News

Episode 83 – Learn Azure in a Month of Lunches with Iain Foulds September 20, 2018

In Episode 83, Ben and Scott talk with Iain Foulds about his new book, Learn Azure in a Month of Lunches and how it can help those that are just getting started with Azure or the cloud get up to speed in just a month! Tweet @msclouditpro with the hashtag Read More

ISC StormCast for Thursday, September 20th 2018 September 19, 2018

Adobe Releases Special Patch for Acrobat and Reader https://helpx.adobe.com/security/products/acrobat/apsb18-34.html Akamai State of the Internet Report https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp Peekabo DVR Vulnerability https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder

ISC StormCast for Wednesday, September 19th 2018 September 18, 2018

Certificate Transparency Tools https://isc.sans.edu/forums/diary/Using+Certificate+Transparency+as+an+Attack+Defense+Tool/24114/ Kodi Malicious Add-Ons https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/ Cloudflare Making DNSSEC Adoption Easier https://blog.cloudflare.com/automatically-provision-and-maintain-dnssec/ Western Digital MyCloud Unauthenticated Admin Access https://www.securify.nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html

ISC StormCast for Tuesday, September 18th 2018 September 17, 2018

Analyzing Office Docs https://isc.sans.edu/forums/diary/Dissecting+Malicious+MS+Office+Docs/24108/ Apple Updates Everything but macOS https://support.apple.com/en-us/HT201220 FBot Botnet https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/ Related STI Paper: Botnet Reciliency via Private Blockchain (Jonathan Sweeny) https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050

ISC StormCast for Monday, September 17th 2018 September 16, 2018

Reversing Visual Basic Shortcuts https://isc.sans.edu/forums/diary/2020+malware+vision/24104/ Not So Random User Agent https://isc.sans.edu/forums/diary/User+Agent+String+uatoolsrandom/24102/ Safari DoS https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea Webroot SecureAnywhere macOS Vulnerability https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-SecureAnywhere-macOS-Kernel-Level-Memory-Corruption/ Intel Patches Management Engine Encryption Vulnerability http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html

ISC StormCast for Friday, September 14th 2018 September 13, 2018

Malicious MHT Files https://isc.sans.edu/forums/diary/Malware+Delivered+Through+MHT+Files/24096/ Improved Coldboot Attack https://blog.f-secure.com/cold-boot-attacks/ SAP Patches https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993

Episode 82 – Microsoft Teams with Karuana Gatimu September 13, 2018

In Episode 82, Ben and Scott are joined by Karuana Gatimu, Principal PM Manager in the Insights and Outreach team in Microsoft Engineering, where they discuss the latest happenings with Microsoft Teams - convergence with Skype for Business, Microsoft Teams governance, and the Office 365 Champions program. Don't forget to stop by Read More

ISC StormCast for Thursday, September 13th 2018 September 12, 2018

So What is Going on With IPv4 Fragments these Days? https://isc.sans.edu/forums/diary/So+What+is+Going+on+With+IPv4+Fragments+these+Days/24092/ Magacart Javascript Injection Attacks https://www.bleepingcomputer.com/news/security/feedify-service-compromised-with-magecart-information-stealing-script/ Bypassing CSP using Polyglot JPEGs https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs

ISC StormCast for Wednesday, September 12th 2018 September 11, 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/ Adobe Patches https://helpx.adobe.com/security.html Safari/Edge URL Bar Spoofing https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html Exploit Search Engine https://sploitus.com

ISC StormCast for Tuesday, September 11th 2018 September 10, 2018

"findstr" used to extract malware from LNK files https://isc.sans.edu/forums/diary/What+is+dikona+or+glirote3/24084/ Tor Browser Javascript Vulnerability https://www.bleepingcomputer.com/news/security/exploit-affecting-tor-browser-burned-in-a-tweet/ Trend Micro App Leaks Data / Removed from Appstore https://forums.malwarebytes.com/topic/217353-get-rid-of-open-any-files-rar-support/?tab=comments#comment-1194838 Chrome removes Subdomains from URL Bar https://bugs.chromium.org/p/chromium/issues/detail?id=881410

