Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

iOS Mail 0Day https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/ Zoom 5 To Be Released Shortly Addressing Encryption Issues https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/ OpenSSL Fixes DOS Flaw https://www.openssl.org/news/secadv/20200421.txt

SpectX: Log Parser for DFIR https://isc.sans.edu/forums/diary/SpectX+Log+Parser+for+DFIR/26040/ Microsoft Patches Autodesk Library in Office https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004 Stripe Data Collection https://mtlynch.io/stripe-recording-its-customers/ IBM Data Risk Manager Vulnerabilities https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md

KPOT AutoIt Script: Analysis https://isc.sans.edu/forums/diary/KPOT+AutoIt+Script+Analysis/26012/ FPGA Vulnerablity https://www.usenix.org/conference/usenixsecurity20/presentation/ender Nagios XI Vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/179406

Weaponized RTF Document Generator Mailer in PowerShell https://isc.sans.edu/forums/diary/Weaponized+RTF+Document+Generator+Mailer+in+PowerShell/26030/ Microsoft Fixes Bad Anti-Malware Signatures https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes Sophos Pulls Bad Firmware Update https://community.sophos.com/kb/en-us/135383 Credentials Stolen from Pulse Secure VPN Abused https://www.us-cert.gov/ncas/alerts/aa20-107a Chrome Update https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html

Applocker vs. Living off the Land Attacks https://isc.sans.edu/forums/diary/Using+AppLocker+to+Prevent+Living+off+the+Land+Attacks/26032/ Netlink GPON 0-Day https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/ Windows Security Crashing After Definition Update https://www.askwoody.com/2020/reports-of-windows-security-nee-microsoft-security-essentials-crashing-after-installing-this-mornings-definition-updates/ 700 Malicious Ruby Gems Found https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html vCenter Exploit for CVE-2020-3952 https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/

Hunting Without IOCs https://isc.sans.edu/forums/diary/No+IOCs+No+Problem+Getting+a+Start+Hunting+for+Malicious+Office+Files/26026/ Cloudflare/Online Banking Outages https://twitter.com/eastdakota/status/1250520852354854912 Crypto Currency Stealing Browser Extensions https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2020+Patch+Tuesday/26022/ Adobe Security Bulletins https://helpx.adobe.com/security.html Microsoft Extending EOL For Windows 10 1709/1809 https://support.microsoft.com/en-us/help/4557164/lifecycle-changes-to-end-of-support-and-servicing-dates Dell Safe BIOS https://blog.dellemc.com/en-us/dell-technologies-bolsters-pc-security-todays-remote-workers/

Comparing the same Phishing Campaign 3 Months Appart https://isc.sans.edu/forums/diary/Look+at+the+same+phishing+campaign+3+months+apart/26018/ Setting 3D Printers On Fire https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats Junos OS: vMX Default Credentials https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10998 DNS is Changing: So What? (@Mic Webinar) https://www.sans.org/webcasts/113635

Dynamic Analysis Technique to Get Decrypted KPOT Malware https://isc.sans.edu/forums/diary/Reader+Analysis+Dynamic+analysis+technique+to+get+decrypted+KPOT+Malware/26010/ VMWare vCenter Server Vulnerability https://www.vmware.com/security/advisories/VMSA-2020-0006.html Sodinokibi Ransomware Switching to Monero https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/ Malware Impersonates Security Researchers https://www.bleepingcomputer.com/news/security/new-wiper-malware-impersonates-security-researchers-as-prank/

Spoofing OS Fingerprints https://isc.sans.edu/forums/diary/Performing+deception+to+OS+Fingerprint+Part+1+nmap/25960/ Dell iDRAC Patch https://www.dell.com/support/article/de-de/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en VISA Ends Magento 1 Support https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/acquirer-advisory-magento-migration.pdf Slack WebRTC TURN Compromise https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/ COVID 19 Domain Classifier https://isc.sans.edu/covidclassifier.html

