Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Creating Malicious Office Documents https://isc.sans.edu/forums/diary/Diving+into+a+Simple+Maldoc+Generator/23609/ Google (and Amazon) Disable Domain Fronting https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/ Google Chrome To Enforce Certificate Transparency https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ

April WebLogic Patch Incomplete and Intense Scanning for WebLogic Under Way https://www.bleepingcomputer.com/news/security/hackers-scan-the-web-for-vulnerable-weblogic-servers-after-oracle-botches-patch/ Facex Worm Spreads Malicious Chrome Extensions via Facebook https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targets-cryptocurrency-trading-platforms-abuses-facebook-messenger-for-propagation/ $15 DTV Transmitter as a SDR https://hackernoon.com/osmo-fl2k-a-15-dtv-transmitter-fm-radio-hijack-and-gps-spoofing-device-68ac08ba7d76

A Few Sample #Drupal Exploits including CVE-2018-7602 https://isc.sans.edu/forums/diary/More+Threat+Hunting+with+User+Agent+and+Drupal+Exploits/23597/ Triggering SMB Connections to Steal NTLM Credentials via PDFs https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/ NTFS Crash DoS Exploit Published for Windwos 10 and 7 https://github.com/mtivadar/windows10_ntfs_crash_dos Apple HomeKit / Secure Element Problems https://www.youtube.com/watch?v=1CNAMgctAp0 Azucar Assessing Azure Security https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/introducing-azucar/

HP iLO Ransomware https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/ Total Meltdown Exploit Available https://blog.xpnsec.com/total-meltdown-cve-2018-1038/ WD My Cloud EX2 Access Control Bypass https://www.trustwave.com/Resources/SpiderLabs-Blog/WD-My-Cloud-EX2-Serves-Your-Files-to-Anyone/ Hyperoptic ZTE Home Router Hardcoded Account https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers

New Drupal Remote Code Execution Vulnerability https://www.drupal.org/sa-core-2018-004 Malicious Network Traffic From /bin/bash https://isc.sans.edu/forums/diary/Malicious+Network+Traffic+From+binbash/23591/ Insecure Hotel Locks https://safeandsavvy.f-secure.com/2018/04/25/researchers-find-way-to-generate-master-keys-to-hotels/ Amazon Echo As Evesdropping Device (signin required) https://info.checkmarx.com/wp-alexa

Paying For Ransomware Often Fails to Recover Files https://cyber-edge.com/cdr/#about-this-report Microtik Router Malware Infects Sysadmin PCs https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf CNNVD Held Back Vulnerabilities https://www.recordedfuture.com/chinese-mss-vulnerability-influence/ Keeper Exposes S3 Bucket http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/ https://keepersecurity.com/blog/2018/03/10/keepers-response-zdnets-article-regarding-s3-bucket-configuration-issue/ Chip and Pin Clones https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/

Apache Solr Vulnerability used to Install Cryptocoin Miner https://isc.sans.edu/forums/diary/Apache+SOLR+the+new+target+for+cryptominers/23425/ CRIMEB4NK IRC Bot https://isc.sans.edu/forums/diary/CRIMEB4NK+IRC+Bot/23423/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Any.Run Malware Analysis Tool https://any.run

Ransomware News: GlobeImposter Gets A Facelift, GandCrab is Still Out there https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/ How to Break Encryption https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/ Bypassing Adobe Flash Security Protections https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/ Hundreds of Bitcoin Mining Servers Stolen in Iceland https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland Several Android Mail Apps Send Password To Developer (article in German) https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/

Exploit for CVE-2018-6789 https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/ Microsoft Fixes USB Issues Introduced By February Patches https://support.microsoft.com/en-us/help/4090913/march5-2018kb4090913osbuild16299-251 123 Reg Looses Backups https://www.bleepingcomputer.com/news/business/123-reg-backup-snafu-causes-clients-to-lose-files-since-august-2017/ Android March Security Bulletin https://source.android.com/security/bulletin/2018-03-01#media-framework

Malicious Bash Script with Multiple Features https://isc.sans.edu/forums/diary/Malicious+Bash+Script+with+Multiple+Features/23411/ More Memcached DDoS Attacks https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/ Spring Framework Vulnerability https://lgtm.com/blog/spring_data_rest_CVE-2017-8046 LTE Vulnerabilities http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE_NDSS18_paper.pdf

