Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Takeover of .io TLD https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/ Malwarebytes Quarterly Malware Report https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf OpenBSD Introducing KARL To Randomize Kernel Layout at Boot https://marc.info/?l=openbsd-tech&m=149732026405941&w=2

More DDoS Ransom Demands https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Adversary Hunting With SOF-ELK https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Petya Master Key Published https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F Template Attacks Against Critical Infrastructure http://blog.talosintelligence.com/2017/07/template-injection.html

Finding Odd Domain Names https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/ BitTorrent Sync 2.0 Log Files https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/ Cisco Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2 Finding Weak Password Hashing Algorithms Via Hash Collisions https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/ BIND TSIG Exploit http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf

AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf Microsoft Will Prompt Users to Update Windows 10 https://support.microsoft.com/en-us/help/4023814 Bithumb Bitcoin Exchange Hacked (Article in Korean) http://bithumb.cafe/archives/7329 Turkish Airlines and Emirates Remove Laptop Ban http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/ Ukrainian Authorities Raid MeDoc (Article in Ukrainian) https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/

Microsoft Patches Skype Vulnerability https://www.vulnerability-lab.com/get_content.php?id=2071 SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug) https://github.com/systemd/systemd/issues/6237 Cisco Fixes SNMP Vulnerability in IOS and IOS XE https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp Smartphones Can Be Compromised with shady replacement parts https://iss.oy.ne.ro/Shattered Siemens Fixes Intel AMT Bug https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf Update For libgcrypt https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev

Catching up With Blank Slate https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/ Azure AD Connect Vulnerability https://technet.microsoft.com/library/security/4033453.aspx#ID0EN Exploit Available For Stack Clash Vulnerability https://www.qualys.com/research/security-advisories/ Paul Herschberger: Data Breach Impact Estimation https://www.sans.org/reading-room/whitepapers/dlp/data-breach-impact-estimation-37502

Petya Ransomware Update https://isc.sans.edu/forums/diary/Petya+I+hardly+know+ya+an+ISC+update+on+the+20170627+ransomware+outbreak/22566/ Ubuntu systemd Vulnerability https://www.ubuntu.com/usn/usn-3341-1/ Microsoft Will Include EMET in Windows 10 https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/ BGB Attacks Against Bitcoin https://blog.acolyer.org/2017/06/27/hijacking-bitcoin-routing-attacks-on-cryptocurrencies/

Petya/Goldeneye Variant Makes the Rounds https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/

Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1) https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Part+1/22554/ Ransomware Payment Spurres More DDoS Ransomware Attacks https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/ Speed Trap Cameras in Australia Infected with WannaCrypt http://www.camerassavelives.vic.gov.au/utility/latest+news/investigation+underway+into+cameras+affected+by+software+virus More Vulnerablities in Windows Defender https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 npm Developer Accounts Reset After Password Reuse Discovery https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md

Fake DDoS Extortions Continue https://isc.sans.edu/forums/diary/Fake+DDoS+Extortions+Continue+Please+Forward+Us+Any+Threats+You+Have+Received/22550/ Traveling with a Laptop https://isc.sans.edu/forums/diary/Traveling+with+a+Laptop+Surviving+a+Laptop+Ban+How+to+Let+Go+of+Precious/22462/ Side Channel Attacks on the Cheap https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf Latest Locky Variant Hunting Down Windows XP Users http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html Windows Beta Builts and Source Code Leaked http://www.theregister.co.uk/2017/06/23/windows_10_leak/

Obfuscating Without XOR https://isc.sans.edu/forums/diary/Obfuscating+without+XOR/22544/ Airbnb OAUTH Token Theft https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/ Critical Drupal Vulnerablity https://www.drupal.org/SA-CORE-2017-003 Auditing Docker Containers https://www.sans.org/reading-room/whitepapers/auditing/checklist-audit-docker-containers-37437

New Vulnerabilities Found in OpenVPN https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/ RAR Unpack Vulnerability Affects BitDefender https://bugs.chromium.org/p/project-zero/issues/detail?id=1278&desc=6 Honda Plant Shuts Down Over Wannacry https://www.bleepingcomputer.com/news/security/one-month-later-wannacry-ransomware-is-still-shutting-down-factories/

