Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Critical Google Chrome Update Fixes Exploited Vulnerability https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/ rConfig Vulnerabilities https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/

Phishing Made Easy With EML Files and Outlook 365 https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/ Microsoft TLS Security Enhancements Lead to Timeouts https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or MESSAGETAP: Who's Reading Your Text Messages https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html Amazon Authentication Failure for 3rd Party Devices https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/

Apple Security Updates Details Released https://support.apple.com/en-us/HT201222 Untitled Goose Deserialization https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization Insecure Pagers Leak Medical Data https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/ Kibana Vulnerablity https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/

xHelper Android Malware https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware Counterstrike Game Keys Used for Money Laundry https://blog.counter-strike.net/index.php/2019/10/26113/ Greating PCAP Files From YAML https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/

PHP 7 Remote Code Execution Vulnerability Exploited https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/ https://github.com/neex/phuip-fpizdam Finding Shellcode with scdbg https://isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/ Apple iOS / tvOS / Safari Updates https://support.apple.com/en-us/HT201222 Sextortion Attempts Are Targeting Blogs https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/

Odd Double Base64 Endoded "BS_REAL_IP" Header https://isc.sans.edu/forums/diary/Unusual+Activity+with+Double+Base64+Encoding/25458/ DNS Archeology With PowerShell https://isc.sans.edu/forums/diary/More+on+DNS+Archeology+with+PowerShell/25452/ iOS Appstore Malware https://www.wandera.com/mobile-security/ios-trojan-malware/ British Law Enforcement Misses Malware Reports Due to Anti-Malware https://www.theregister.co.uk/2019/10/24/hmicfrs_report_cyber_crime/

XML External Entity Vuln in LSP4XML Affects Various Developer Tools https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true Google Chrome Will Make "SameSite" Default https://blog.chromium.org/2019/10/developers-get-ready-for-new.html Leftover Gigamon Configurations https://isc.sans.edu/forums/diary/Your+Supply+Chain+Doesnt+End+At+Receiving+How+Do+You+Decommission+Network+Equipment/25448/

FTC Issues SIM Swapping Guidance https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself Discord Used as Info Stealer Backdoor https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/ Cisco Exploit Code https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass Tails 4.0 Released https://tails.boum.org/news/version_4.0/index.en.html

Testing TLS 1.3 And Supported Ciphers https://isc.sans.edu/forums/diary/Testing+TLSv13+and+supported+ciphers/25442/ Google Chrome 78 Released https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html Firefox 70 Released https://www.mozilla.org/en-US/firefox/70.0/releasenotes/ Cache Poisoning DoS https://cpdos.org/

DNS over TLS Scans https://isc.sans.edu/forums/diary/Whats+up+with+TCP+853+DNS+over+TLS/25438/ NordVPN and Others Compromised https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/ https://twitter.com/hexdefined/status/1186106695073726466 Trend Micro Bypass http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-(ATTK)-REMOTE-CODE-EXECUTION.txt Realtek Linux Wifi Driver Buffer Overflow https://twitter.com/nicowaisman/status/1184864519316758535

Attacks Against NVMS-9000 DVR Web Vulnerability https://isc.sans.edu/forums/diary/Scanning+Activity+for+NVMS9000+Digital+Video+Recorder/25434/ Pixel 4 Face Unlock Works with Eyes Shut https://www.bbc.com/news/technology-50085630 Samsung Galaxy S10 Fingerprint Unlock Bug https://www.bbc.com/news/technology-50080586 Alexa/Google Home Phishing https://srlabs.de/bites/smart-spies/

Phishing E-Mail Spoofing SPF Protected Domain https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/ Purchased Domain Arrives with Paypal Accounts Linked to it https://www.theregister.co.uk/2019/10/17/paypal_account_domain/ Typosquatting Attacks Affect 2020 Presidential Election https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/ STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response https://www.sans.org/reading-room/whitepapers/detection/paper/39165

Oracle CPU https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Jackson-Databind Vulnerablity https://github.com/FasterXML/jackson-databind/issues/2387 VMWare Cloud Foundation and VMware Harbor Container Registry Patch https://www.vmware.com/security/advisories/VMSA-2019-0016.html Wordpress Update https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ Cryptominers Hiding in WAV Files https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html

Adobe Updates https://helpx.adobe.com/security.html Symantec BSOD https://support.symantec.com/us/en/article.TECH256643.html OSX/Shlayer Bypasses Gatekeeper/XProtect https://blog.confiant.com/osx-shlayer-new-shurprise-unveiling-osx-tarmac-f965a32de887 Fake iOS Jailbreak Leads to Clickfraud https://blog.talosintelligence.com/2019/10/checkrain-click-fraud.html

sudo vulnerability https://www.sudo.ws/alerts/minus_1_uid.html Apple Safebrowsing Controversy https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/ Streaming Service Tracking Behaviour https://www.princeton.edu/~pmittal/publications/tv-tracking-ccs19.pdf

YARA Update https://isc.sans.edu/forums/diary/YARA+v3110+released/25408/ Hacking Back Against Ransomware https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/ Fake Crypto Trading Software https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/

Mining Live Networks for OUI Data Oddness https://isc.sans.edu/forums/diary/Mining+Live+Networks+for+OUI+Data+Oddness/25404/ iTerm2 Vulnerability https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4 Apple Updater Exploited in Bitpaymer Campaign https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign

What Data Does Vidar Malware Steal https://isc.sans.edu/forums/diary/What+data+does+Vidar+malware+steal+from+an+infected+host/25398/ NTLM MIC Bypass https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/ Threats on Google Play https://news.drweb.com/show/review/?i=13446#google

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/ Android Update https://source.android.com/security/bulletin/2019-10-01 vBulletin Update https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2

Cloudflare Warp + NordVPN on iOS Leads to Traffic in the Clear https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ WhatsApp Bug https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ MacOS Catalina and Safari Update Released https://www.macrumors.com/2019/10/07/apple-releases-macos-catalina/ https://support.apple.com/en-us/HT201222 (nothing new yet) Magecart Still Going Strong https://www.theregister.co.uk/2019/10/04/magecart/ (original RiskIQ report requires Registration)