Sinopsis
Daily update on current cyber security threats
Episodios
-
![ISC StormCast for Thursday, May 31st 2018]()
ISC StormCast for Thursday, May 31st 2018
31/05/2018 Duración: 04minWindows JScript Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-18-534/ Two Git Vulnerabilities Patched https://marc.info/?l=git&m=152761328506724&w=2 https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/ SpamCannibal Blacklist Temporarily Marks All IPs as "Spam" https://twitter.com/GossiTheDog/status/1001778042400854016 QRadar Remote Code Execution https://blogs.securiteam.com/index.php/archives/3689
-
![ISC StormCast for Wednesday, May 30th 2018]()
ISC StormCast for Wednesday, May 30th 2018
29/05/2018 Duración: 06minNew DNS Features https://isc.sans.edu/forums/diary/DNS+is+Changing+Are+you+Ready/23711/ Apple Updates https://support.apple.com/en-us/HT201222 Scans For Misconfigured EOS Blockchain Nodes https://www.bleepingcomputer.com/news/security/misconfigured-eos-blockchain-nodes-under-attack/ NPM Bug Causes Update Failures / Application Crashes https://github.com/npm/npm/issues/20791#issuecomment-392648459 MnuBot Exfiltrates Data Via MSSQL https://securityintelligence.com/new-banking-trojan-mnubot-discovered-by-ibm-x-force-research/
-
![ISC StormCast for Tuesday, May 29th 2018]()
ISC StormCast for Tuesday, May 29th 2018
29/05/2018 Duración: 05minUltrasound Mobile Location Tracking https://isc.sans.edu/forums/diary/Do+you+hear+Laurel+or+Yanny+or+is+it+OnOff+Keying/23707/ Analyzing Malware Created with NSIS https://isc.sans.edu/forums/diary/Quick+analysis+of+malware+created+with+NSIS/23703/ Obfuscated Word Macro https://isc.sans.edu/forums/diary/Antivirus+Evasion+Easy+as+123/23701/ Z-Wave Attacks https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/ https://www.silabs.com/community/blog.entry.html/2018/05/23/tl_dr_your_door_is-g1zC Electron Framework Protocol Handler Patch Bypass https://blog.doyensec.com/2018/05/24/electron-win-protocol-handler-bug-bypass.html
-
![ISC StormCast for Friday, May 25th 2018]()
ISC StormCast for Friday, May 25th 2018
25/05/2018 Duración: 04minGDPR Going Into Effect May 25th https://en.wikipedia.org/wiki/General_Data_Protection_Regulation Bitcoin Gold Double Spent Attack https://forum.bitcoingold.org/t/double-spend-attack-on-exchanges/1362 Amazon Alexa Forwards Random Conversations https://www.kiro7.com/news/local/woman-says-her-amazon-device-recorded-private-conversation-sent-it-out-to-random-contact/755507974 Verge Crypto Coin Attacked Again https://www.bleepingcomputer.com/news/security/verge-cryptocurrency-network-falls-victim-to-same-attack-even-after-hard-fork/
-
![ISC StormCast for Thursday, May 24th 2018]()
ISC StormCast for Thursday, May 24th 2018
24/05/2018 Duración: 05minVPNFilter Malware Affecting Cisco Routers https://blog.talosintelligence.com/2018/05/VPNFilter.html DLink Vulnerabilities https://securelist.com/backdoors-in-d-links-backyard/85530/ Firefox Disabling "Spy APIs" and enabling 2FA https://www.fxsitecompat.com/en-CA/docs/2018/ambient-light-and-proximity-sensor-apis-have-been-disabled/
-
![ISC StormCast for Wednesday, May 23rd 2018]()
ISC StormCast for Wednesday, May 23rd 2018
23/05/2018 Duración: 04minMalicious SYLK Files Used to Execute Code in Excel https://isc.sans.edu/forums/diary/Malware+Distributed+via+slk+Files/23687/ BMW Releases Patches for Several Cars https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf Mac Crypto Miners https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2018/05/new-mac-cryptominer-uses-xmrig/ VMWare Spectre Updates https://www.vmware.com/security/advisories/VMSA-2018-0012.html
