Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

More Malspam Pushing Emotet Malware https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/ Google Chrome To Block Some Third Party Software Mid-2018 https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html European Union Funds VLC Bug Bounty https://joinup.ec.europa.eu/news/hackerone-vlc STI Student Scott Perry: Virtual System Forensics http://www.sans.org/reading-room/whitepapers/bestprac/exploring-effectiveness-approaches-discovering-acquiring-virtualized-servers-esxi-38155

Apple Releases Security Update 2017-001 To Fix Passwordless Root Bug https://support.apple.com/en-us/HT208315 Insecure Android Crypto Currency Wallets https://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html Coinhive Miner Now As Pop-Under https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/ Fileless Malicious PowerShell Sample https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/ .dev TLD Now Requires HTTPS in Chrome http://www.theregister.co.uk/2017/11/29/google_dev_network/

Password Less Root Account Allows for Trivial Privilege Escalation on MacOS High Sierra https://twitter.com/lemiorhan/status/935578694541770752 https://support.apple.com/en-us/HT204012 Defeating Facial Recognition https://arxiv.org/abs/1711.09001 Bitcoin Gold Wallet App Compromise https://bitcoingold.org/critical-warning-nov-26/ Project Exodus Identified Trackers in Android Apps https://reports.exodus-privacy.eu.org/reports/apps/

Golden SAML Ticket Attack https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/ Facebook Poll Image Vulnerability https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html

Critical Exim Mail Server Vulnerability (Exploit released!) https://bugs.exim.org/show_bug.cgi?id=2199 CoinPouch "Verge" Token Loss http://www.documentcloud.org/documents/4309909-StatementonVerge-11-21-17.html Bitcoin Routing Attacks https://btc-hijack.ethz.ch Scanning Ethereum Smart Contracts For Vulnerabilities https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df Fortiweb Manager Vulnerability https://fortiguard.com/psirt/FG-IR-17-248

Ethereum JSON-RPC Scans https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/ Updated OWASP Top 10 Released https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf TPLink Often Provides Outdated Firmware Version For Download https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads

Intel Patches Several Vulnerabilities in its Management Engine https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr Sandsifter CPU Fuzzer https://github.com/xoreaxeaxeax/sandsifter/ Android MediaProjection API Allows For Screen Capture / Audio Recording Without User Consent https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-MediaProjection-tapjacking-advisory-2017-11-13.pdf BusyBox Autocompletion Vulnerability https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/

Bitcoin Pickpockets Scanning For Wallets https://isc.sans.edu/forums/diary/BTC+Pickpockets/23052/ Resume-themed Malspam Pushing Smoker Loader https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/ F5-BigIP TLS Vulnerability https://support.f5.com/csp/article/K21905460 Microsoft Updates Patches / May Have Lost Sourcecode https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html http://borncity.com/win/2017/11/17/microsoft-confirms-epson-dot-matrix-printer-issue-after-november-2017-patchday-here-are-fixes/ Windows 8 And Later Fail To Apply ASLR Correctly https://www.kb.cert.org/vuls/id/817544 StartCom TLS Certificate Authority Shutting Down http://www.zdnet.com/article/startcom-to-shut-down-all-certificates-revoked-in-2020/

A Domain Dashboard For Splunk https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/ Oracle Critical PeopleSoft Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW GitHub Introducing Security Alerts for Dependencies https://github.com/blog/2470-introducing-security-alerts-on-github Exposing IP Addresses For Hidden Services http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001

Malicious Document Turns Off Word Macro Protections https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/ Blueborne Affects Amazon Echo and Google Home Devices (now patched) http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf More Malicious Apps In Google's Play Store https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/ OnePlus Phones Found With Preinstalled Debug App https://twitter.com/fs0c131y https://twitter.com/__Tux/status/754085708843786240

Microsoft Patch Tuesday Updates https://helpx.adobe.com/security.html Adobe Patches https://helpx.adobe.com/security.html Abusing Anti-Virus Quarantine Folders for Priv. Escalation https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/

FaceID Beaten By Mask http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure Various URL Validation and HTTP Request Libraries Allow SSRF https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf Using Heart Rythm As Biometric ID http://www.buffalo.edu/news/releases/2017/09/034.html

Auditing TLS Root Certificates on Windows https://isc.sans.edu/forums/diary/Keep+An+Eye+on+your+Root+Certificates/23030/ How Google Accounts Are Hijacked https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html Battling E-Mail Phishing https://isc.sans.edu/forums/diary/Battling+email+phishing/23028/ Hacking Airplanes http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/

Twilio Credentials Found in Mobile Apps (requires registration) http://info.appthority.com/-q4-2017-mtr-download-eavesdropper Drive By Cryto Currency Mining Keeps Increasing https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf Intel's Management Engine Firmware Decoded https://twitter.com/h0t_max https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/

Mantistek Gaming Keyboard Cloud Driver Exfiltrates Keystroke Data https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html Logitech Will Discontinue Harmony Link Device and Brick it via Firmware Update in March 2018 https://www.theverge.com/circuitbreaker/2017/11/8/16623076/logitech-harmony-link-discontinued-bricked Amazon Is Introducing Additional Security Features for S3 https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/

Interesting RTF Maldoc VBA Dropper https://isc.sans.edu/forums/diary/Interesting+VBA+Dropper/23016/ Multiple Linux USB Flaws Made Public http://www.openwall.com/lists/oss-security/2017/11/06/8 Google Android November Patches https://source.android.com/security/bulletin/2017-11-01#media-framework Ethereum Multi Signature Wallet Bug Cause Loss of $280 Million https://paritytech.io/blog/security-alert.html https://github.com/paritytech/parity/issues/6995

Fake WhatsApp App in Google Play Store https://www.reddit.com/r/Android/comments/7ahujw/psa_two_different_developers_under_the_same_name/ Crunchyroll.com Redirect Leads to Malware https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155 https://bartblaze.blogspot.com.au/2017/11/crunchyroll-hack-delivers-malware.html Recovering Previously Encrypted iOS Backups https://www.gillware.com/forensics/blog/digital-forensics-case-study/new-solution-encrypted-backups/

PDF Parser for URLs and Text Content of PDFs https://isc.sans.edu/forums/diary/Extracting+the+text+from+PDF+documents/23008/ https://isc.sans.edu/forums/diary/PDF+documents+URLs/23006/ Mobile Pwn2Own Contest 2017 https://www.zerodayinitiative.com/blog OpenSSL Patch https://www.openssl.org/news/secadv/20171102.txt IEEE P1735 Standard Leads to Weak Crypto https://eprint.iacr.org/2017/828.pdf

Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf Half of Most Popular Free iOS Apps do not use TLS correctly http://www.zeit.de/digital/datenschutz/2017-10/iphone-ios-apps-hacker-verschluesselung/komplettansicht#comments Image Downloader Chrome Extension Includes Adware https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/ Employees Pay Up Ransomware https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/

Configuring SSH Properly on Cisco IOS https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/ Ethereum Miners Hijacked via Default SSH Credentials https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/ Crypto Shuffler Steals Bitcoin From Clipboard https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/ Google Calender Event Injection Added To Mail Snipper https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/ November Ouch! Newsletter released: Shopping Security Online https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017