Cisco Ships Private Key For drmlocal.cisco.com With Video Player https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/T6emeoE-lCU Windows Error Reporting: DFIR Benefits and Privacy Concerns https://isc.sans.edu/forums/diary/Windows+Error+Reporting+DFIR+Benefits+and+Privacy+Concerns/22536/ Deteting Memory Curruption in glibc https://github.com/DhavalKapil/libdheap Let's Encrypt ACME Protocol To Become IETF Standard https://tools.ietf.org/html/draft-ietf-acme-acme-06 Microsoft Publishes Analysis of NSA Exploits https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/

Stack Clash Vulnerability Affects Various Unix Based Operating Systems https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Separation Of Duties / Malicious Administrators https://isc.sans.edu/forums/diary/As+Your+Admin+Walks+Out+the+Door/22530/ Progress in Sattelite Based Quantum Cryptography https://www.wired.com/story/chinese-satellite-relays-a-quantum-signal-between-cities/ https://www.helpnetsecurity.com/2017/06/19/extremely-secure-data-encryption/ Women Connect Event Minneapolis: https://www.sans.org/event/minneapolis-2017/bonus-sessions/12162

Uptick in Port 83 Traffic https://isc.sans.edu/forums/diary/What+is+going+on+with+Port+83/22524/ WINS DoS Vulnerability will not be fixed by Microsoft https://blog.fortinet.com/2017/06/14/wins-server-remote-memory-corruption-vulnerability-in-microsoft-windows-server Microsoft to Release Patch to Turn off SMB1 https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-smbv1-in-windows-starting-this-fall/ UK Hacker Stole Personell Data For US Military Sattelite Network https://public-newsroom-nca-01.azurewebsites.net/news/hacker-stole-satellite-data-from-us-department-of-defence Sophos Web Appliance Will Now Update via https https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-2---security-and-defect-fix-rollup

WikiLeaks Releases Documents About Cherry Blossom Wifi Hacking Toolkit https://wikileaks.org/vault7/#Cherry%20Blossom More DVR Vulnerabilities https://www.pentestpartners.com/security-blog/what-did-mirai-miss-making-a-better-bigger-botnet/ More Microsoft Windows Defender Vulnerabilities http://www.theregister.co.uk/2017/06/15/microsoft_how_about_sandboxing_windows_defenders_engine/ Decryption Utility For Jaff Crypto Ransomware https://noransom.kaspersky.com Preston Ackerman: Two Factor Authentication by Home End-Users https://www.sans.org/reading-room/whitepapers/authentication/impediments-adoption-two-factor-authentication-home-end-users-37607

Systemd Odd Defaults https://isc.sans.edu/forums/diary/Systemd+Could+Fallback+to+Google+DNS/22516/ Voice over LTE Vulnerabilities https://www.sstic.org/media/SSTIC2017/SSTIC-actes/remote_geolocation_and_tracing_of_subscribers_usin/SSTIC2017-Article-remote_geolocation_and_tracing_of_subscribers_using_4g_volte_android_phone-le-moal_ventuzelo_coudray.pdf Tails 3.0 Released https://tails.boum.org/install/download/index.en.html Nexus 9 Headphone Jack Vulnerability https://alephsecurity.com/2017/06/13/nexus9-ephemeral-fiq/

MSFT June Patchday Fixes Remaining Known NSA Vulnerabilities https://isc.sans.edu/forums/diary/Microsoft+and+Adobe+June+2017+Patch+Tuesday+Two+Exploited+Vulnerabilities+Patched/22512/ North Korea Building DDoS Botnet https://www.us-cert.gov/ncas/alerts/TA17-164A

Industropyer / CrashOverride Malware Analysis From Power System Attacks https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/ https://dragos.com/blog/crashoverride/CrashOverride-01.pdf MacSpy Spyware As A Service For Macs http://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service VolUtility Memory Analysis Made Easy https://isc.sans.edu/forums/diary/An+Introduction+to+VolUtility/22508/ Google News Abused For Spam http://www.theregister.co.uk/2017/06/12/googles_news_algorithm_serves_up_penis_pills_for_all/

SAMBA Vulnerability Exploited To Install Bitcoin Miners https://securelist.com/78674/sambacry-is-coming/ Intel's AMT Technology Used For Covert Channel https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/ Broadcom Vulnerablities to be Announced https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets Release Lag In National Vulnerablity Database https://www.recordedfuture.com/vulnerability-disclosure-delay/