Protective Malicious Monero Crypto Coin Miners https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/ memcached DDoS Attacks Ask For Ransom https://blogs.akamai.com/2018/03/memcached-now-with-extortion.html Cheap Android Trojans Come PreInstalled With Banking Malware https://news.drweb.com/show/?lng=en&i=11749&c=5 RedDrop Android Malware Installed via 3rd Party App Stores https://www.wandera.com/blog/reddrop-malware/

Censoring Images At Scale in #WeChat https://isc.sans.edu/forums/diary/Why+Does+Emperor+Xi+Dislike+Winnie+the+Pooh+and+Scrambled+Eggs/23395/ Trustico Update: Certificate Revocation List Monitor https://isc.sans.edu/crls.html Memcached Update: Github Attack https://githubengineering.com/ddos-incident-report/ http://powerofcommunity.net/poc2017/shengbao.pdf Microsoft Releases Intel Spectre Microcode Updates https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

How Did This Memcache Thing Happen? https://isc.sans.edu/forums/diary/How+did+this+Memcache+thing+happen/23391/ Trustico TLS Certificate Revocation https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wxX4Yv0E3Mk/QZt8UPhKAwAJ Flash on Its Way Out https://www.bleepingcomputer.com/news/security/google-chrome-flash-usage-declines-from-80-percent-in-2014-to-under-8-percent-today/ DNSSEC Is Getting Better But Still Struggeling http://www.theregister.co.uk/2018/02/28/dutch_name_authority_dnssec_validation_errors_can_be_eliminated/ Smart TV Firmware Flaws https://www.av-comparatives.org/wp-content/uploads/2018/02/avc_sigma_medion_201802.pdf

Memcached Servers Used in Reflective DDoS Attacks https://isc.sans.edu/forums/diary/Why+we+Dont+Deserve+the+Internet+Memcached+Reflected+DDoS+Attacks/23389/ Malspam Pushing Formbook Info Stealer https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/ Various SAML Parsers Affected by Comment Parsing Vulnerability https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations

Enumerating S3 Buckets https://github.com/jordanpotti/AWSBucketDump Creating AWS Network Diagrams https://github.com/duo-labs/cloudmapper Selling Macs and "Find my Mac" Feature https://medium.com/@mulligan/how-i-sold-an-old-mac-and-unknowingly-tracked-its-location-for-over-3-years-9a35cd3ca4cf Apple Stopping Support for 1st Gen Apple TV and iTunes on Windows XP / Vista https://support.apple.com/en-us/HT208104

Retrieving Malware Over Tor On Windows (Update) https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor+on+Windows/23379/ Blackholing Advertising Sites with Pi-Hole https://isc.sans.edu/forums/diary/Blackhole+Advertising+Sites+with+Pihole/23377/ Taxslayer Consent Degree with FTC https://biglawbusiness.com/cybersecurity-enforcers-wake-up-to-unauthorized-computer-access-via-credential-stuffing/ Fortinet (OMG) Mirai https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy-servers.html

Adobe Flash 0-Day https://isc.sans.edu/forums/diary/Adobe+Flash+0Day+Used+Against+South+Korean+Targets/23301/ Adaptive Phishing Kit https://isc.sans.edu/forums/diary/Adaptive+Phishing+Kit/23299/ Crypto Miners "Payload of Choice" http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html Autosploit Links Shodan to Metasploit https://github.com/NullArray/AutoSploit

Tax Phishing Season Starts https://isc.sans.edu/forums/diary/Tax+Phishing+Time/23295/ Using FLIR In Incident Response https://isc.sans.edu/forums/diary/Using+FLIR+in+Incident+Response/23291/ Oracle MICROS POS Vulnerability https://erpscan.com/press-center/blog/oracle-micros-pos-breached/

DCShadow Attack https://www.dropbox.com/s/baypdb6glmvp0j9/Buehat%20IL%20v2.3.pdf https://blog.alsid.eu/dcshadow-explained-4510f52fc19d Cisco WebVPN Update https://isc.sans.edu/forums/diary/Cisco+ASA+WebVPN+Vulnerability/23289/ Reviving DDE Code Execution via OneNote https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee

Lenovo Fingerprint Mananger Pro Vulnerability https://support.lenovo.com/us/en/product_security/len-15999 ClamAV Vulnerablities http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html https://blog.malwarebytes.com/malwarebytes-news/2018/01/important-web-blocking-ram-usage/ Malwarebytes Corrupted Update https://www.malwarebytes.com/pdf/WebProtectionFP.pdf Cisco Adaptive Security Appliance Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1 Web2Top Proxy onion.tor Appears to Steal Ransomware Payments https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransomware-bitcoin-payments-onion-domains