Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Atlasian Companion App / IBM Aspera Cloud https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/ https://confluence.atlassian.com/doc/administering-the-atlassian-companion-app-958456281.html https://twitter.com/tmslft/status/1202056063878606848?s=20 Fake Python Library in PyPi https://github.com/dateutil/dateutil/issues/984 GoAhead Web Server Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888

Avast Online Security and Avast Secure Browser Blocked for Spying on Users https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/ Google Android Updates https://source.android.com/security/bulletin/2019-12-01 Strandhogg Vulnerability https://promon.co/security-news/strandhogg/ Firefox 71 Released https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/

Increased Scans on Port 26 https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/ Recent Ursnif Malspam https://isc.sans.edu/forums/diary/Ursnif+infection+with+Dridex/25566/ Windows 7 Extended Security Updates https://www.microsoft.com/microsoft-365/partners/news/article/announcing-paid-windows-7-extended-security-updates QNAP Patches Photo Station https://www.qnap.com/en/security-advisory/nas-201911-25

Agent Tesla Malware Sample Analysis https://isc.sans.edu/forums/diary/Finding+an+Agent+Tesla+malware+sample/25554/ Search With SauronEye https://isc.sans.edu/forums/diary/ISC+Snapshot+Search+with+SauronEye/25558/ Splunk Y2K20 Patch https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020 Google TAG Quarterly Summary https://blog.google/technology/safety-security/threat-analysis-group/protecting-users-government-backed-hacking-and-disinformation/

Playing With Phishing https://isc.sans.edu/forums/diary/Lessons+learned+from+playing+a+willing+phish/25552/ HPE SSD Drives will Stop Working in 3 years https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us Malicious Android SDK Captures Social Media Data https://help.twitter.com/en/sdk-issue Kasperski API Exposed to Websites https://palant.de/2019/11/26/internal-kaspersky-api-exposed-to-websites/ Malicious Ad Statistics https://www.confiant.com/Demand-Quality-Report-Q3-2019

DNS over HTTPS (DoH) in SOHO Networks https://isc.sans.edu/forums/diary/My+Little+DoH+Setup/25548/ Fortinet Weak Crypto https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/ Tracking Web Users via DNS https://github.com/uBlockOrigin/uBlock-issues/issues/780

Web Filter Misconfiguration Abused for Recognisance https://isc.sans.edu/forums/diary/Abusing+Web+Filters+Misconfiguration+for+Reconnaissance/25538/ Local Malware Analysis with Malice https://isc.sans.edu/forums/diary/Local+Malware+Analysis+with+Malice/25544/ Multiple Vulnerabilities in VNC https://www.kaspersky.com/blog/vnc-vulnerabilities/31462/

Weaknesses in Memory Encryption Solutions https://arxiv.org/abs/1908.11680 GetMonero Wallet Compromised https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html RIPlace Ransomware Detection Bypass https://www.nyotron.com/blog/nyotron-discovers-potentially-unstoppable-ransomware-evasion-technique-riplace/ Microsoft Office Remote Content Triggers in Preview Pane https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386

Latest Hancitor Malspam Update https://isc.sans.edu/forums/diary/Hancitor+infection+with+Pony+Evil+Pony+Ursnif+and+Cobalt+Strike/25532/ Oracle Payday Vulnerabilities Exploited https://www.onapsis.com/blog/oracle-payday-vulnerabilities Google Chrome Update https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html NSA Publishes Guide About the Risks of Inspecting TLS https://media.defense.gov/2019/Nov/18/2002212783/-1/-1/0/MANAGING%20RISK%20FROM%20TLS%20INSPECTION_20191106.PDF Unbound Command Execution Vulnerability https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module

JAWS DVR Bot https://isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/ TianFu Cup https://twitter.com/TianfuCup Microsoft Access Hotfix https://support.microsoft.com/en-us/help/4484198/november-18-2019-update-for-office-2016-kb4484198 Windows 10 DNS over HTTPS https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-will-improve-user-privacy-with-DNS-over-HTTPS/ba-p/1014229 Android Camera Permission Mixup https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera

