News

Critical Patch For WebLogic https://isc.sans.edu/forums/diary/Critical+Actively+Exploited+WebLogic+Flaw+Patched+CVE20192729/25050/ Exim Exploits Against Other Mail Servers https://isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/ SANS Fire Presentations (to be published soon) https://isc.sans.edu/presentations

Critical Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707 Bitdefender Releases GandCrap Decryptor https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/ Google Launches New Deceptive Site Protections in Chrome https://blog.chromium.org/2019/06/new-chrome-protections-from-deception.html

TCP SACK Panic DoS in Linux https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md https://tools.ietf.org/html/rfc879 Logitech Pointer Recall https://www.heise.de/security/meldung/Angreifbare-Logitech-Presenter-Hersteller-tauscht-gefaehrliche-USB-Empfaenger-aus-4423627.html An Infection from the Rig Exploit Kit https://isc.sans.edu/forums/diary/An+infection+from+Rig+exploit+kit/25040/

Whats App Phishing https://www.heise.de/newsticker/meldung/Phishing-Mails-gaukeln-Ende-von-WhatsApp-Abonnement-vor-4447165.html Encrypted EMail Phishing https://www.bleepingcomputer.com/news/security/phishing-scam-asks-you-to-login-to-read-encrypted-message/ Android Apps Link to Fake Sites https://news.drweb.com/show/?i=13313&lng=en&c=5 Precomputed Hash Tables https://a.ndronic.us/pre-computed-hash-table-v-1-0/

Exim Flaw Exploited https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability Yubico Recalling FIPS Certified Yubikeys https://www.yubico.com/support/security-advisories/ysa-2019-02/ Vulnerable Infusion Pumps https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-unauthorized-firmware Telegram DDoS Attack https://twitter.com/telegram/status/1138768124914929664 Ghidra Tips for IDA Users: Function Call Graphs https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+4+function+call+graphs/25032/ Joel Chapman: Security Consideration for Voice over Wifi (VoWifi) Systems https://www.sans.org/reading-room/whitepapers/telephone/paper/38945

Ben and Scott talk about the ability to login to your Linux virtual machines in Azure with Azure AD.

Sandbox Escaper Publishes Additional CVE-2019-0841 Bypass http://archive.is/3toQY http://sandboxescaper.blogspot.com/p/disclosures_8.html Bypassing NTLM Message Signing (CVE-2019-1040) https://blog.preempt.com/drop-the-mic Details About macOS Keysteal Vulnerability https://www.pinauten.de/resources/KeySteal_OBTS_2019.pdf

Microsoft Patches https://isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/ Adobe Patches https://helpx.adobe.com/security.html SAP Security Notes https://www.onapsis.com/blog/sap-patch-notes-june-2019 Intel Updates https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products Microsoft Certificate DoS https://bugs.chromium.org/p/project-zero/issues/detail?id=1804 GPS Receiver Woes https://www.flightglobal.com/news/articles/collins-gps-outage-grounds-regional-flights-458819/ RAMBleed Attack https://www.documentcloud.org/documents/6150180-RamBleed-attack-CVE-2019-0174.html

@PhilTheFilipino is back with an all new PHIL-luminati episode! & he has a VERY special guest with him. Super-star researcher, Erin! Together they tackle some of the inter-webs darkest & wildest cartoon conspiracy theories that are sure to ruin your childhood. Enjoy!Also, be sure to follow us on ALLLLLLL of Read More

Interesting JavaScript Obfuscation Example https://isc.sans.edu/forums/diary/Interesting+JavaScript+Obfuscation+Example/25020/ Spam Taking Advantage of DNS over HTTPS https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/ European Mobile Operator Traffic Leaked to China https://arstechnica.com/information-technology/2019/06/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours/?comments=1 VLC Update Patches Various Security Flaws http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security

Keep An Eye On Your WMI Logs https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+WMI+Logs/25012/ Sysmon DNS Query Logging https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/ Komodo Agama Vulnerability and Breach https://komodoplatform.com/update-agama-vulnerability/ Lessons Learned From Microsoft SOC https://www.microsoft.com/security/blog/2019/06/06/lessons-learned-from-the-microsoft-soc-part-2b-career-paths-and-readiness/

GoldBrute Botnet Brute Forcing RDP https://isc.sans.edu/forums/diary/GoldBrute+Botnet+Brute+Forcing+15+Million+RDP+Servers/25002/ Exim Vulnerability https://isc.sans.edu/forums/diary/Time+is+partially+on+our+side+the+new+Exim+vulnerability/25008/ iOS App Developers Disabling TLS https://www.wandera.com/mobile-security/ios-app-developer-security-shortcuts/

Episode 128 dives into Microsoft Flow, Azure Logic Apps, and Azure Automation. The hosts discuss how you can integrate all of these tools to build rich Office 365 automation solutions.

Android Monthly Update https://source.android.com/security/bulletin/2019-06-01 Google Chrome Updates https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html MacOS Malware Injects Bing Ads https://www.airoav.com/mitm-proxy-a-new-search-hijack-method-on-mojave/ Kubernetes Vulnerability https://github.com/kubernetes/kubernetes/issues/78308 Vulnerabilities in Phihsing Kits https://blogs.akamai.com/sitr/2019/06/identifying-vulnerabilities-in-phishing-kits.html

Vulnerability in Notepad https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/ Vulnerability in vim/neovim https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md RDP Session Hijack Vulnerability https://kb.cert.org/vuls/id/576688/

Bypassing macOS Synthetic Click Protection https://www.wired.com/story/apple-macos-bug-synthetic-clicks/ Intel Microcode Updates for Older Windows 10 Versions https://support.microsoft.com/en-us/help/4494454/kb4494454-intel-microcode-updates Fake AntiVirus Adds in Microsoft Games https://answers.microsoft.com/en-us/windows/forum/all/malvertising-attack-on-microsoft-games/ced7ab87-7e0e-422b-97b7-fbfaed2b68a0 GandGrab Shutting Down https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/

Google Outage https://status.cloud.google.com/incident/compute/19003 Major Vulnerability in Siemens LOGO Controllers https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf Exposing TOR Users Via Cache Poisoning https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/ nginx njs Vulnerability https://github.com/nginx/njs/issues/131

Since Endgame has been released, the directors(The Russo Brothers) and the screenwriters (Christopher Markus and Stephen McFeely)have revealed key plot points from the movie, debunking popular fan theories, and sharing unused ideas that weren't used in the final version of the film. Finding ALL of this information in one location Read More

The third installment of the "MonsterVerse" is here, after much hype and anticipation. Does it smash all expectations after the criticisms of the 2014 Godzilla? Or is it possibly worse than the classic and beloved 1998 Godzilla? @MrEricAlmighty and @PhilTheFilipino discuss!Also, be sure to follow us on ALLLLLLL of our Read More

Analysing Shell Code with scdbg https://isc.sans.edu/forums/diary/Analyzing+First+Stage+Shellcode/24984/ GitHub Automating Security Patches https://help.github.com/en/articles/configuring-automated-security-fixes Exposed Docker Containers Uses for Cryptocoin Mining https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/ Mozilla Objecting To Web Packaging https://docs.google.com/document/d/1ha00dSGKmjoEh2mRiG8FIA5sJ1KihTuZe-AXX1r8P-8/preview#