Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Malware Using Text from Impeachment News Coverage https://www.bleepingcomputer.com/news/security/malware-tries-to-trump-security-software-with-potus-impeachment/ Coronavirus Themed Malware Targets Japan with Emotet https://twitter.com/Cryptolaemus1/status/1222388971428294656 https://exchange.xforce.ibmcloud.com/collection/18f373debc38779065a26f1958dc260b abuse.ch Offers new "I got phished" service https://igotphished.abuse.ch/ OpenSMTPD RCE Vulnerability https://www.openwall.com/lists/oss-security/2020/01/28/3

Recent Emotet Infection installs Trickbot https://isc.sans.edu/forums/diary/Emotet+epoch+1+infection+with+Trickbot+gtag+mor84/25752/ Apple Updates https://support.apple.com/en-us/HT201222 Zoom Fixes Video Conferencing Brute Forcing Vulnerability https://www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/ Intel Fixes Yet Another Information Leakage Flaw https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html https://cacheoutattack.com/ Avast Anti Virus Selling User's Browsing Data https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation

Coronavirus Preparedness and Associated Scams https://isc.sans.edu/forums/diary/Network+Security+Perspective+on+Coronavirus+Preparedness/25750/ RD Gateway RCE Exploit Demoed https://twitter.com/layle_ctf/status/1221514332049113095?s=12 Mitsubishi Electric Compromised via Trend Micro Vulnerability http://www.mitsubishielectric.co.jp/news/2020/0120-b.pdf https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/

Citrix Releases ADC Updates For All Versions https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/ Temporary Windows 0-Day Fix Breaks Printers https://www.reddit.com/r/sysadmin/comments/etumy7/microsoft_ie_zeroday_fix_breaks_hp_printing/ Critical Vulnerabilitiesin GE Medical Devices https://www.us-cert.gov/ics/advisories/icsma-20-023-01

Simple vs. Complex Obfuscation https://isc.sans.edu/forums/diary/Complex+Obfuscation+VS+Simple+Trick/25738/ RD Gateway PoC Exploit Release https://github.com/ollypwn/BlueGate Citrix ADC Compromise Scanner https://github.com/citrix/ioc-scanner-CVE-2019-19781/ LastPass Accidentially Removes Extension from Chrome Web Store https://twitter.com/LastPassStatus/status/1220122561989640192

German Malspam Pushing Ursnif https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/ Tracking Users Using Safari's Intelligent Tracking Prevention https://arxiv.org/pdf/2001.07421.pdf Muhstik Botnet Targeting Tomato Routers https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/ Cisco Firepower Management Center LDAP Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth

DeepBlueCLI https://isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/ https://github.com/sans-blue-team/DeepBlueCLI EFS Ransomware https://safebreach.com/Post/EFS-Ransomware Fake Leak Compensation https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/ Criminals Use Fake Job Sites to Defraud Victims https://www.ic3.gov/media/2020/200121.aspx

Twist on Sextortion https://www.dailymail.co.uk/sciencetech/article-7886055/Sextortion-campaign-targets-users-Google-Nest-smart-camera.html Emotet Uses Extortion to Infect Systems https://www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/ Lastpass Outage https://www.theregister.co.uk/2020/01/20/lastpass_outage/ Netgear Signed TLS Cert Private Key Disclosure https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9

Microsoft Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001 CVE-2020-0601 Update https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/ Curveball Update https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/ https://isc.sans.edu/diary//25724

CVE-2020-0601 Update ("Curveball" , "Letsdecrypt") https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/ https://curveballtest.com Certain Netscaler Devices Do Not Support Mitigation (article in dutch) https://www.ncsc.nl/actueel/nieuws/2020/januari/16/door-citrix-geadviseerde-mitigerende-maatregelen-niet-altijd-effectief Cable Haunt Vulnerability https://cablehaunt.com/ STI Student Interview: Jon Michael Lacek https://www.sans.org/reading-room/whitepapers/securecode/changing-devops-culture-security-scan-time-39125

CVE-2020-0601 Followup https://isc.sans.edu/forums/diary/CVE20200601+Followup/25714/ Oracle Patches https://www.oracle.com/security-alerts/cpujan2020.html

Microsoft January 2020 Patch Tuesday and #CryptoAPI Flaw Webcast: https://sans.org/cryptoapi-isc Diary: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/ NSA Release: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

Upcoming Critical MSFT Patch https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ SIM Swapping is Easy https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf Google Open Sources wombat dressing room npm publication proxy https://opensource.googleblog.com/2020/01/wombat-dressing-room-npm-publication_10.html

Citrix ADC Vulnerability Actively Exploited. Assume vulnerable systems are compromised. Updated Citrix Advisory: https://support.citrix.com/article/CTX267027 Exploit Activity Summary: https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/ Vulnerablity Scanner: https://github.com/trustedsec/cve-2019-19781/ Special Webcast: https://i5c.us/citrix YouTube Walk Through of the vulnerability: https://youtu.be/msslpqyf98c

Another Malicious Word Document https://isc.sans.edu/forums/diary/Quick+Analyzis+of+another+Maldoc/25694/ SHA1 Update https://sha-mbles.github.io/ Cisco Updates https://tools.cisco.com/security/center/publicationListing.x Mandy Galante: Girls Go Cyberstart (register now. Play Jan 13th-31st) https://www.girlsgocyberstart.org/

Critical Firefox Update Fixing Exploited Bug https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ 3 Google Play Store Apps Exploit Android Zero-Day https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/ Tails 4.2 https://tails.boum.org/news/version_4.2/index.en.html TikTok Vulnerablities https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/

Citrix ADC Update https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/ Pulse Secure SSLVPN Exploited https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/ https://www.darkreading.com/attacks-breaches/widely-known-flaw-in-pulse-secure-vpn-being-used-in-ransomware-attacks/d/d-id/1336729 Google Project Zero Changing Disclosure Policy https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html Google Updates Android https://source.android.com/security/bulletin/2020-01-01

Spoofed Scans from 103/8 https://isc.sans.edu/forums/diary/Increase+in+Number+of+Sources+January+3rd+and+4th+spoofed/25678/ Iran Terror Threat https://www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf BusKill Laptop Kill Cord https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/

Quick Summary of the California Conumser Privacy Act https://isc.sans.edu/forums/diary/CCPA+Quick+Overview/25668/ Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x XiaoMi Camera Cache Bug https://www.reddit.com/r/googlehome/comments/eine1m/when_i_load_the_xiaomi_camera_in_my_google_home/

Ransomware written in JavaScript using Node.js https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/ Landry Restaurant PoS Breach https://www.landrysinc.com/CreditNotice/CANotice.asp Holiday Hack Challenge https://www.holidayhackchallenge.com Citrix/NetScaler Vulnerability Special Webcast Recording https://i5c.us/citrix