Carriers Filter SMS Messages Sent By Applications https://isc.sans.edu/forums/diary/SMS+and+2FA+Another+Reason+to+Move+away+from+It/25526/ Intel Removing BIOS Downloads for EOL Hardware https://www.vogons.org/viewtopic.php?f=46&t=69184 https://news.ycombinator.com/item?id=21563309 Outlook 365 Remains Top Phishing Target https://info.phishlabs.com/blog/active-office-365-phishing-campaign-targeting-admin-credentials

TPM Fail Update https://downloadcenter.intel.com/download/28632 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html Office November Update Issues https://borncity.com/win/2019/11/13/office-november-2019-updates-are-causing-access-error-3340/ WhatsApp Stack Based Buffer Overflow https://nvd.nist.gov/vuln/detail/CVE-2019-11931 Android Qualcom Data Exfiltration Bug https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/ Nextcloud Ransomware NextCry https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

LokiBot Update (November 2019) https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/ Some Packet-Fu with Zeek https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/ TPM Leaks http://tpm.fail/ Zombieload 2.0 Vulnerability https://zombieloadattack.com/

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2019+Microsoft+Patch+Tuesday/25516/ Adobe Update https://helpx.adobe.com/security.html Facebook Camera Bug https://www.cnet.com/news/facebook-bug-has-camera-activated-while-people-are-using-the-app McAfee Anti Virus Bypass and Persistance https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648

Are We Going Back to TheMoon And How is Liquor Involved https://isc.sans.edu/forums/diary/Are+We+Going+Back+to+TheMoon+and+How+is+Liquor+Involved/25512/ New Update for Magento Shopping Cart https://magento.com/security/patches/latest-magento-security-update-helps-protect-recently-reported-rce-vulnerability https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update ZoneAlarm vBulletin Forum Breached https://thehackernews.com/2019/11/zonealarm-forum-data-breach.html CSS Injection in Slack to Log Keystrokes https://fletchto99.dev/2019/november/slack-vulnerability/

Microsoft Applications Diverted from Their Main Use https://isc.sans.edu/forums/diary/Microsoft+Apps+Diverted+from+Their+Main+Use/25502/ Did Bluekeep Malware Afect Patching https://isc.sans.edu/forums/diary/Did+the+recent+malicious+BlueKeep+campaign+have+any+positive+impact+when+it+comes+to+patching/25506/ Pwn2Own Summary https://www.zerodayinitiative.com/blog/2019/11/7/pwn2own-tokyo-2019-day-two-final-results State of Javascript Framework Security https://snyk.io/wp-content/uploads/snyk-javascript_report_2019.pdf DShield/ISC Honeypot Update https://isc.sans.edu/honeypot.html

Adobe Mobile SDK Update Fixes TLS Defaults https://wwws.nightwatchcybersecurity.com/2019/11/06/insecure-defaults-in-adobes-mobile-sdks/ QNAP Updates QSnatch Advisory https://www.qnap.com/en/security-advisory/nas-201911-01 Double Loaded ZIP Files Delivery Malware https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/ Ring Video Doorbell Leaks Wifi Password https://labs.bitdefender.com/2019/11/ring-video-doorbell-pro-under-the-scope/

Google Improving PlayStore Security With Partners https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html Xen Security Advisories https://xenbits.xen.org/xsa/ npcap pool corruption vulnerability https://github.com/nmap/nmap/issues/1568 TrendMicro Employee Selling Customer Data to Tech Support Scammers https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/ SANS Security Awareness Newsletter https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1

Formbook Malspam https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/ Honeypot Update https://github.com/DShield-ISC/dshield Office on Mac XLM Macros https://kb.cert.org/vuls/id/125336/ Firefox Browser Lock Bug Exploited https://bugzilla.mozilla.org/show_bug.cgi?id=1593795 libarchive use after free vulnerability https://medium.com/@social_62682/new-libarchive-use-after-free-vulnerability-36c4b141fe89

Clam AV Vulnerability https://twitter.com/hackerfantastic/status/1190685521153937408 https://pastebin.com/cfP7X89m XCode Vulnerability https://support.apple.com/en-is/HT210729 MikroTik DNS Cache Poisoning https://blog.mikrotik.com/security/dns-cache-poisoning-vulnerability.html