Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

A Look Back At Nira and What's Next https://isc.sans.edu/forums/diary/The+Mirai+Botnet+A+Look+Back+and+Ahead+At+Whats+Next/22786/ New Struts Vulnerability and Patch https://isc.sans.edu/forums/diary/Struts+vulnerability+patch+released+by+apache+patch+now/22788 Mastercard Internet Gateway Service Flaw http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/ Mac OS X High Sierra Insecure Kernel Module Loading https://objective-see.com/blog/blog_0x21.html

Locky Ransom Ware is Back and This Time Pretents to Be a Font https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/ When is a PDF Just a PDF? https://isc.sans.edu/forums/diary/It+is+a+resume+Part+1/22780/ Asterisk Vulnerable to RTPBleed https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleed Arris AT&T Modems With Backdoor https://www.nomotion.net/blog/sharknatto/

Is Remote Work Feasible in a SOC? https://isc.sans.edu/forums/diary/Remote+SOC+Workers+Concerns/22772/ Linux Random Number Generator Reviewed https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5 Adobe Acrobat and Reader Security Patch https://blogs.adobe.com/psirt/?p=1484 Turning Speakers into Microphones https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf

IoT Gear Affected by ConnMan Vulnerablity http://connmando.nri-secure.co.jp/index.html Trickbot Going After Coinbase https://blogs.forcepoint.com/security-labs/trickbot-goes-after-cryptocurrency Pacemakers Need Patch https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm Inaudible Voice Commands https://arxiv.org/pdf/1708.07238.pdf

Another Chrome Extension Banking Malware https://isc.sans.edu/forums/diary/Second+Google+Chrome+Extension+Banker+Malware+in+Two+Weeks/22766/ Vulnerable Docker VM https://www.notsosecure.com/vulnerable-docker-vm/ Large Spam E-Mail and Password List Discovered https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/

Survey of Recent DVR Attacks https://isc.sans.edu/forums/diary/An+Update+On+DVR+Malware+A+DVR+Torture+Chamber/22762/ Disabling Intel ME http://blog.ptsecurity.com/2017/08/disabling-intel-me.html Wire-X Takedown https://blogs.akamai.com/2017/08/the-wirex-botnet-an-example-of-cross-organizational-cooperation.html

Analyzing 7zip Malware https://isc.sans.edu/forums/diary/Malware+analysis+searching+for+dots/22758/ Worldwide DNS Manipulation Survey https://people.eecs.berkeley.edu/~pearce/papers/dns_usenix_2017.pdf Sophos Withdraws UTM Update https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-503-released Crypto Currency Malware https://resources.netskope.com/h/i/361264722-coin-mining-malware-heads-to-the-cloud-with-zminer

Critical HPE iLo Vulnerability http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us Facebook Messenger Spam Leads to Malware https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/ iOS 10.3.1 Kernel Exploit Released https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/ Samsung Bricks Smart TVs With Update https://eu.community.samsung.com/t5/TV-Audio-Video/Samsung-MU-Series-2017-Smart-TV-s-will-do-nothing-after-Samsung/td-p/250277 John Bambenek's DGA Feeds http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt

Malware Loading Avast Safe Zone Browser https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/ Ropemaker E-Mail Content https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf Cloud Based Accounts Increasingly a Target https://www.microsoft.com/en-us/security/intelligence-report More Malware Found At Ukraining Accounting Software Makers https://issp.ua/issp_system_images/UPD_samples_analysis_eng.pdf

Elcomsoft Releases Ability to Retrieve Apple Keychain from iCloud https://www.elcomsoft.com/eppb.html Mapping Rooms With Smart Speakers http://musicattacks.cs.washington.edu/activity-information-leakage.pdf Netcraft Identifies .fish Domain Used For Phishing https://news.netcraft.com/archives/2017/08/21/first-fishy-phishing-sites-sighted.html

