Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Suspicious GET Request: Do you know what it is? https://isc.sans.edu/forums/diary/Suspicious+GET+Request+Do+You+Know+What+This+Is/24552/ DNS Flag Day https://dnsflagday.net/

Drupal Patches https://www.drupal.org/sa-core-2019-002 https://www.drupal.org/sa-core-2019-001 WPML User Data Compromised and Used in EMail To Customers https://wpml.org/2019/01/wpml-org-site-back-to-normal-after-an-attack-during-the-weekend/ Targeted Attack Uses Google Drive for Exfiltration https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/ Packet Challenge Solution https://johannes.homepc.org/packet8.txt

Android Malware Uses Motion Detection to Evade Analysis https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/ Twitter for Android Bug https://help.twitter.com/en/protected-tweets-android Introduction to WebAuthn/FIDO2 https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285 Ransomware As a Service https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/

Emotet and Other Malspam Campaigns Resume After Holiday Break https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/ Magecart Delivered Via Compromised Advertising Sites https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/ Premisys Identicard Vulnerabilities https://www.tenable.com/security/research/tra-2019-01 ES File Explorer Open Port Vulnerability https://github.com/fs0c131y/ESFileExplorerOpenPortVuln

MSFT Skype/Team Foundation Server Patches https://isc.sans.edu/forums/diary/Microsoft+Publishes+Patches+for+Skype+for+Business+and+Team+Foundation+Server/24540/ SCP Client Vulnerabilities https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Server Hosting Companies Trivilally Hacked https://www.websiteplanet.com/blog/report-popular-hosting-hacked/ Vulnerabilities in Industrial Remote Controls https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/attacks-against-industrial-machines-via-vulnerable-radio-remote-controllers-security-analysis-and-recommendations Oracle Quarterly Critical Patch Update https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Microsoft LAPS - Blue Team / Red Team https://isc.sans.edu/forums/diary/Microsoft+LAPS+Blue+Team+Red+Team/24528/ Intel SGX Platform Update https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html Godaddy Injecting JavaScript https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/ Play with Docker Vulnerability https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/

Government Website TLS Certificates Expire due to Partial Shutdown https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html Firefox EOL Plan for Flash https://bugzilla.mozilla.org/show_bug.cgi?id=1519434 Fake Movie File Malware https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/ Microsoft Windows Patch Breaks Access 97 https://borncity.com/win/2019/01/11/windows-january-2019-updates-breaks-access-to-access-dbs/ Snorpy Assists in Snort Rule Writing https://isc.sans.edu/forums/diary/Snorpy+a+Web+Base+Tool+to+Build+SnortSuricata+Rules/24522/ Packet Challenge

Old Tricks still work: I love you Malspam https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512/ Juniper Updates Released https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916&cat=SIRT_1&actp=LIST https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10918&cat=SIRT_1&actp=LIST New Systemd/Journald Exploit Release https://www.qualys.com/2019/01/09/system-down/system-down.txt Global DNS Hijacking https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html

Simple Mechanism for Creating Certificates https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/ Review of Smartphone Face Recognition https://www.consumentenbond.nl/veilig-internetten/gezichtsherkenning-te-hacken Google Public DNS now supports DNS-over-TLS https://security.googleblog.com/2019/01/google-public-dns-now-supports-dns-over.html Malwarebytes Freezes Windows 7 https://forums.malwarebytes.com/topic/241223-malwarebytes-for-windows-and-windows-7-freezelock-up/ German Police Looking for MAC Address https://polizei.brandenburg.de/pressemeldung/f8-e0-79-af-57-eb-cyber-fahndung-nach-ma/1310909

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2019+Patch+Tuesday/24504/ https://patchtuesdaydashboard.com/ Adobe Updates https://helpx.adobe.com/security.html Google Play Store Adware https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/ Ethereum Classic 51% Attack https://blog.coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de

