Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

NetSpectre: Read Arbitrary Memory over the Network https://misc0110.net/web/files/netspectre.pdf Google Play Store Bans Crypto Miners https://play.google.com/about/developer-content-policy-print/ Japanese Calendar Issues https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/ Multiple Vulnerabilities in Samsung SmartThings Hub https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html?m=1 Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers. Ryan O'Grady https://www.sans.org/reading-room/whitepapers/artificialintelligence/times-change-training-data-too-effect-training-data-recency-twitter-classifiers-38500

Etherscan.io XSS Vulnerability https://scotthelme.co.uk/xss-on-etherscan-io/ Tomcat Vulnerabilities Patched https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat DNS over HTTPS Standard Finalized https://datatracker.ietf.org/wg/doh/about/ ERP Systems Targeted in Recent Attacks https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications

Emotet Update https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/ Clear Text Phone Tracking https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/ Bluetooth Bug https://www.kb.cert.org/vuls/id/304725 Apache OpenWhisk Vulnerability https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702

More Spectre https://arxiv.org/pdf/1807.07940.pdf July IE Patch Fixed older Remote Code Exec. Bug http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/ Google Chrome 68 Released Today. HTTP sites marked as "insecure" https://support.google.com/chrome/a/answer/7679408?hl=en DNS Rebinding Vulnerablity Common in IoT https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/

New WebLogic Vulnerability Already Exploited https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/ Microsoft Edge Turns off XSS Protection https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge Intel Management Engine Vulnerabilities https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html User Tracking With TLS 1.2 Certificates http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf

Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Diqee Smart Vacuum Vulnerabilities http://en.diqee.com/goods/1994.html Instagram About To Release 2FA Update https://techcrunch.com/2018/07/17/instagram-2-factor/ Reporting Malicious Websites https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/

Increase in scans for port 15454 https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/ Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Venmo Public Transaction API https://publicbydefault.fyi Credential Stuffing Responsible for Majority of Login Attempts http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security

Searching for Geographically Improbably Login Attempts https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/ Typo3 CMS Update https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/ GitHub Expands Security Scanner to Python https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/ Money Laundry Scheme Exposed by Open Mongo database. https://kromtech.com/blog/security-center/digital-laundry

Encrypted SNI in TLS 1.3 https://tools.ietf.org/html/draft-rescorla-tls-esni-00 Microsoft to Retire "Delta Updates" https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426 Practical GPS Spoofing of Navigation Devices https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf

Processing JSON https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/ Cryptocoin Mining Javascript (yet again) https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/ Dahua Passwords Leaked/Cached by Search Engine https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/ MDM Used in Targeted Attack Against iPhone Users https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html

Extortion Claims Include Leaked Passwords to Appear more Plausiable https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/ npm Package Compromised and Used To Steal Credentials https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026 CIRCL IMAP Proxy https://github.com/CIRCL/IMAP-Proxy Checkpoint Names "Dorkbot" As A Top Threat (Signup required) https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/

Hello Peppa Followup https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/ Spectre 1.1 and 1.2 https://people.csail.mit.edu/vlk/spectre11.pdf Internet Exchanges Band Together against BGP Hijacking https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/ Google Enabled Site Isolation in Chrome https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/

MSFT Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+July+2018+now+with+Dashboard/23858/ https://patchtuesdaydashboard.com/ SettingContent-ms Files Blacklisted https://support.office.com/en-us/article/packager-activation-in-office-365-desktop-applications-52808039-4a7c-4550-be3a-869dd338d834?ui=en-US&rs=en-US&ad=US Adobe Patches https://helpx.adobe.com/security.html Stolen DLINK Certificate https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/

Reverse Shell via Weblogic Flaw https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/ Apple Patches Everything Again https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/ Microsoft Offers Better Azure AD Password Protection http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/

Trivial Exploit For HP iLO 4 (patched last August) https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf Flexible Miner/Ransomware https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/ Hacker Steals Gas From Gas Station https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411

Gentoo GitHub Breach Post Morten https://wiki.gentoo.org/wiki/Github/2018-06-28 Hamas Sets World Cup Trap for Israeli Soldiers https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX

Progress Indication For Scripts in Windows https://isc.sans.edu/forums/diary/Progress+indication+for+scripts+on+Windows/23830/ Stylish Extension Steals History https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ Data Leaks From Android Apps https://recon.meddle.mobi/panoptispy/

Odd PHP Exploit Attempt https://isc.sans.edu/forums/diary/Hello+Peppa+PHP+Scans/23826/ Diameter Security Report https://www.ptsecurity.com/ww-en/premium/diameter-2018/ Attack Against Trezor via DNS or BGP https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced Symantec Offers VPNFilter Check http://www.symantec.com/filtercheck/

MacOS Malware Targeting Slack/Dicord Crypto Comunities https://isc.sans.edu/forums/diary/Crypto+community+target+of+MacOS+malware/23816/ New LTE Attacks Made Public https://alter-attack.net Rowhammer Attacks Against Android https://rampageattack.com

Less Greedy Cryptominers https://isc.sans.edu/forums/diary/New+and+Improved+Cryptominers+Now+with+50+less+Greed/23812/ Disassemling Webassembly https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries Spectre Browser Mitigation Bypass https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/ Gentoo Github Repository Compromise https://archives.gentoo.org/gentoo-announce/message/dc23d48d2258e1ed91599a8091167002