Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Sandbox Escaper Publishes Additional CVE-2019-0841 Bypass http://archive.is/3toQY http://sandboxescaper.blogspot.com/p/disclosures_8.html Bypassing NTLM Message Signing (CVE-2019-1040) https://blog.preempt.com/drop-the-mic Details About macOS Keysteal Vulnerability https://www.pinauten.de/resources/KeySteal_OBTS_2019.pdf

Microsoft Patches https://isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/ Adobe Patches https://helpx.adobe.com/security.html SAP Security Notes https://www.onapsis.com/blog/sap-patch-notes-june-2019 Intel Updates https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products Microsoft Certificate DoS https://bugs.chromium.org/p/project-zero/issues/detail?id=1804 GPS Receiver Woes https://www.flightglobal.com/news/articles/collins-gps-outage-grounds-regional-flights-458819/ RAMBleed Attack https://www.documentcloud.org/documents/6150180-RamBleed-attack-CVE-2019-0174.html

Interesting JavaScript Obfuscation Example https://isc.sans.edu/forums/diary/Interesting+JavaScript+Obfuscation+Example/25020/ Spam Taking Advantage of DNS over HTTPS https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/ European Mobile Operator Traffic Leaked to China https://arstechnica.com/information-technology/2019/06/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours/?comments=1 VLC Update Patches Various Security Flaws http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security

Keep An Eye On Your WMI Logs https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+WMI+Logs/25012/ Sysmon DNS Query Logging https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/ Komodo Agama Vulnerability and Breach https://komodoplatform.com/update-agama-vulnerability/ Lessons Learned From Microsoft SOC https://www.microsoft.com/security/blog/2019/06/06/lessons-learned-from-the-microsoft-soc-part-2b-career-paths-and-readiness/

GoldBrute Botnet Brute Forcing RDP https://isc.sans.edu/forums/diary/GoldBrute+Botnet+Brute+Forcing+15+Million+RDP+Servers/25002/ Exim Vulnerability https://isc.sans.edu/forums/diary/Time+is+partially+on+our+side+the+new+Exim+vulnerability/25008/ iOS App Developers Disabling TLS https://www.wandera.com/mobile-security/ios-app-developer-security-shortcuts/

Android Monthly Update https://source.android.com/security/bulletin/2019-06-01 Google Chrome Updates https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html MacOS Malware Injects Bing Ads https://www.airoav.com/mitm-proxy-a-new-search-hijack-method-on-mojave/ Kubernetes Vulnerability https://github.com/kubernetes/kubernetes/issues/78308 Vulnerabilities in Phihsing Kits https://blogs.akamai.com/sitr/2019/06/identifying-vulnerabilities-in-phishing-kits.html

Vulnerability in Notepad https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/ Vulnerability in vim/neovim https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md RDP Session Hijack Vulnerability https://kb.cert.org/vuls/id/576688/

Bypassing macOS Synthetic Click Protection https://www.wired.com/story/apple-macos-bug-synthetic-clicks/ Intel Microcode Updates for Older Windows 10 Versions https://support.microsoft.com/en-us/help/4494454/kb4494454-intel-microcode-updates Fake AntiVirus Adds in Microsoft Games https://answers.microsoft.com/en-us/windows/forum/all/malvertising-attack-on-microsoft-games/ced7ab87-7e0e-422b-97b7-fbfaed2b68a0 GandGrab Shutting Down https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/

Google Outage https://status.cloud.google.com/incident/compute/19003 Major Vulnerability in Siemens LOGO Controllers https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf Exposing TOR Users Via Cache Poisoning https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/ nginx njs Vulnerability https://github.com/nginx/njs/issues/131

Analysing Shell Code with scdbg https://isc.sans.edu/forums/diary/Analyzing+First+Stage+Shellcode/24984/ GitHub Automating Security Patches https://help.github.com/en/articles/configuring-automated-security-fixes Exposed Docker Containers Uses for Cryptocoin Mining https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/ Mozilla Objecting To Web Packaging https://docs.google.com/document/d/1ha00dSGKmjoEh2mRiG8FIA5sJ1KihTuZe-AXX1r8P-8/preview#

