WinRAR ACE Vulnerabilty used in Malspam https://twitter.com/360TIC/status/1099987939818299392 Sextortion Email With QR Code https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/ ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation https://www.icann.org/news/announcement-2019-02-22-en Android FIDO2 Certification https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
B0ront0k Linux Server Ransomware https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/ Cr1pt0r Ransomware Targets DLink NAS Devices https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3 LinkedIn Messages Used to Push Fake Job Offers https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
Ben and Scott dive into the latest Office 365 and SharePoint Online updates, including access to mega menus in Hub sites and new options for footers in Communication sites, new options for security baselines in InTune, and how to use the Graph Security API with Azure Logic Apps, Flow, and Read More
Microsoft Edge Whitelists Facebook to Run Flash https://bugs.chromium.org/p/project-zero/issues/detail?id=1722 Chinese Android Banking App Stores Screenshots of Other Apps https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html Password Manager Vulnerabilities https://www.securityevaluators.com/casestudies/password-manager-hacking/
Snap Patches Available https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing Finding Property Values in Office Documents https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/ Bro-Sysmon https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88 Cryptojacking Apps in Microsoft App Store https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
PDF includes SMB Link https://isc.sans.edu/forums/diary/Suspicious+PDF+Connecting+to+a+Remote+SMB+Share/24646/ QNAP Malware https://www.qnap.com/en/security-advisory/nas-201902-13 Bomb Threat Spammers Arrested https://www.justice.gov/usao-cdca/pr/members-hacker-collective-face-federal-charges-attacking-computer-systems-emailing-mass Managed Service Providers Targeted By Ransomware https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
Scott and Ben talk all things Azure Front Door, a Layer 7 service which can be used to optimize web applications for best performance, instant global failover, and application layer security.
Phishing Kit with JavaScript Keylogger https://isc.sans.edu/forums/diary/Phishing+Kit+with+JavaScript+Keylogger/24622/ Phishing Via Google Translate https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html iPhone Apps Record Screens https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/ Packet Challenge https://johannes.homepc.org/packet10.txt
Value of UAC https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/ Apple Releases Facetime Patch https://support.apple.com/en-us/HT201222 Skype Video Now Allows For Blurred Background https://blogs.skype.com/news/2019/02/06/introducing-background-blur-in-skype/ Microsoft Exchange Server Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190007
Ben schools Scott on calling in the cloud, including options for inter-org communication, chat, voice, and other traditional phone features that are available in Office 365.