News

In Episode 103, Scott sits down with Simon Binder from the Knee Deep in Tech podcast to talk about Enterprise Mobility. They discuss device management, mobile application management, and how to manage user adoption when you're moving at the pace of the cloud. Sponsors Mover.io - Scan, Plan, Migrate, Report. Read More

Yet Another DOSfuscation Sample https://isc.sans.edu/forums/diary/Yet+Another+DOSfuscation+Sample/24408/ OpenSSH Backdoors https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf Android Malware Bypasses 2FA For Paypal https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/

We're Back! Who is the real King of R&B? Are we really mad at Kevin Hart?Support the showFollow The Hosts on Social Media:Jerry Tha Great - http://bit.ly/Jerrythagreat2Breeze - https://bit.ly/BigBurrNeesy - https://bit.ly/NeesyTDD

Microsoft December 2018 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+December+2018+Patch+Tuesday/24404/ Adobe Patch Tuesday https://helpx.adobe.com/security/products/acrobat/apsb18-41.html Certificate Authority Weaknesses https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf

Kubernetes Unauthenticated PoC Exploit for CVE-2018-1002105 https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc WebAssembly Brings Buffer Overflows to Browsers https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly Increased Ethereum Miner Attacks https://isc.sans.edu/port.html?port=8545 https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter Android Click Fraud Apps are Emulating iPhones for Higher Revenue https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/

Analyzing Malicious Docker Images https://isc.sans.edu/forums/diary/A+Dive+into+malicious+Docker+Containers/24388/ Arrest of Huawei CFO Inspires Advance Fee Scam https://isc.sans.edu/forums/diary/Arrest+of+Huawei+CFO+Inspires+Advance+Fee+Scam/24396/ Sextortion Messages Leading to Ransomware https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware WebKit Exploit Released https://github.com/LinusHenze/WebKit-RegEx-Exploit Implants Found in Russian Banks https://securelist.com/darkvishnya/89169/

Adobe Vulnerability PoC Released https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/ WatchOS Update https://support.apple.com/en-us/HT209343 Data Exfiltration During Pentests https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/ PoC Exploit for Kubernetes Vulnerability https://github.com/evict/poc_CVE-2018-1002105 Preston Ackerman: Marketing 2FA https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695

In Episode 102, Ben and Scott discuss what’s been happening with Azure AD MFA and how to have fun with nested virtualization in Azure. Sponsors Mover.io - Scan, Plan, Migrate, Report. Migrations that don’t suck - with Mover! Office365Mon.com - How do you know what's going on with the health of Read More

Adobe Releases Emergency Flash Patch https://helpx.adobe.com/security/products/flash-player/apsb18-42.html Apple Updates Everything (but not WatchOS) https://support.apple.com/en-us/HT201222 New Privacy Issues Affecting 3G-5G protocols https://eprint.iacr.org/2018/1175

Fake Ransomware Decryption Service https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/ Latest Lokibot Malspam https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/ Chrome 71 Released https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/ RSA Followup Webcast https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come

Word Maldoc: Yet Another Place to Hide a Command https://isc.sans.edu/forums/diary/Word+maldoc+yet+another+place+to+hide+a+command/24370/ US-Cert Releases SamSam Alerts https://www.us-cert.gov/ncas/alerts/AA18-337A Kubernetes Patches https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88 Malicious iOS App Tricks User in Payment https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead/

KingMiner Improved Cryptomining https://research.checkpoint.com/kingminer-the-new-and-improved-cryptojacker/ Siglent Technologies Oscilloscope Vulnerabilities https://seclists.org/fulldisclosure/2018/Nov/68 Autocad Malware https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft ISC Stickers (login required. first 10 requests each day) https://isc.sans.edu/sticker.html

Russian Language Malspam Pushing Shade (Troldesh) Ransomware https://isc.sans.edu/forums/diary/Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24358/ Scamclub Malvertising Against iOS Users https://blog.confiant.com/malvertising-attack-hijacks-300-million-sessions-over-48-hours-9d0218fe02cd Andre Shori: To Block Or Not To Block? Impact and Analysis of Actively Blocking Shodan Scans http://www.sans.org/reading-room/whitepapers/networksecurity/block-block-impact-analysis-actively-blocking-shodan-scans-38645

In Episode 101, Scott sits down at Microsoft Ignite with Jason Himmelstein from the BIFOCAL podcast. They talk about some of the hidden gems in the SharePoint keynote and some of the exciting end-user enhancements coming to Office 365, SharePoint, and OneDrive for Business. Sponsors Mover.io - Scan, Plan, Migrate, Read More

Obfuscated Shell Scripts: Fake MacOS Flash Updates https://isc.sans.edu/forums/diary/More+obfuscated+shell+scripts+Fake+MacOS+Flash+update/24352/ Sennheiser HeadSetup Certificate Authority Install https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf Microsoft Fixes Shared Folder Permission Deletion Problem https://support.microsoft.com/en-us/help/4467684/windows-10-update-kb4467684 3ve Botnet Dismanteled https://services.google.com/fh/files/blogs/3ve_google_whiteops_whitepaper_final_nov_2018.pdf

Obfuscated QNAP bash Malware; https://isc.sans.edu/forums/diary/Obfuscated+bash+script+targeting+QNap+boxes/24348/ Half of All Phishing Sites Use HTTPS https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/ Chrome and Firefox to Remove FTP Support https://www.bleepingcomputer.com/news/google/chrome-and-firefox-developers-aim-to-remove-support-for-ftp/ California Wildfire Used in BEC Scams https://www.agari.com/identity-intelligence-blog/california-wildfire-email-scams/

ViperMonkey: VBA Maldoc Deobfuscation https://isc.sans.edu/forums/diary/ViperMonkey+VBA+maldoc+deobfuscation/24346/ Malicious NPM Libraries https://medium.com/@cnorthwood/todays-javascript-trash-fire-and-pile-on-f3efcf8ac8c7 Turning Your BMC Into A Revolving Door https://www.synacktiv.com/ressources/zeronights_2018_turning_your_bmc_into_a_revolving_door.pdf

Attacks Against Docker API https://isc.sans.edu/forums/diary/Moby+the+Shark/24340/ Mirai Like Attack Hitting Hadoop https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/ New Rowhammer Variant Effects ECC Memory https://www.vusec.net/projects/eccploit/

In Episode 100, Ben and Scott discuss some of the most recent happenings in Office 365 including the GA of group-based licensing and the "worldwide" release of Microsoft Kaizala, and how to track tasks in Microsoft Word. Save $500 on your Live! 360 Orlando registration with the code OSPK45 Sponsors Mover.io Read More

Critical Flash Update https://helpx.adobe.com/security/products/flash-player/apsb18-44.html Thanksgiving Lure for Emotet https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet