Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Malicious Powershell Code https://isc.sans.edu/forums/diary/Some+Powershell+Malicious+Code/22988/ Apple Updates Everything https://support.apple.com/en-gb/HT201222 Internet Draft To Update IoT Devices https://tools.ietf.org/html/draft-moran-suit-architecture-00

Google Chrome Moving Away from HTTPS Public Key Pinning (HPKP) https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ Effort To Remove Trust From Dutch CA Over New Intercept Law https://bugzilla.mozilla.org/show_bug.cgi?id=1408647 Crypto Coin Mining Feature Found in Google App Store Downloads http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/

Critical New Oracle Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html CatchAll Google Chrome Plugins https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/ ACE Files Used For Malware https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/

Results of Kaspersky's Internal Investigation https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/ Infineon Bug Testing Tool https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc Micropatch Available for "DDE Vulnerability" https://0patch.blogspot.com/2017/10/0patching-office-dde-ddeauto.html Finding Cryptocurrency Miners https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157

Coinhive Domain Compromise https://coinhive.com/blog/dns-breach Dell Loses Control of Backup and Recovery Cloud Storage Domain https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267 Google ReCaptcha Broken https://github.com/ecthros/uncaptcha Users in Iran Targeted by Cryptoransomware Masquerading as VPN https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/ Crypto Currency Phishing https://www.dearbytes.com/blog/cryptocurrency-phishing/

Stop Relying on File Extensions https://isc.sans.edu/forums/diary/Stop+relying+on+file+extensions/22962/ BadRabbit New Ransomware Wave Hitting Russia and Ukraine https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/ https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/ Over 70% Of Web Traffic Now via TLS https://transparencyreport.google.com/https/overview?hl=en Static RNG Seeds in Fortinet Devices https://duhkattack.com

Is a Telco in Brazil Hosing An Epidemic of Open SOCKS Proxies? https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/ Android May Be Adding DNS Over TLS https://www.xda-developers.com https://tools.ietf.org/html/rfc7858 Fake Crypto Currency Trading Applications https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/

IoT "Reaper" Botnet http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/ https://research.checkpoint.com/new-iot-botnet-storm-coming/ Elmedia Player and Folx Infected with Proton Malware https://www.eltima.com/blog/2017/10/elmedia-player-and-folx-malware-threat-neutralized.html Google Expands Bug Bounty To Popular Android Apps https://www.google.com/about/appsecurity/play-rewards/index.html Increased Use of Last Week's Flash Vulnerability https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed

Locky Ransomware Updates https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/ https://isc.sans.edu/forums/diary/HSBCthemed+malspam+uses+ISO+attachments+to+push+Loki+Bot+malware/22942/ Authedmine To Replace Coinhive https://coinhive.com/blog/authedmine Attackers Scan for SSH Keys via Webexploits https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/ Attacking Colocated Virtual Machines with Rowhammer https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/

Baselining Servers to Detect Outliers https://isc.sans.edu/forums/diary/Baselining+Servers+to+Detect+Outliers/22940/ Test Script Available for KRACK Vulnerability https://github.com/vanhoefm/krackattacks-test-ap-ft WaterMiner Distributed With Gaming Mods https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner Microsoft Releases Fall Creators Update https://blogs.windows.com/windowsexperience/2017/10/17/whats-new-windows-10-fall-creators-update/#76CQXoUYxT81RLJi.97

Hancitor Malspam Uses DDE Attack To Spread Banking Malware https://isc.sans.edu/forums/diary/Hancitor+malspam+uses+DDE+attack/22936/ Infineon RSA Key Generation Weakness https://crocs.fi.muni.cz/public/papers/rsa_ccs17 Chrome Improving Security https://www.blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/

WPA2 "Krack" Attack https://www.krackattacks.com/ https://securingthehuman.sans.org/blog/2017/10/16/28748/ Adobe Flash Player Update https://helpx.adobe.com/security/products/flash-player/apsb17-32.html Two (identical) uTorrent Binaries With Different Hashes https://isc.sans.edu/forums/diary/Its+in+the+signature/22928/

Peeking Into an Outlook .msg File https://isc.sans.edu/forums/diary/Peeking+into+msg+files/22926/ Abandoned Domains / Equifax/Transunion Lead to Fake Falsh Update https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/ Microsoft Patch Causes Corrupted Systems https://support.microsoft.com/en-us/help/4049094 DoubleLocker Android Ransomware https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/ Chrome Extension Mines Crypto Currency https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/

Version Control Tools Are Not Only For Developers https://isc.sans.edu/forums/diary/Version+control+tools+arent+only+for+Developers/22922/ Coin Hive Javascript Crypto Currency Miner Found on Piratebay https://twitter.com/esterling_/status/918240914623090695 https://crypto-loot.com Macro-less Code Exec in MSWord Rediscovered https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/ https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/ Hard Disks Can Be Used As Microphones https://github.com/ortegaalfredo/kscope/blob/master/doc/HDD-microphones.pdf

Outlook Includes plain text version of e-mail with S/MIME Encryption https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html RubyGems Remote Code Execution Vulnerability http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html Google Home Mini Recorded Everything http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/ Cameradar Finds Open RTSP Streams https://github.com/EtixLabs/cameradar

Microsoft Monthly Updates https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/ Spoofed iOS iCloud Login https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking

Base64 Encoded Word Documents https://isc.sans.edu/forums/diary/Base64+All+The+Things/22912/ Skimmer Scanner Helps Find Credit Card Skimmers https://github.com/sparkfunX/Skimmer_Scanner TLS 1.3 Remains "On Hold" https://www.ietf.org/mail-archive/web/tls/current/msg24517.html FIDO U2F Key Review / Test https://www.imperialviolet.org/2017/10/08/securitykeytest.html

Payment Handler API https://w3c.github.io/payment-handler/ https://blog.lukaszolejnik.com/privacy-of-web-request-api/ OpenSSH Version 7.6 Released http://www.openssh.com/txt/release-7.6 Microsoft Delaying Some Patches for Earlier Windows Versions https://googleprojectzero.blogspot.sg/2017/10/using-binary-diffing-to-discover.html The Dangers of Cables https://isc.sans.edu/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/

Extract HTTP Requests from PCAPs and Turn Them Into cURL Commands https://isc.sans.edu/forums/diary/pcap2curl+Turning+a+pcap+file+into+a+set+of+cURL+commands+for+replay/22900/ Apple Patches Embarrasing MacOS High Sierra Flaw https://www.appleworld.today/blog/2017/10/5/macos-high-sierra-flaw-exposes-passwords-of-encrypted-apfs-volumes Another Tomcat PUT Vulnerability https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E Dallas Haselhorst: HL7 Healthcare Protocol https://www.sans.org/reading-room/whitepapers/hipaa/hl7-data-interfaces-medical-environments-understanding-fundamental-flaw-healthcare-38005 https://www.sans.org/reading-room/whitepapers/vpns/hl7-data-interfaces-medical-environments-attacking-defending-achilles-heel-healthcare-38010 https://www.tripwire.com/state-of-security/security-data-protection/hl7-data-interfaces-in-medical-environments/

Cyber Security Awareness Month: Ouch! Newsletter https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201710_en.pdf Modified Rowhammer Attack Bypasses Current Defenses https://arxiv.org/pdf/1710.00551.pdf Metasploit Modules For VMWare Escape https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor