCGI Attacks https://isc.sans.edu/forums/diary/Not+so+FastCGI/26208/ Protest Cybersecurity https://isc.sans.edu/forums/diary/Cyber+Security+for+Protests/26210/ uBlock Origin Blocks Portscans https://www.bleepingcomputer.com/news/security/ublock-origin-ad-blocker-now-blocks-port-scans-on-most-sites/ QNAP Vulnerability https://www.qnap.com/en/security-advisory/qsa-20-01

Anti-Debugging Technique Based on Memory Protection https://isc.sans.edu/forums/diary/AntiDebugging+Technique+based+on+Memory+Protection/26200/ Suspending Suspicious Domain Feed/Update to Researcher IP Feed https://isc.sans.edu/forums/diary/Suspending+Suspicious+Domain+Feed+Update+to+Researcher+IP+Feed/26204/ Bank Transaction Comments Used for Abusive Messages https://www.theregister.com/2020/06/04/commonwealth_bank_bans_indecent_transaction_descriptions/ Android Security Bulletin https://source.android.com/security/bulletin/2020-06-01 Android Wallpaper Crash https://www.androidauthority.com/android-wallpaper-crash-1124577/ STI Research Paper: Janusz Pazgier; Efficacy of UNIX HIDS https://www.sans.org/reading-room/whitepapers/detection/efficacy-unix-hids-39565

Polish Malspam Pushes ZLoader Malware https://isc.sans.edu/forums/diary/Polish+malspam+pushes+ZLoader+malware/26196/ Cisco Patches IP-in-IP Flaw https://securityaffairs.co/wordpress/104192/security/ip-in-ip-flaw-cisco.html Zoom Fixes Two Critical Flaws https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html Firefox Disables Automatic DNS over HTTPS Selection to Prevent DDoS https://www.mozilla.org/en-US/firefox/77.0.1/releasenotes/

Type 2 Strackstrings https://isc.sans.edu/forums/diary/Stackstrings+type+2/26192/ More Details About AddTrust External CA Root Expiration https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration VMWare Cloud Director Vulnerability and Exploit https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/

Apple Patches Unc0ver https://support.apple.com/en-us/HT201222 Office 365 Adds Details About Malicious E-Mail Attachments https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=64570 Impact of Research on Our Data https://isc.sans.edu/forums/diary/The+Impact+of+Researchers+on+Our+Data/26182/

Sectigo AddTrust CA Expired https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 Critical Sign In With Apple Flaw https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/ DABANGG: Refined Flush Based Cache Attacks https://www.cse.iitk.ac.in/users/biswap/DABANGG.pdf New Website Explaining FIDO https://loginwithfido.com/

USBFuzz Finds Numerous USB Flaws https://www.nebelwelt.net/files/20SEC3.pdf Cisco Products Vulnerable to Saltstack Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG Another Nail in the Coffin for SHA-1 https://eprint.iacr.org/2020/014.pdf STI Student: Andy Piazza; Qualifying Threat Actor Assessments https://www.sans.org/reading-room/whitepapers/threatintelligence/paper/39585

Phishing With Google Cloud https://isc.sans.edu/forums/diary/Frankensteins+phishing+using+Google+Cloud+Storage/26174/ Trend Micro AntiVirus Blocked by Microsoft https://billdemirkapi.me/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/ Netgear Nighthawk Firmware Update Vulnerability https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/

Where is SHA3 https://isc.sans.edu/forums/diary/Seriously+SHA3+where+art+thou/26170/ Apple Updates https://support.apple.com/en-us/HT201222 Google ZDI Releases Details Regarding Unpatched Windows Vulnerabilities https://www.zerodayinitiative.com/advisories/ZDI-20-666/ https://www.zerodayinitiative.com/advisories/ZDI-20-665/ https://www.zerodayinitiative.com/advisories/ZDI-20-663/ https://www.zerodayinitiative.com/advisories/ZDI-20-662/ https://www.zerodayinitiative.com/advisories/ZDI-20-664/ Research into Phish Detection https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c3986af5

Malicious PowerPoint Add-Ins Deliver Malware https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Virtual Machine Delivers Malware https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/ iOS Patch Analysis https://blog.zecops.com/vulnerabilities/hidden-demons-maildemon-patch-analysis-ios-13-4-5-beta-vs-ios-13-5/ eBay Port Scanning https://www.ghacks.net/2020/05/25/ebay-is-port-scanning-your-system-when-you-load-the-webpage/ iPhone Jailbreak https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html SANSFIRE https://isc.sans.edu/sansfire

Malware Triage with FLOSS: API Calls Based Behavior https://isc.sans.edu/forums/diary/Malware+Triage+with+FLOSS+API+Calls+Based+Behavior/26156/ Verizon Breach Report https://enterprise.verizon.com/resources/reports/dbir/ Apple Updates https://support.apple.com/en-us/HT201222 Sophos Firewall Vulnerability Exploit https://news.sophos.com/en-us/2020/05/21/asnarok2/