Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Analyzing a Word Document Used in a Pentest https://isc.sans.edu/forums/diary/Is+this+a+pentest/23283/ Analyzing BITS Activity https://isc.sans.edu/forums/diary/Investigating+Microsoft+BITS+Activity/23281/ CryptoJacking on YouTube due to Malicious Ads https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/ Coincheck Hack Nets 400M USD https://coincheck.com/en/blog/4673 PHPBB Mirror Compromissed https://www.phpbb.com/community/viewtopic.php?f=14&t=2456896 Microsoft Disables Sepctre Variant 2 Patches https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2

Ransomware As a Service https://isc.sans.edu/forums/diary/Ransomware+as+a+Service/23277/ libcurl Vulnerability http://seclists.org/oss-sec/2018/q1/94 Hide 'N Seek IoT Botnet https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/ Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments https://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245

RTF Files For Hancitor Utilize Exploit for CVE-2017-11882 https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/ Electron Fixes Protocol Handlers Flaw https://electronjs.org/blog/protocol-handler-fix Xerox Workcenters Fudge Numbers http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning? Tracking Users Using CSS https://github.com/jbtronics/CrookedStyleSheets

Apple Patches Everything, Again https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23269/ OpenSSL Introduces its Version of a "Patch Tuesday" https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ "Rapid" Ransomware https://id-ransomware.blogspot.ru/2018/01/rapid-ransomware.html (Russian) https://www.bleepingcomputer.com/forums/t/667032/rapid-ransomware-rapid-paymeme-how-recovery-filestxt-support-topic/page-2

HTTPs on Every Port https://isc.sans.edu/forums/diary/HTTPS+on+every+port/23261/ Curl over TOR https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor/23257/ Spectre/Meltdown Microcode Patch Problems https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/ https://lkml.org/lkml/2018/1/21/192 DNS Rebinding Attacks Against Geth https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/ Chinese Quantum Cryptography Satellite Link Transmits Intercontinental Videolink https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.120.030501

Analyzing an RTF Phishing Document https://isc.sans.edu/forums/diary/An+RTF+phish/23255/ Satori Variant Steals ETH from Miners http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by-replacing-wallet-address-en/ Evrial Trojan Modifies Copy / Pasted Bitcoin Addresses https://twitter.com/malwrhunterteam/status/953313514629853184 Legal Challenges of Bug Bounties https://www.heise.de/security/meldung/US-Bug-Bountys-lassen-gute-Hacker-in-die-Falle-tappen-3946508.html

Oracle E-Business Suite Server Can Be Attackt via WebLogic https://www.onapsis.com/blog/oracle-january-cpu-analysis-64-patches-affect-business-critical-applications Microsoft Resumes Patches for AMD Systems https://www.amd.com/en/corporate/speculative-execution Speculations About Yet Another CPU Attack https://skyfallattack.com Smiths Medfusion 4000 Vulnerabilities https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md#summary

Reviewing the Spam Filters: Malspam Pushing Gozi-ISFB https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245/ Auditing Secure USB Keys https://www.j-michel.org/blog/2018/01/16/attacking-secure-usb-keys-behind-the-scene Malicious Open Graph title Tag Crashes iMessage https://www.macrumors.com/2018/01/16/malicious-link-ios-mac-freezes/ BIND Fixes DoS Vulnerablity https://kb.isc.org/article/AA-01542

WebLogic Flaw Used to Install Monero Crypto Coin Miner https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/ Fake Anti-Virus Pages Poppding Up Like Weeds https://isc.sans.edu/forums/diary/Fake+antivirus+pages+popping+up+like+weeds/23207/ Apple Spectre/Meltdown Patches https://support.apple.com/en-us/HT201222 Meltdown Patch Fallout https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43600/?l=en_US&fs=Search&pn=1&atype= https://forums.sandboxie.com/phpBB3/viewtopic.php?t=25114 https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software WPA3 Announced https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements

Campaign is using a recently released WebLogic exploit to deploy a Monero miner https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/ Misc News about Meltdown and Spectre https://www.qualcomm.com/company/product-security/bulletins AMD Processor Flaw http://seclists.org/fulldisclosure/2018/Jan/12 Western Digital MyCloud Backdoor http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125