-
![ISC StormCast for Tuesday, May 22nd 2018]()
ISC StormCast for Tuesday, May 22nd 2018
22/05/2018 Duración: 05minSpectre NG Patches https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 New "Moon" Variant http://blog.netlab.360.com/gpon-exploit-in-the-wild-iv-themoon-botnet-join-in-with-a-0day/ https://isc.sans.edu/forums/diary/Something+Wicked+this+way+comes/23681/ Extracting Keys From Windows ssh-agent https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/
-
![ISC StormCast for Monday, May 21st 2018]()
ISC StormCast for Monday, May 21st 2018
21/05/2018 Duración: 05minRedis Cryptocoin Mining Worm https://isc.sans.edu/forums/diary/Anatomy+of+a+Redis+mining+worm/23673/ Evolving Chrome's Security Indicator https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html DrayTek CSRF 0-Day Exploited to Change DNS Servers https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks Rowhammer Remote Exploit https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf https://arxiv.org/abs/1805.04956
-
![ISC StormCast for Friday, May 18th 2018]()
ISC StormCast for Friday, May 18th 2018
18/05/2018 Duración: 05minClaymore Miner Attack https://isc.sans.edu/diary/Insecure+Claymore+Miner+Management+API+Exploited+in+the+Wild/23665/ PCI DSS Version 3.2.1. Released https://isc.sans.edu/forums/diary/PCI+DSS+version+321+is+out/23667/ Keeper Releases Update https://keepersecurity.com/blog/2018/05/15/response-may-15-seclists-report/ Cisco Security Update https://tools.cisco.com/security/center/publicationListing.x
-
![ISC StormCast for Thursday, May 17th 2018]()
ISC StormCast for Thursday, May 17th 2018
16/05/2018 Duración: 06minCritical DHCP Client Vulnerability in RedHat Enterprise Server 6/7 https://access.redhat.com/security/vulnerabilities/3442151 UPnP Misconfiguration DDoS Attack https://www.theregister.co.uk/2018/05/16/upnp_amplifies_ddos_attacks/ Ubuntu Snap Store Miner Incident Followup https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store iOS / Android "Zipper Down" Vulnerability https://zipperdown.org/
-
![ISC StormCast for Wednesday, May 16th 2018]()
ISC StormCast for Wednesday, May 16th 2018
16/05/2018 Duración: 06minPDF Exploit (and Windows Priv. Escalation) Leaked https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/ Possible Vulnerability in Keeper Password Manager http://seclists.org/fulldisclosure/2018/May/41 MyEtherWallet Phishing https://isc.sans.edu/forums/diary/Phishing+emails+for+fake+MyEtherWallet+login+page/23655/
-
![ISC StormCast for Tuesday, May 15th 2018]()
ISC StormCast for Tuesday, May 15th 2018
15/05/2018 Duración: 06minPGP/SMIME efail Vulnerability https://efail.de Adobe PDF Reader / Acrobat Bulletins https://helpx.adobe.com/security/products/acrobat/apsb18-09.html
-
![ISC StormCast for Monday, May 14th 2018]()
ISC StormCast for Monday, May 14th 2018
14/05/2018 Duración: 05minOdd njRat Like Scans Reversed C2 traffic from China Signal Vulnerability (Possibly in Electron, which affects Skype/Slack/others) https://twitter.com/ortegaalfredo/status/995017143002509313 Electron Vulnerability https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/ Cryptocoin Miner Found in Ubuntu Snap Store https://github.com/canonical-websites/snapcraft.io/issues/651
-
![ISC StormCast for Friday, May 11th 2018]()
ISC StormCast for Friday, May 11th 2018
