Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Dridex Update https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/ Covid-19 Ransom https://twitter.com/johullrich/status/1242983197555789824 HP Enterprise SSD Firmware Bug https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00097382en_us Fake Google Chrome Update https://news.drweb.com/show/?i=13746&lng=en TrickBot Pushing a 2FA Bypass App in Germany https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/

Updated Microsoft Advisory 200006 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006 Memcached Denial of Service Vulnerability https://github.com/memcached/memcached/issues/629 Adobe Creative Cloud Desktop Application Patches https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html Microsoft Pausing Cumulative Updates Starting May https://docs.microsoft.com/en-us/windows/release-information/windows-message-center#405 Apple Security Patches https://support.apple.com/en-us/HT201222 OpenWRT Vulnerability Fixed https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html

Windows Font Parsing 0-Day https://isc.sans.edu/forums/diary/Windows+Zeroday+Actively+Exploited+Type+1+Font+Parsing+Remote+Code+Execution+Vulnerability/25936/ Covid-19 Malware Summary https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs Firefox Turns TLS 1.0/1.1 Back on https://www.mozilla.org/en-US/firefox/74.0/releasenotes/

More Covid19 Malware https://isc.sans.edu/forums/diary/More+COVID19+Themed+Malware/25930/ Working Exploit for the Kr00k Wifi Exploit https://hexway.io/research/r00kie-kr00kie/ ZDI Pwn2Own Results https://www.zerodayinitiative.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results

COVID-19 Themed Multistage Malware https://isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/ Cisco SD-WAN Patches https://tools.cisco.com/security/center/publicationListing.x oPatch Selling Patches for Windows 7 https://twitter.com/0patch/status/1240602635205586945 LDAPFragger: Bypassing network restrictions using LDAP attributes https://research.nccgroup.com/2020/03/19/ldapfragger-bypassing-network-restrictions-using-ldap-attributes/

TrendMicro Update https://success.trendmicro.com/solution/000245571 More VMWare Updates https://www.vmware.com/security/advisories/VMSA-2020-0005.html EnigmaSpark Malware https://securityintelligence.com/posts/EnigmaSpark-Politically-Themed-Cyber-Activity-Highlights-Regional-Opposition-to-Middle-East-Peace-Plan/ Recent Ransomware Trends https://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html

A Quick Summary of Current Reflective DNS DDoS Attacks https://isc.sans.edu/forums/diary/A+Quick+Summary+of+Current+Reflective+DNS+DDoS+Attacks/25916/ Trickbot gtag red5 distributed as DLL File https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/ Is Cryptojacking Dead after Coinhive Shutdown https://arxiv.org/pdf/2001.02975.pdf Adobe Patches https://helpx.adobe.com/security/products/acrobat/apsb20-13.html

Desktop.ini as a post-exploitation tool https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/ VMWAre Workstatation/Fusion Update https://www.vmware.com/security/advisories/VMSA-2020-0004.html Blackwater Malware Abuses Cloudflare Workers https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/ tcpdump Heap Based Buffer Over-Read https://nvd.nist.gov/vuln/detail/CVE-2018-19325 Slack Account Takevoer Bug https://hackerone.com/reports/737140

Phishing PDFs With Incremental Updates https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/ VPN Access and Active Monitoring https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/ Capturing Invalid Ethernet Frames https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/ Cookiethief Android Cookie Stealing Malware https://securelist.com/cookiethief/96332/ SANS Security Awareness Deployment Kit for Securing Your Workforce at Home https://www.sans.org/webcasts/113875

Microsoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 Hancitor Distributed Through Coronavirus-Themed Malspam https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/ Avast Removes Vulnerable JavaScript Emulator From Products https://github.com/taviso/avscript Checkra1n Exploit Works Against T2 Equipped Macs https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/

Mystery SMB3 Flaw Update https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/ COVID19 Malware https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/ Agent Tesla Spread by Fake Canon EOS Notification Email https://isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/

Microsoft Patch Tuesday https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005 https://isc.sans.edu/diary.html?storyid=25886

Malicious Spreadsheet With Data Connection and Excel 4 Macros https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/ Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors https://mlq.me/download/takeaway.pdf https://www.amd.com/en/corporate/product-security Google Play Store Protect Fails Security Test https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/

Excel Maldocs: Hidden Sheets https://isc.sans.edu/forums/diary/Excel+Maldocs+Hidden+Sheets/25876/ Wireshark 3.2.2. Released https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html Linux PPP Vulnerability https://www.kb.cert.org/vuls/id/782301/ NordVPN Vulnerablity https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/ Unpatched Android Devices https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/

Survey Phish https://isc.sans.edu/forums/diary/Will+You+Put+Your+Password+in+a+Survey/25866/ Healthcare.gov Sending E-Mail Looking Like Phishing https://twitter.com/johullrich/status/1235740586717720577 Intel x86 Root of Trust: Loss of Trust https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html Let's Encrypt Revises Revokation Plan https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/2 Trust Me, I'm Certified Podcast https://www.giac.org/podcasts

MSFT Subdomain Takeover https://vullnerability.com/blog/microsoft-subdomain-account-takeover Homoglyph Attacks in the News Again https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day Coronavirus Phish https://twitter.com/JCyberSec_/status/1234806881195044865

Introduction to EvtxEcmd (Evtx Explorer) https://isc.sans.edu/forums/diary/Introduction+to+EvtxEcmd+Evtx+Explorer/25858/ Let's Encrypt Revoking Certificates https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864 Using Smart Devices in the Home Securely (NCSC Version) https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home Ransomware and Cloud Backups https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/ SANS Coronavirus Training Guarantee https://www.sans.org/training-guarantee

SSL Distribution by Country https://isc.sans.edu/forums/diary/Secure+vs+cleartext+protocols+couple+of+interesting+stats/25854/ Checkpoint Evasion Encyclopedia https://research.checkpoint.com/2020/cpr-evasion-encyclopedia-the-check-point-evasion-repository/ OWASP Threat Dragon https://github.com/mike-goodwin/owasp-threat-dragon-desktop SANS Free Things https://sans.org/free

Show me Your Clipboard Data! https://isc.sans.edu/forums/diary/Show+me+Your+Clipboard+Data/25846/ Hazelcast IMDB Discover Scan https://isc.sans.edu/forums/diary/Hazelcast+IMDG+Discover+Scan/25850/ Microsoft Exchange Server Vulnerabilty Scans https://twitter.com/GossiTheDog/status/1232369036438233088 Tomcat Ghostcat Vulnerability https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E

Ultrasonic Triggers for Cellphone Assistants. https://source.wustl.edu/2020/02/surfing-attack-hacks-siri-google-with-ultrasonic-waves/ Comparing Information Leakage from Different Browsers https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf Cloud Snooper Attack https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/