Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Emotet Spreading IcedID Banking Malware https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/ Crypto Miners Abusing Insecure Docker Installs https://forums.juniper.net/t5/Threat-Research/Container-Malware-Miners-Go-Docker-Hunting-In-The-Cloud/ba-p/400587 GPS Watches Can Be Used To Track Kids https://www.pentestpartners.com/security-blog/tracking-and-snooping-on-a-million-kids/ Firefox Will Notify Users of Breached Sites https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/ David Kennel: All-Seeing Eye or Blind Man? Understanding the Linux Kernel Auditing System https://www.sans.org/reading-room/whitepapers/linux/all-seeing-eye-blind-man-understanding-linux-kernel-auditing-system-38605

Details about Zero Day Exploit Taking Advantage of Win32k Vuln. https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/ PacSec Pwn2Own Results https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results https://www.zerodayinitiative.com/blog/2018/11/14/pwn2own-tokyo-2018-day-two-results-and-master-of-pwn More Spectre/Meltdown Flaws https://arxiv.org/pdf/1811.05441.pdf

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/ Adobe Security Bulletins https://helpx.adobe.com/security.html

Google BGP Hijack via Russia https://twitter.com/thousandeyes/status/1062102171506765825 https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392 Microcode Bootloader USB https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/ Wordpress GDPR Tool Vulnerable https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/

Cloudflare Releases Mobile Apps To Use 1.1.1.1 https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/ Crypto Coin Miners Now With Rootkits https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth Google Play Protect Reduces Malware https://security.googleblog.com/2018/11/introducing-android-ecosystem-security.html

Cisco Security Bulletins https://tools.cisco.com/security/center/publicationListing.x Ruby Deserialization https://www.elttam.com.au/blog/ruby-deserialization/ Ouch Newsletter: Am I Hacked? https://www.sans.org/security-awareness-training/resources/am-i-hacked Jonathan Sweeny: Smart Contract Botnets https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050 https://www.sans.org/reading-room/whitepapers/warfare/tearing-smart-contract-botnets-38650

VirtualBox 0 Day Guest Escape Exploit Released https://github.com/MorteNoir1/virtualbox_e1000_0day WooCommerce / Wordpress Bug Leads to RCE https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/ Bing Advertises Fake Version of Notepad2 https://www.bleepingcomputer.com/news/security/beware-of-unofficial-sites-pushing-notepad2-adware-bundles/ Jacksonville BSides https://bsidesjax.org

China Telecom's Internet Traffic Misdirection https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection Android Security Updates; Last for Nexus https://source.android.com/security/bulletin/2018-11-01#framework PoC Facetime Exploit https://bugs.chromium.org/p/project-zero/issues/detail?id=1641 Vulnerability in U-Boot Bootloader https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR2018-0001.txt

Struts 2.3 Uses Outdated commons-fileupload library https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File+Upload+Flaw/24278/ Fake Elon Musk Tweet used to steal Bitcoin https://www.bleepingcomputer.com/news/security/fake-elon-musk-twitter-bitcoin-scam-earned-180k-in-one-day/ Bypassing SSD Drive Hardware Encryption https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/

Beyond good ol' LaunchAgents https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+1/24274/ Dissecting a CVE-2017-11882 Exploit https://isc.sans.edu/forums/diary/Dissecting+a+CVE201711882+Exploit/24272/ Microsoft Edge Exploit About to Be Released https://twitter.com/Yux1xi Portsmash Vulnerability https://github.com/bbbrumley/portsmash RC4 (Arcfour) Depreciation in SSH https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-12

Windows Defender Sandboxing Bug https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/ Bleedingbit Bluetooth Low Energy Vulnerability https://armis.com/bleedingbit/ Cisco ASA/Firepower DoS Vulnerability Actively Exploited https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos

Encrypted Word Maldocs https://isc.sans.edu/forums/diary/More+malspam+using+passwordprotected+Word+docs/24262/ iOS / MacOS ICMP Error Remote Code Execution https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407 iOS Lock Screen Bypass https://www.youtube.com/watch?v=ojigFgwrtKs

Change in Strategy for Hancitor Malware https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/ Apple Updates https://support.apple.com/en-us/HT201222 Telegram Stores Conversations Locally https://twitter.com/nathanielrsuchy

Maldoc Duplicating PowerShell https://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/ New File Types Emerge in Malware Spam Attachments https://blog.trendmicro.com/trendlabs-security-intelligence/same-old-yet-brand-new-new-file-types-emerge-in-malware-spam-attachments/ Malicious Mac Crypto Currency Tracker Installs Backdoor https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/ Sandbox For Windows Defender https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/

Dissecting Malicious Office Documents in Linux https://isc.sans.edu/forums/diary/Dissecting+Malicious+Office+Documents+with+Linux/24248/ Analyzing Compressed RTF Documents https://isc.sans.edu/forums/diary/Detecting+Compressed+RTF/24250/ SystemD DHCPv6 Remote Code Executing Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-15688 Cryptominers Scan for Docker Engine https://blog.trendmicro.com/trendlabs-security-intelligence/misconfigured-container-abused-to-deliver-cryptocurrency-mining-malware DemonBot Targeting Hadoop https://blog.radware.com/security/2018/10/new-demonbot-discovered/

Scam Calls Targeting Chinese Living in the US https://isc.sans.edu/forums/diary/Fake+BankPost+Office+Phone+Calls+Targeting+Chinese+Immigrants/24244/ X.org Privilege Elevation Flaw https://lists.x.org/archives/xorg-announce/2018-October/002927.html Remote Videos in Office Documents https://blog.cymulate.com/abusing-microsoft-office-online-video Mac Malware Injects Ads https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/

Reversing AutoIT https://isc.sans.edu/forums/diary/Diving+into+Malicious+AutoIT+Code/24238/ Arcserve Vulnerabilities https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/ WebExec Vulnerability https://webexec.org/ More ALPC Flaws from Sandbox Escaper https://twitter.com/SandboxEscaper/status/1054744201244692485 https://twitter.com/mkolsek/status/1054794984908562432

Malware Uses Decoy Picture https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Picture/24234/ DNS over HTTPS Pushback https://twitter.com/paulvixie/status/1053765281917661184 Signal Desktop Leaves Encryption Key Exposed https://twitter.com/nathanielrsuchy Firefox 63 Allows Less Tracking https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/

MSG Files: Compressed RTF https://isc.sans.edu/forums/diary/MSG+Files+Compressed+RTF/24228/ FreeRTOS TCP/IP Stack Vulnerabilities https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/ VLC/Live555 RTSP Server Vulnerability https://www.talosintelligence.com/reports/TALOS-2018-0684 Microsoft Yammer Update https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8569#ID0EGB

MacOS LaunchAgent https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+0/24230/ TLS Session Tracking https://arxiv.org/pdf/1810.07304.pdf jQuery File Upload Plugin https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html Drupal Update https://www.drupal.org/sa-core-2018-006