11/05/2018 Duración: 05minDNS Exfiltration in Windows https://isc.sans.edu/forums/diary/Exfiltrating+data+from+very+isolated+environments/23645/ Fake Electrun Wallet https://github.com/spesmilo/electrum-docs/blob/master/decompiling_guide.md Treasure Hunter PoS Malware Source Code Leaked https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/ More Malicious Chrome Extensions Spreading via Facebook https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/
-
![ISC StormCast for Thursday, May 10th 2018]()
ISC StormCast for Thursday, May 10th 2018
10/05/2018 Duración: 04minLoyds Bank Phish Leads to Trickbot https://isc.sans.edu/forums/diary/Nice+Phishing+Sample+Delivering+Trickbot/23641/ Firefox Group Policy Engine https://www.bleepingcomputer.com/news/software/group-policy-support-coming-to-firefox-60/ OS Vendors Fix Intel Debug Flaw https://www.kb.cert.org/vuls/id/631579 Cryptocoin Miner in Excel https://charles.dardaman.com/js_coinhive_in_excel
-
![ISC StormCast for Wednesday, May 9th 2018]()
ISC StormCast for Wednesday, May 9th 2018
09/05/2018 Duración: 06minMicrosoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2018+Patch+Tuesday/23637/ Basestriker Vulnerability Hitting Office 365 https://www.avanan.com/resources/basestriker-vulnerability-office-365 wget Cookie Injection Vulnerability http://seclists.org/fulldisclosure/2018/May/20
-
![ISC StormCast for Tuesday, May 8th 2018]()
ISC StormCast for Tuesday, May 8th 2018
08/05/2018 Duración: 04minParsing Windows Job Files https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/ SYN-ACK Ransomware Uses Dobbleganging Technique https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/ More Drupal Compromises https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/ Russia vs. Telegram https://twitter.com/instasegv/status/993521755192020992 https://www.bleepingcomputer.com/news/government/russia-blocks-50-vpns-and-proxy-services-providing-access-to-telegram/
-
![ISC StormCast for Monday, May 7th 2018]()
ISC StormCast for Monday, May 7th 2018
07/05/2018 Duración: 05minMalicious NPM Library Stopped https://blog.npmjs.org/post/173526807575/reported-malicious-module-getcookies Popular GDPR Shield http://gdpr-shield.io (currently down) More Spectre Flaws https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
-
![ISC StormCast for Friday, May 4th 2018]()
ISC StormCast for Friday, May 4th 2018
04/05/2018 Duración: 14minMore WebLogic Exploits https://isc.sans.edu/forums/diary/WebLogic+Exploited+in+the+Wild+Again/23617/ Ouch! GDPR Newsletter https://www.sans.org/security-awareness-training/ouch-newsletter GitHub / Twitter Password Storage Issues https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html https://www.zdnet.com/article/github-says-bug-exposed-account-passwords/ Facebook adds Homegraph Alert to Certificate Transparency log monitoring https://www.facebook.com/notes/protect-the-graph/phishing-domain-detection/2037453483161459/ Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
-
![ISC StormCast for Thursday, May 3rd 2018]()
ISC StormCast for Thursday, May 3rd 2018
03/05/2018 Duración: 06minGPS Jamming Becoming More Common https://www.avweb.com/avwebflash/news/GPS-Jamming-Major-Threat-to-Drone-230749-1.html https://www.heise.de/newsticker/meldung/GPS-unter-Beschuss-Jamming-und-Spoofing-nehmen-zu-4038137.html Windows Command Line References https://isc.sans.edu/forums/diary/Windows+Commands+Reference+An+InfoSec+Must+Have/23613/ LoJack Laptop Anti-Theft Software "Phones Home" to Russia https://asert.arbornetworks.com/lojack-becomes-a-double-agent/ Google Maps Can Be Used as a URL Shortener https://nakedsecurity.sophos.com/2018/05/01/google-maps-open-redirect-flaw-abused-by-spammers/ Retrieving DVR Credentials via "Admin Cookie" https://github.com/ezelf/CVE-2018-9995_dvr_credentials
