News

Window 10 / 2019 Server Out of Order Patch https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457 MacOS Ransomare Arrives as Fake Little Snitch Software https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/ VPN Privilege Escalation https://0xsha.io/posts/zombievpn-breaking-that-internet-security DNSSEC Phishing Scam https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/

Sysmon 11.10 and ADS Logging https://isc.sans.edu/forums/diary/Sysmon+and+Alternate+Data+Streams/26292/ Paloalto PAN-OS SAML Vulnerability https://security.paloaltonetworks.com/CVE-2020-2021 Cisco Telnet Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html

MacOS 11 Security Changes https://www.sentinelone.com/blog/macos-big-sur-9-big-surprises-for-enterprise-security/ Certificate Lifetime Limited to 1 Year Starting September https://chromium.googlesource.com/chromium/src/+/ae4d6809912f8171b23f6aa43c6a4e8e627de784 https://support.apple.com/en-us/HT211025 https://lists.cabforum.org/pipermail/servercert-wg/2020-June/002000.html

Recordings of the Tech Tuesday Workshop https://isc.sans.edu/forums/diary/Tech+Tuesday+Recap+Recordings+Part+2+Installing+the+Honeypot+release/26280/ https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A Credit Card Skimmers Hide Code in Favicon EXIF Data https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/ GeoVision Scanners Vulnerabilities https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html Docker Images Containing Cryptojacking Malware https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/ SANS.edu Student Karim Lalji: https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640

In Episode 183, Ben and Scott go through some of the recent announcements for network performance recommendations and the general availability of Azure Files AD DS authentication. Transcript Email Download New Tab - [Ben] Welcome to episode 183 of the Microsoft Cloud IT Pro Podcast recorded live on June 12th, Read More

Using Shell Links as zero-touch downloaders and to initiate network connections https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26276/ Chrome Updates Released https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html QNAP Updates for Helpdesk https://www.qnap.com/de-de/security-advisory/qsa-20-03 Magento Update https://helpx.adobe.com/security/products/magento/apsb20-41.html Attacks Against Microsoft Exchange Servers https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/

@MrEricAlmighty is back with another episode on his recurring series "Why you should watch ______ in 10 minutes!". This week we talk about Code Geass: Lelouch of the Rebellion. Find out what the show's strengths are, what it's all about, and why you should find the time to watch it!🔻[*AFFILIATE Read More

Analysis Of Traffic Targeting CyberBunker IP Space https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/ Microsoft Offering Enterprise Security Products for Linux/Android https://techcommunity.microsoft.com/t5/microsoft-defender-atp/announcing-microsoft-defender-atp-for-android/ba-p/1480787 https://techcommunity.microsoft.com/t5/microsoft-defender-atp/microsoft-defender-atp-for-linux-is-now-generally-available/ba-p/1482344 Microsoft Safe Documents https://techcommunity.microsoft.com/t5/microsoft-365-blog/safe-documents-is-generally-available/ba-p/1480401

Comparing Office Documents with WinMerge https://isc.sans.edu/forums/diary/Comparing+Office+Documents+with+WinMerge/26268/ VMWare Tools and Microsoft Office Updates for macOS https://www.vmware.com/security/advisories/VMSA-2020-0014.html https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1225 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1226 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1229 Remote Code Execution Vulnerability in Bitdefender https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/ Google Analytics Used to Exfiltrate Data https://www.perimeterx.com/tech-blog/2020/bypassing-csp-exflitrate-data/

Sigma Rules! The Generic Signature Format for SIEM Systems https://isc.sans.edu/forums/diary/Sigma+rules+The+generic+signature+format+for+SIEM+systems/26258/ Pi Zero Honeypot https://isc.sans.edu/forums/diary/Pi+Zero+HoneyPot/26260/ Ransomware Operators Lurk on Your Network https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/ Discord Modified to Steal Accounts https://www.bleepingcomputer.com/news/security/discord-modified-to-steal-accounts-by-new-nitrohack-malware/