Hackers Scam $ 500,000 From Enigma Digital Currency Investors http://www.theregister.co.uk/2017/08/21/enigma_digital_currency_investors_scammed/ Bitcoin Privacy Threats https://arxiv.org/abs/1708.04748 $500 iPhone PIN Brute Forcing Box https://www.youtube.com/watch?v=IXglwbyMydM SyncCrypt Bypasses Antivirus Filters With Images https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/

EngineBox Banking Malware https://isc.sans.edu/forums/diary/EngineBox+Malware+Supports+10+Brazilian+Banks/22736/ It's Not An Invoice https://isc.sans.edu/forums/diary/Its+Not+An+Invoice/22738/ iOS Secure Enclave Key Posted https://www.theiphonewiki.com/wiki/Greensburg_14G60_%28iPhone6,1%29 Vulnerabilities in FoxIT PDF Reader https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader

Maldoc with auto-updated link https://isc.sans.edu/forums/diary/Maldoc+with+autoupdated+link/22730/ Rowhammer is Back: SSD Memory Affected https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf Nathaniel Quist: Active Defense in a Labyrinth of Deception https://www.sans.org/reading-room/whitepapers/ActiveDefense/active-defense-labyrinth-deception-37462

Analysis of a Paypal Phishing Kit https://isc.sans.edu/forums/diary/Analysis+of+a+Paypal+phishing+kit/22726/ ShadowPad Backdoor in NetSarang Equipment https://securelist.com/shadowpad-in-corporate-networks/81432/ Solving Captcha Audio Challenges http://uncaptcha.cs.umd.edu/papers/uncaptcha_woot17.pdf

Malspam Pushing Trickbot Banking Trojan https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/ Banker Google Chrome Extension Targeting Brazil https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/ DJI "Go" App May Be Using JSPatch To Modify Applications After Install https://www.rcgroups.com/forums/showpost.php?p=38096850&postcount=2713 Smartlocks Bricked After Auto-Update http://www.securitysales.com/news/smart-locks-lobotomized-failed-update/

When A Malicious Looking E-Mail Turns Out to be "just" spam https://isc.sans.edu/forums/diary/Sometimes+its+just+SPAM/22716/ Android iOS Intra-Library Collusion https://arxiv.org/abs/1708.03520 SonicSpy: Android Spyware Apps https://blog.lookout.com/sonicspy-spyware-threat-technical-research Checking For Breached Passwords in Active Directory https://jacksonvd.com/checking-for-breached-passwords-in-active-directory/

Outlook Web Access Based Attacks https://isc.sans.edu/forums/diary/Outlook+Web+Access+based+attacks/22710/ The Good Phishing Email https://isc.sans.edu/forums/diary/The+Good+Phishing+Email/22712/ Git/CVS/Mercurial and others: ssh vulnerablity http://blog.recurity-labs.com/2017-08-10/scm-vulns Postgresql Vulnerablities https://bugzilla.redhat.com/show_bug.cgi?id=1477185

Maldoc Analysis With ViperMonkey https://isc.sans.edu/forums/diary/Maldoc+Analysis+with+ViperMonkey/22702/ Microsoft Joins Google/Mozilla in Banishing WoSign and StartCom From Trusted CA List https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/ SMS Touch App Leaking Messages https://www.zscaler.com/blogs/research/mobile-app-wall-shame-sms-touch Mac Adware Mughthesec https://objective-see.com/blog/blog_0x20.html

DirectDefense Accuses Carbon Black of Data Leak https://www.carbonblack.com/2017/08/09/directdefense-incorrectly-asserts-architectural-flaw-in-cb-response/ https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/ Vulnerabilities in Solar Generation https://horusscenario.com Hunting Malicious npm Packages https://duo.com/blog/hunting-malicious-npm-packages

Microsoft Updates https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2017/22694/ Adobe Updates https://helpx.adobe.com/security.html Android Patches https://source.android.com/security/bulletin/2017-08-01 How Are People Fooled By This? Email To Sign a Contract Provides Malware https://isc.sans.edu/forums/diary/How+are+people+fooled+by+this+Email+to+sign+a+contract+provides+malware+instead/22696/