ISC StormCast for Sunday, September 9th 2018 September 09, 2018

Crypto Mining in a Windows Headless Browser https://isc.sans.edu/forums/diary/Crypto+Mining+in+a+Windows+Headless+Browser/24078/ MacOS Adware Doctor Stealing Browser History https://twitter.com/privacyis1st/status/1031428304543395840 https://objective-see.com/blog/blog_0x37.html VPN Applications with Privilege Escalation Vulnerabilities https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html Keybase Extension Allws Access By Scripts from Any Site https://palant.de/2018/09/06/keybase-our-browser-extension-subverts-our-encryption-but-why-should-we-care

ISC StormCast for Friday, September 7th 2018 September 06, 2018

Malware Uses Powershell to Comple C# Code on the Fly https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/ Stealing WiFi Credentials in Google Chrome https://www.surecloud.com/sc-blog/wifi-hijacking DNS Spoofing and Certificate Authority Domain Validation https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validation/ Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=30#~Vulnerabilities

Episode 81 – Microsoft Intune and Mobile Device Management September 06, 2018

In Episode 81, Ben and Scott dive into Microsoft Intune and mobile device management (MDM). Also, we'll be at Ignite, so don't forget to come by and say "Hi!". Sponsors Mover.io - Scan, Plan, Migrate, Report. Migrations that don’t suck - with Mover! Office365Mon.com - How do you know what's Read More

ISC StormCast for Thursday, September 6th 2018 September 05, 2018

MEGA Chrome Extension Replaced with Password Stealer https://serhack.me/articles/mega-chrome-extension-hacked Python Package Installer May Execute Code https://github.com/mschwager/0wned Windows Scheduler Exploit Used in the Wild https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/ Where Have All My Certificates Gone? https://isc.sans.edu/forums/diary/Where+have+all+my+Certificates+gone+And+when+do+they+expire/24066/

ISC StormCast for Wednesday, September 5th 2018 September 04, 2018

Some More Interesting MicroTik Router Exploits https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/ Exposed .git Directories https://lynt.cz/blog/global-scan-exposed-git SSL Certificates Expose Tor Servers https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/

ISC StormCast for Tuesday, September 4th 2018 September 04, 2018

Reversing and Modifying the Medium Mobile App https://hackernoon.com/dont-publish-yet-reverse-engineering-the-medium-app-and-making-all-stories-in-it-free-48c8f2695687 Active Directory Leaks via Azure https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/ Google Restricts Tech Support Ads https://www.blog.google/products/ads/restricting-ads-third-party-tech-support-services/?mod=article_inline

ISC StormCast for Sunday, September 2nd 2018 September 02, 2018

OSX/MacOS and Dangerous of Custom URL Schemes https://objective-see.com/blog/blog_0x38.html Philips e-Alert Vulnerability https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01

ISC StormCast for Friday, August 31st 2018 August 30, 2018

Cryptocoin Miners are More Popular Than Ever and Dominate in Attacks https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050/ Cryptocoin Miners Deployed via Struts Vulnerability https://www.volexity.com/blog/2018/08/27/active-exploitation-of-new-apache-struts-vulnerability-cve-2018-11776-deploys-cryptocurrency-miner/ Mimecast Identifies Weaknesses in Existing EMail Filters https://www.mimecast.com/resources/ebooks/dates/2018/7/the-state-of-email-security-2018-report/ Android Leaks Information to Processes https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/

Episode 80 – Hybrid Azure Active Directory Join August 30, 2018

Today we dive into a listener question from Steve about EMS, Hybrid Azure AD joined devices and other fun topics around joining devices to Azure AD/Office 365. Sponsors Mover.io - Scan, Plan, Migrate, Report. Migrations that don’t suck - with Mover! Office365AdminPortal.com - Providing admins the knowledge and tools to run Read More

ISC StormCast for Thursday, August 30th 2018 August 29, 2018

More Octoprint Details https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/ Packagist Remote Code Injection Vulnerability https://justi.cz/security/2018/08/28/packagist-org-rce.html More OpenSSH User Enumeration Issues http://seclists.org/oss-sec/2018/q3/180 Two new TPM Vulnerabilities https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-han.pdf

Older Entries Newer Entries