Behavioural Malware Analysis With Microsoft Attack Surface Analyzer https://isc.sans.edu/forums/diary/Behavioural+Malware+Analysis+with+Microsoft+ASA/24980/ Docker Symlink Race Attack https://seclists.org/oss-sec/2019/q2/131 Nanshu Campaign Using Signed Rootkit https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/

Office Document And Base64 Encoded PowerShell Script https://isc.sans.edu/forums/diary/Office+Document+BASE64+PowerShell/24976/ https://0xdf.gitlab.io/2019/05/21/malware-analysis-unnamed-emotet-doc.html Enumeration of BlueKeep Vulnerable Hosts https://blog.erratasec.com/2019/05/almost-one-million-vulnerable-to.html DHCP Client Vulnerablity Analysis https://sensepost.com/blog/2019/analysis-of-a-1day-cve-2019-0547-and-discovery-of-a-forgotten-condition-in-the-patch-cve-2019-0726-part-1-of-2/ Office File Deleting Phishing Emails https://www.bleepingcomputer.com/news/security/phishing-emails-pretend-to-be-office-365-file-deletion-alerts/

MacOS GateKeeper Bypass https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass Fortinet FortiOS SSL VPN Vulnerabilities https://fortiguard.com/psirt Customizing NMAP Service Detection https://isc.sans.edu/forums/diary/Video+nmap+Service+Detection+Customization/24970/

Dangers of Custom URL Schemes https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/ Update on Phyiscal Skimmer Market https://www.advanced-intel.com/blog/skimming-threat-landscape-technology-advances-lower-barriers-of-entry-for-novice-skimming-operators Apple Supplemental Update For masOS 10.14.5 https://support.apple.com/kb/DL2005?locale=en_US Microsoft Releases Advanced Threat Protection for MacOS https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Microsoft-Defender-ATP-for-Mac-now-in-open-public-preview/ba-p/634603

An Update on the Microsoft Windows RDP BlueKeep Vulnerablity https://isc.sans.edu/forums/diary/An+Update+on+the+Microsoft+Windows+RDP+Bluekeep+Vulnerability+CVE20190708+now+with+pcaps/24960/ New Zero Day Exploits by SandboxEscaper https://github.com/SandboxEscaper/polarbearrepo Signed Exploit Code https://medium.com/@chroniclesec/abusing-code-signing-for-profit-ef80a37b50f4

Setting Up Shodan Monitoring https://isc.sans.edu/forums/diary/Using+Shodan+Monitoring/24956/ Fingerprinting Smartphones With Gyroscope Data https://sensorid.cl.cam.ac.uk/ 20% of Linux Docker Containers Without Password https://www.kennasecurity.com/20-of-the-1000-most-popular-docker-containers-have-no-root-password/ RDP #bluekeep Signature For Snort/Suricata https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt

MSFT RDP Vulnerability (#BlueKeep) Update https://twitter.com/search?q=%23bluekeep Sharepoint Exploited https://isc.sans.edu/forums/diary/CVE20190604+Attack/24952/ Risks of JWT https://snikt.net/blog/2019/05/16/jwt-signature-vs-mac-attacks/ MuddyWater Campaign Evolves https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html

Google Analyzes Vendor Response to 0-Day Exploits https://googleprojectzero.blogspot.com/p/0day.html ASUS WebStorage Abused For Malware Distribution https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/ Vulnerabilities in Apple Air Drop https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf

The Risk of Authenticated Vulnerability Scans https://isc.sans.edu/forums/diary/The+Risk+of+Authenticated+Vulnerability+Scans/24942/ ARIN Revokes about 735,000 IP Addresses https://www.arin.net/vault/about_us/media/releases/20190513.html More Cisco Patches (Prime Infrastructure, EPN Manager) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce Instrument Landing Systems Spoofing https://aanjhan.com/assets/ils_usenix2019.pdf

Forbes Website Infected by Magecart https://twitter.com/bad_packets/status/1128517905765683201 Malware Randomizes TLS Ciphers https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html Google Recalls Titan Security Keys https://security.googleblog.com/2019/05/titan-keys-update.html SAMBA Update https://www.samba.org/samba/security/CVE-2018-16860.html SAP Patches https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032