Corporate IoT Used in Intrusion https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/ New Spectre Variant: SWAPGS https://www.bitdefender.com/business/swapgs-attack.html New WPA3 Weaknesses https://wpa3.mathyvanhoef.com/#new
Sexploitation E-Mail: Where did the winnings go https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+The+Final+Chapter/25204/ VMWare Update https://www.vmware.com/security/advisories/VMSA-2019-0012.html Android Update Fixes Qualcom Bug https://source.android.com/security/bulletin/2019-08-01.html https://blade.tencent.com/en/advisories/qualpwn/
Misconfigured JIRA Leaks User Details https://medium.com/@logicbomb_1/one-misconfig-jira-to-leak-them-all-including-nasa-and-hundreds-of-fortune-500-companies-a70957ef03c7 Google, Amazon, Apple modify policy on listening in on Assistant Recordings https://datenschutz-hamburg.de/assets/pdf/2019-08-01_press-release-Google_Assistant.pdf https://www.bloomberg.com/news/articles/2019-08-02/amazon-gives-option-to-disable-human-review-of-alexa-recordings https://www.theverge.com/2019/8/2/20751270/apple-stops-contractors-siri-voice-recordings-privacy-opt-out https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/ NVidia Updates https://nvidia.custhelp.com/app/answers/detail/a_id/4841/kw/Security%20Bulletin Detecting Incognito Mode in Google Chrome 76 https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/
What Is Listening On Port 9527/TCP https://isc.sans.edu/forums/diary/What+is+Listening+On+Port+9527TCP/25194/ PowerShell Empire Abandonded https://github.com/EmpireProject/Empire https://twitter.com/xorrior/status/1156626182978383874 Cryptomining via GitHub/PasteBin C&C https://unit42.paloaltonetworks.com/rockein-the-netflow/
Phishing Attack Targeting Financial Sector https://isc.sans.edu/forums/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry+Fire3+Phishing+Kit/25188/ Enterprise Software Phoneing Home https://www.extrahop.com/company/press-releases/2019/extrahop-issues-warning-about-phoning-home/ Google Stripping www and https again https://bugs.chromium.org/p/chromium/issues/detail?id=883038#c114 Bypassing VISA Contactless Limits https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/
Luno Phishing E-Mail and Badly Implemented 2FA https://isc.sans.edu/forums/diary/Can+You+Spell+2FA+A+Luno+Phish+Example/25186/ Google Chrome Update https://w3c.github.io/webappsec-fetch-metadata/ https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html Apple Re-Releases 2019-004 Security Update for Sierra/High Sierra https://support.apple.com/en-us/HT210348 Disabling Server Side Recording of Apple Siri Commands https://github.com/jankais3r/Siri-NoLoggingPLS
When Users Attack: Users and Admins Thwarting Security Controls https://isc.sans.edu/forums/diary/When+Users+Attack+Users+and+Admins+Thwarting+Security+Controls/25170/ Immunity's Canvas Now Includes BlueKeep Exploit https://twitter.com/Immunityinc/status/1153752470130221057 Johannesburg Power Outages Due To Ransomware https://twitter.com/CityofJoburgZA https://www.theregister.co.uk/2019/07/25/johannesburg_ransomware_infection/ Darkmatter Intermediate Certificate Trust Removed From Google Chrome https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/7-oKhDBLetQ
VLC not Vulnerable to libebml Vulnerablity https://threader.app/thread/1153963312981389312 Cryptominer With BlueKeep Scanner https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/ Elasticsearch Vulnerabilities used to install DDoS Bot https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/ May People Be Considered As IOC? https://isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/
@MrEricAlmighty & @PhilTheFilipino are excited to bring you a very in depth review of the live action/CGI animated version of the beloved classic - The Lion King! We start with a spoiler free review by discussing our likes & dislikes (02:00 - 15:30), give our final thoughts and score for Read More
Analysis of DNS TXT Records https://isc.sans.edu/forums/diary/Analyzis+of+DNS+TXT+Records/25142/ Evil Gnome Linux Malware https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/ New American Express Phishing Attacks https://cofense.com/phishing-attacker-takes-american-express-victims-credentials/