Malware of the Day: Encrypted Word Document https://isc.sans.edu/forums/diary/Analyzing+Encrypted+Malicious+Office+Documents/24498/ Apple iOS Apps Reaching Out to Malware Server https://www.wandera.com/risky-apps/ NCSC Offers Assistance Against Attacks from Foreign Governments https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-awareness-materials Hardware Agnostic Side Channel Attacks https://arxiv.org/abs/1901.01161

Malware in TAR Files https://isc.sans.edu/forums/diary/Malicious+tar+Attachments/24496/ ReiKey MacOS Keystoke Logger Detector https://objective-see.com/products/reikey.html Phishing Tool Kit uses Simple Substituion Fonts https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection

Malware Leaks Victim Data via FTP https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/24484/ Hijacking Dormant Twitter Accounts https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/ Android Authentication Bypass via Skype https://www.youtube.com/watch?v=EiEcwOfTFqI Critical Adobe Updates https://helpx.adobe.com/security/products/acrobat/apsb19-02.html FilesLocker Ransomware Master Key Published https://www.bleepingcomputer.com/news/security/master-decryption-key-released-for-fileslocker-ransomware/

Gift Card Scams https://isc.sans.edu/forums/diary/Gift+Card+Scams+on+the+rise/24482/ WiFi Chipset Exploit https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf?fbclid=IwAR07FmZGKLKdJAKI4g0o-Wm-dLGwclV8Hhi-L4_HRlklldY8UC6WY72AdAw

Bypassing Vein Scanner Authentication (in german) https://media.ccc.de/v/35c3-9545-venenerkennung_hacken Hacking Smart Lightbulbs and Firmware Exploits https://media.ccc.de/v/35c3-9723-smart_home_-_smart_hack European Union Offers Bug Bounty for Open Source Software https://juliareda.eu/fossa/ Bypassing Google ReCaptcha https://github.com/ecthros/uncaptcha2

Phishing Attack Uses IP Counter https://isc.sans.edu/forums/diary/Matryoshka+Phish/24460/ JungleSec Ransomware Attacks via IPMI https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/ Microsoft Edge PoC RCE Exploit https://github.com/phoenhex/files/blob/master/pocs/cve-2018-8629-chakra.js

Problems with IE Emergency Patch https://support.microsoft.com/en-us/help/4483229/december192018kb4483229osbuild143932670 Bitcoin Blacklists https://isc.sans.edu/forums/diary/Bitcoin+Blacklists/24456/ D-Link DIR-816 A2 Stack Overflow https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816

Windows 0-Day PoC Published: Arbitrary File Read as System https://sandboxescaper.blogspot.com/2018/12/readfile-0day.html Attacks Against 2FA in the Middle East https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/ FBI Shuts Down Booter Services http://www.documentcloud.org/documents/5648950-DOJ-indictments-in-booter-cases.html Intel VISA Undocumented Debug Feature https://www.blackhat.com/asia-19/briefings/schedule/index.html#intel-visa-through-the-rabbit-hole-13513

Microsoft Publishes Emergency Patch for Internet Explorer https://isc.sans.edu/forums/diary/Microsoft+OOB+Patch+for+Internet+Explorer+Scripting+Engine+Memory+Corruption+Vulnerability/24438/ Restricting PowerShell Capabilities with NetSh https://isc.sans.edu/forums/diary/Restricting+PowerShell+Capabilities+with+NetSh/24434/ Remotely Bricking a Server https://eclypsium.com/2018/12/19/remotely-bricking-a-server/

ASUS Vulnerabilities https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities GIGABYTE Vulnerabilities https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities Apple App Store Phishing https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts Kibana Vulnerability Exploited https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/ Decrypter for InsaneCrypt and Everbe 1 https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-insanecrypt-or-everbe-1-family-of-ransomware/ http://id-ransomware.malwarehunterteam.com/ SANS Holiday Hack Challenge https://www.kringlecon.com