SANS Special Webcast https://www.sans.org/webcast/recording/citrix/106815/138095 ISC Diary with Links to Patches https://isc.sans.edu/forums/diary/Spectre+and+Meltdown+What+You+Need+to+Know+Right+Now/23193/

Intel CPU Vulnerablity https://meltdownattack.com Crypto Coin Mining Pool IP List https://isc.sans.edu/api/threatlist/miner Phishing to Rural America Leads to Six-figure Wire Fraud Losses https://isc.sans.edu/forums/diary/Phishing+to+Rural+America+Leads+to+Sixfigure+Wire+Fraud+Losses/23185/

Extracting URLs From PDFs https://isc.sans.edu/forums/diary/PDF+documents+URLs+update/23167/ Priviledge Escalation Exploit for macOS https://siguza.github.io/IOHIDeous/ 34C3: Chaos Communications Congress https://media.ccc.de/c/34c3 Vulnerabilities in Online Geolocation Services https://0x0.li/trackmageddon/

Analyzing TNEF Files https://isc.sans.edu/forums/diary/Analyzing+TNEF+files/23175/ Obfuscated RTF Files https://isc.sans.edu/forums/diary/Dealing+with+obfuscated+RTF+files/23169/ 2017 Flood of CVEs https://isc.sans.edu/forums/diary/2017+The+Flood+of+CVEs/23173/ Sonos/Bose Smart Speaker Flaws https://documents.trendmicro.com/assets/pdf/The-Sound-of-a-Targeted-Attack.pdf Web Trackers Exploit Login Managers https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ Backdoored Wordpress Plugins https://www.bleepingcomputer.com/news/security/three-more-wordpress-plugins-found-hiding-a-backdoor/

Critical Flaw in SMBv1 Implementation of Dell EMC Data Domain DD OS http://seclists.org/fulldisclosure/2017/Dec/79 Facebook Enables Feature To Review All E-Mails Sent By Facebook https://www.facebook.com/notes/facebook-security/new-security-feature-reveals-if-facebook-mails-are-legit/10154983636230766/ EtherDelta DNS Attack https://twitter.com/etherdelta Enigmail Vulnerability https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf

Kernel Hooking Basics https://isc.sans.edu/forums/diary/Guest+Diary+Etay+Nir+Kernel+Hooking+Basics/23155/ Intel Memory Encryption https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=33e63acc119d15c2fac3e3775f32d1ce7a01021b WordPress Sites Infected with Monero Miners https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-attack/

Example of "MouseOver" Link in a Powerpoint File https://isc.sans.edu/forums/diary/Example+of+MouseOver+Link+in+a+Powerpoint+File/23149/ Adups Malware Still Haunting Android Phones https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/ Popular Wordpress Captcha Included Backdoor https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/ Comparing DNS Filters https://medium.com/@nykolas.z/dns-security-filters-compared-quad9-x-opendns-x-comodo-secure-x-norton-connectsafe-x-yandex-safe-a00ace3bf21f

Not So Malicious Word Doc https://isc.sans.edu/forums/diary/Phish+or+scam+Part+1/23141/ https://isc.sans.edu/forums/diary/Phish+or+scam+Part+2/23145/ AMF Descerializer Vulnerability http://codewhitesec.blogspot.com/2017/04/amf.html?m=1 Windows "Keeper" Password Manager Vulnerable https://bugs.chromium.org/p/project-zero/issues/detail?id=1481&desc=3 Android Malware Destroys Device https://securelist.com/jack-of-all-trades/83470/

Microsoft Office VBA Macro Obfuscation via Metadata https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/ Large Scale BGP Attack https://bgpmon.net/popular-destinations-rerouted-to-russia/ HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html

Citizen Lab Security Planner https://securityplanner.org/ Apple Update to iOS/tvOS/iCloud (Windows) https://support.apple.com/en-us/HT201222 Fortinet Client Credentials Shared Key https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html Fox-It Victim of a Man-in-the-Middle Attack https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/