Exploiting Struts in vCenter https://isc.sans.edu/forums/diary/Struts+Vulnerability+CVE20175638+on+VMware+vCenter+the+Gift+that+Keeps+on+Giving/24606/ Wikipedia Tech Support Scam https://isc.sans.edu/forums/diary/Wikipedia+Articles+as+part+of+Tech+Support+Scamming+Campaigns/24608/ Stealing MacOS Keychain https://www.youtube.com/watch?v=nYTBZ9iPqsU Beauty Camera Ads for Android include Adware https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
Tracking DNS Changes https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/ SystemD/JournalD PoC Exploit https://capsule8.com/blog/exploiting-systemd-journald-part-1/ Windows Defender Boot Issues https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform Mac Malware Steals Crytocurrency Exchange Cookies https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
In Episode 110, Ben and Scott start having a discussion about new Azure Fundamentals exam from Microsoft and how it focuses on core concepts of the cloud. In this episode, they get started at the beginning with cloud concepts, such as the differences between IaaS, PaaS, and SaaS. Sponsors Mover.io Read More
Chrome Update https://www.zdnet.com/article/google-chrome-72-removes-hpkp-deprecates-tls-1-0-and-tls-1-1/ Firefox Update https://techdows.com/2019/01/firefox-to-disable-extensions-in-private-browsing-mode-by-default.html Facebook (and Google) Research VPN https://techcrunch.com/2019/01/29/facebook-project-atlas/ https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/ RCE In Samsung Store via "evilgrade" https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
Phishing Not Ready for IPv6 https://isc.sans.edu/forums/diary/A+Not+So+Well+Done+Phish+Why+Attackers+need+to+Implement+IPv6+Now/24582/ Apple Disables Facetime Group Messages https://www.apple.com/support/systemstatus/ Outlook 365 Safe Link Errors https://twitter.com/Swiss_Jay/status/1090271197193940992
Relaying Exchange's NTLM Autentication to Become Domain Admin https://isc.sans.edu/forums/diary/Relaying+Exchanges+NTLM+authentication+to+domain+admin+and+more/24578/ Facetime Bug Allows Users to Receive Audio before Call is Accepted https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/ AZORult Fake (signed) Google Update https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
Ben and Scott talk about some of the recent updates to MyAnalytics and the availability of the analytics suite being expanded outside of Office 365 E5 SKUs. They also get into some announcements around containers in Azure, including the depreciation of the Azure Container Service (ACS) and how to think Read More
DHS Emergency Directive Regarding DNS Tampering https://cyber.dhs.gov/ed/19-01/ Abuse of Trusted Microsoft Azure Domains https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/issues/233 Tech Support Scammers Unmasked https://www.fidusinfosec.com/turning-the-tables-on-virgin-media-twitter-scammers/
Turning MISP Data into RPZs https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/ Man in the Middle Vulnerablity in apt https://justi.cz/security/2019/01/22/apt-rce.html PHP PEAR Compromised Package http://pear.php.net Apple Security Updates https://support.apple.com/en-us/HT201222
Suspicious GET Request: Do you know what it is? https://isc.sans.edu/forums/diary/Suspicious+GET+Request+Do+You+Know+What+This+Is/24552/ DNS Flag Day https://dnsflagday.net/
Drupal Patches https://www.drupal.org/sa-core-2019-002 https://www.drupal.org/sa-core-2019-001 WPML User Data Compromised and Used in EMail To Customers https://wpml.org/2019/01/wpml-org-site-back-to-normal-after-an-attack-during-the-weekend/ Targeted Attack Uses Google Drive for Exfiltration https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/ Packet Challenge Solution https://johannes.homepc.org/packet8.txt
Android Malware Uses Motion Detection to Evade Analysis https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/ Twitter for Android Bug https://help.twitter.com/en/protected-tweets-android Introduction to WebAuthn/FIDO2 https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285 Ransomware As a Service https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/
Scott and Matthew McDermott discuss how you can rationalize data backup and recovery features that are native to the Office 365 platform from both an admin (operations) and end-user perspective.
Emotet and Other Malspam Campaigns Resume After Holiday Break https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/ Magecart Delivered Via Compromised Advertising Sites https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/ Premisys Identicard Vulnerabilities https://www.tenable.com/security/research/tra-2019-01 ES File Explorer Open Port Vulnerability https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
Microsoft LAPS - Blue Team / Red Team https://isc.sans.edu/forums/diary/Microsoft+LAPS+Blue+Team+Red+Team/24528/ Intel SGX Platform Update https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html Godaddy Injecting JavaScript https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/ Play with Docker Vulnerability https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
Government Website TLS Certificates Expire due to Partial Shutdown https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html Firefox EOL Plan for Flash https://bugzilla.mozilla.org/show_bug.cgi?id=1519434 Fake Movie File Malware https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/ Microsoft Windows Patch Breaks Access 97 https://borncity.com/win/2019/01/11/windows-january-2019-updates-breaks-access-to-access-dbs/ Snorpy Assists in Snort Rule Writing https://isc.sans.edu/forums/diary/Snorpy+a+Web+Base+Tool+to+Build+SnortSuricata+Rules/24522/ Packet Challenge