German Malspam Pushes ZLoader Malware; Decrypting HTTPs https://isc.sans.edu/forums/diary/German+malspam+pushes+ZLoader+malware/25996/ Microsoft Purchases Corp.com https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/ Microsoft Delaying Removal of Basic Authentiation from Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508 Dark Nexus Botnet https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf

RDP Scanning Increase https://isc.sans.edu/forums/diary/Increase+in+RDP+Scanning/25994/ Atlassian Advices Users To Secure Jira Service Desk https://community.atlassian.com/t5/Jira-Service-Desk-articles/Tips-for-setting-customer-permissions-in-Jira-Service-Desk/ba-p/1340617 Android Updates https://support.google.com/pixelphone/thread/38337876

ROSTELECOM Reroutes Traffic for Multiple Cloud Providers https://twitter.com/bgpmon/status/1246842916502302723 https://bgpstream.com/event/230837 Vuln Cost Security Scanner for VS Code https://snyk.io/security-scanner-vuln-cost/ Microsoft Exchange Server Vulnerability still not Patched https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/ Fake Zoom Installer https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/

New Bypass Technique or Corrupt Word Document https://isc.sans.edu/forums/diary/New+Bypass+Technique+or+Corrupt+Word+Document/25984/ CitizenLab Analyzes Zoom Encryption https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/ https://www.sans.org/webcasts/zomg-its-zoom-114670 Mozilla Patches Critical Firefox Flaws https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/ Malicious JavaScript injected into Discord https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/

Twitter Cache Bug in Firefox https://privacy.twitter.com/en/blog/2020/data-cache-firefox MS-SQL Server Attack https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/ More Zoom Vulnerabilities https://objective-see.com/blog/blog_0x56.html Covid-19 Economic Impact Payments Scams https://www.justice.gov/usao-edky/press-release/file/1265371/download Safari Camera Access Bug https://www.ryanpickren.com/webcam-hacking-overview

Quakbot Malspam Sent From an Infected Windows Host https://isc.sans.edu/forums/diary/Qakbot+malspam+sent+from+an+infected+Windows+host/25972/ TPOT Cowrie to ISC Logs https://isc.sans.edu/forums/diary/TPOTs+Cowrie+to+ISC+Logs/25976/ SSH Issues After MacOS Update https://feed.tyler.io/so-uh-i-think-catalina-10154-broke-ssh/ Cloudflare DNS For Families https://blog.cloudflare.com/introducing-1-1-1-1-for-families/ Zoom Leaks Windows Password Hashes via UNC Links https://twitter.com/hackerfantastic/status/1245133371262619654

Kwampirs Update https://isc.sans.edu/forums/diary/Kwampirs+Targeted+Attacks+Involving+Healthcare+Sector/25968/ Exposed RDP https://blog.shodan.io/trends-in-internet-exposure/ D-Link DSL-2640B Vulnerability https://raelize.com/posts/d-link-dsl-2640b-security-advisories/ SMB 3.1.1 (CVE-2020-0796) Local Privilege Escalation Exploit https://github.com/danigargu/CVE-2020-0796

Crashing Windows Explorer Without a Click https://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/ Zoom Privacy Policy https://blogs.harvard.edu/doc/2020/03/27/zoom/ Zoom Bombing https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic Zoom Related Domains Used for Phishing https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/

Covid19 Domain Classifier https://isc.sans.edu/covidclassifier.html https://www.youtube.com/watch?v=yNIlyJ3gI-4 Attackers Mail Malicious USB Drives and Teddy Bears https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/ HongKong News Sites Used to Install Malware on iOS Devices https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/

Very Large Sample as an Obfuscation Technique https://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/ iOS VPN Bypass https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/ Free Covid19 Domain List https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats Linux Rubber Ducky Protection https://opensource.googleblog.com/2020/03/usb-keystroke-injection-protection.html