Broken Phishing Accidentially Exploiting Outlook Zero-Day https://isc.sans.edu/forums/diary/Broken+phishing+accidentally+exploiting+Outlook+zeroday/26254/ Webcast: https://www.sans.org/webcasts/sansatmic-catch-release-phishing-techniques-good-guys-115430 Cisco Updates Treck IP Stack: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC All Advisories: https://tools.cisco.com/security/center/publicationListing.x Netgear httpd Firmware Upload Stack-based Buffer Overflow RCE Vulnerability https://blog.grimm-co.com/2020/06/soho-device-exploitation.html Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935

In Episode 182, Ben and Scott sit down with Nills Franssens, a Senior Cloud Solution Architect at Microsoft to talk about his new Kubernetes book, "Hands-On Kubernetes on Azure". Transcript Email Download New Tab - Welcome to Episode 182 of the Microsoft cloud IT Pro Podcast recorded live on June Read More

Odd Protest Spam (Scam?) Targeting Atlanta Police Foundation https://isc.sans.edu/forums/diary/Odd+Protest+Spam+Scam+Targeting+Atlanta+Police+Foundation/26248/ Zoom Publishes End-to-End Encryption Whitepaper https://github.com/zoom/zoom-e2e-whitepaper Linux ACPI Bug Defeats UEFI Secure Boot https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935

@PhilTheFilipino is back with a brand new episode of Amity-Phil Horror. This week he talks about some ghost stories that are right in our backyard, the ghosts of St. Augustine! Join Phil as he talks about some of the most haunted spots in St. Augustine, FL. If you're interested in Read More

Sextortion to the Next Level https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/ TMobile Outage Due to Configuration Error https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/ Vulnerability Analysis of 2500 Docker Hub Images https://arxiv.org/pdf/2006.02932.pdf Track IP Stack Contains Multiple Vulnerabilities https://www.kb.cert.org/vuls/id/257161

HTML Based Phishing Run https://isc.sans.edu/forums/diary/HTML+based+Phishing+Run/26242/ Major T-Mobile Outage (may affect other carriers as well) https://twitter.com/NevilleRay/status/1272650750665953280 https://status.duo.com/incidents/txv7kq6tr0h8 Vulnerabilities in LTE and 5G Networks https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf SANSFIRE Handler Talks Xavier Mertens: https://www.sans.org/webcasts/sansatmic-walk-logs-hell-115420 Bojan Zdrnja: https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerHTML Phishing

Fileless Excel Malware https://isc.sans.edu/forums/diary/Malicious+Excel+Delivering+Fileless+Payload/26232/ Windows Update Issues https://support.microsoft.com/en-us/help/4566779/usb-printer-port-missing-after-disconnecting-printer-while-windows-10 https://answers.microsoft.com/en-us/windows/forum/all/cumulative-updates-june-9th-2020/45a8a7f3-cb89-459e-acf1-32d9de15c099 Privnote.com Phishing https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/ SANS @Mic Talk: ISC Handler Bojan Zdrnja https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerabilities-115425

Hosted by MrEricAlmighty and PhilTheFilipino - listen to our trailer for a sneak peek into what the podcast is about and the type of content we cover. We release episodes every Monday and Wednesday....all you have to do....is WAIT FOR IT!🔻BACKGROUND MUSIC PROVIDED BY: Ocean by KV https://soundcloud.com/kvmusicprod  Free Download Read More

Anti-Debugging JavaScript Techniques https://isc.sans.edu/forums/diary/AntiDebugging+JavaScript+Techniques/26228/ Facebook Messenger Desktop App Vulnerability https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/ Outlook Massmailing Macros https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/ STI Student Research: Dennis Taggard; Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative? Paper: https://www.sans.org/reading-room/whitepapers/cloud/ebb-flow-network-flow-logging-staple-public-cloud-visibility-waning-imperative-39580 Video: https://youtu.be/faoFx7Q3_aM

In Episode 181, Ben and Scott go deeper into Azure Sentinel, discussing considerations for the design and segmentation of your Sentinel workspaces. Transcript Email Download New Tab - [Ben] Welcome to episode 181 of the Microsoft Cloud IT pro podcast recorded live on June 5, 2020. This is a show Read More