News

In Episode 65, Ben and Scott are joined by Mark Kashman where they discuss the latest updates and announcements from SharePoint Conference 2018. Sponsors Office365AdminPortal.com - Providing admins the knowledge and tools to run Office 365 successfully Intelligink - We focus on the Microsoft Cloud so you can focus on Read More

GDPR Going Into Effect May 25th https://en.wikipedia.org/wiki/General_Data_Protection_Regulation Bitcoin Gold Double Spent Attack https://forum.bitcoingold.org/t/double-spend-attack-on-exchanges/1362 Amazon Alexa Forwards Random Conversations https://www.kiro7.com/news/local/woman-says-her-amazon-device-recorded-private-conversation-sent-it-out-to-random-contact/755507974 Verge Crypto Coin Attacked Again https://www.bleepingcomputer.com/news/security/verge-cryptocurrency-network-falls-victim-to-same-attack-even-after-hard-fork/

In Episode 64, Ben and Scott lost the rails, found the rails, and then fell off of them again. Sponsors Office365AdminPortal.com - Providing admins the knowledge and tools to run Office 365 successfully Intelligink - We focus on the Microsoft Cloud so you can focus on your business Show Notes Read More

VPNFilter Malware Affecting Cisco Routers https://blog.talosintelligence.com/2018/05/VPNFilter.html DLink Vulnerabilities https://securelist.com/backdoors-in-d-links-backyard/85530/ Firefox Disabling "Spy APIs" and enabling 2FA https://www.fxsitecompat.com/en-CA/docs/2018/ambient-light-and-proximity-sensor-apis-have-been-disabled/

Malicious SYLK Files Used to Execute Code in Excel https://isc.sans.edu/forums/diary/Malware+Distributed+via+slk+Files/23687/ BMW Releases Patches for Several Cars https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf Mac Crypto Miners https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2018/05/new-mac-cryptominer-uses-xmrig/ VMWare Spectre Updates https://www.vmware.com/security/advisories/VMSA-2018-0012.html

Spectre NG Patches https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 New "Moon" Variant http://blog.netlab.360.com/gpon-exploit-in-the-wild-iv-themoon-botnet-join-in-with-a-0day/ https://isc.sans.edu/forums/diary/Something+Wicked+this+way+comes/23681/ Extracting Keys From Windows ssh-agent https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/

Redis Cryptocoin Mining Worm https://isc.sans.edu/forums/diary/Anatomy+of+a+Redis+mining+worm/23673/ Evolving Chrome's Security Indicator https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html DrayTek CSRF 0-Day Exploited to Change DNS Servers https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks Rowhammer Remote Exploit https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf https://arxiv.org/abs/1805.04956

Claymore Miner Attack https://isc.sans.edu/diary/Insecure+Claymore+Miner+Management+API+Exploited+in+the+Wild/23665/ PCI DSS Version 3.2.1. Released https://isc.sans.edu/forums/diary/PCI+DSS+version+321+is+out/23667/ Keeper Releases Update https://keepersecurity.com/blog/2018/05/15/response-may-15-seclists-report/ Cisco Security Update https://tools.cisco.com/security/center/publicationListing.x

In Episode 63, Ben and Scott lament the end of life announcement for the integration of third-party audio conferencing providers (ACP) with Skype for Business. Sponsors Join Ben and Scott at SharePoint Conference North America. Register today at sharepointna.com with the code SHOAG and save $50 on your registration. Office365AdminPortal.com Read More

Critical DHCP Client Vulnerability in RedHat Enterprise Server 6/7 https://access.redhat.com/security/vulnerabilities/3442151 UPnP Misconfiguration DDoS Attack https://www.theregister.co.uk/2018/05/16/upnp_amplifies_ddos_attacks/ Ubuntu Snap Store Miner Incident Followup https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store iOS / Android "Zipper Down" Vulnerability https://zipperdown.org/

PDF Exploit (and Windows Priv. Escalation) Leaked https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/ Possible Vulnerability in Keeper Password Manager http://seclists.org/fulldisclosure/2018/May/41 MyEtherWallet Phishing https://isc.sans.edu/forums/diary/Phishing+emails+for+fake+MyEtherWallet+login+page/23655/

PGP/SMIME efail Vulnerability https://efail.de Adobe PDF Reader / Acrobat Bulletins https://helpx.adobe.com/security/products/acrobat/apsb18-09.html

Odd njRat Like Scans Reversed C2 traffic from China Signal Vulnerability (Possibly in Electron, which affects Skype/Slack/others) https://twitter.com/ortegaalfredo/status/995017143002509313 Electron Vulnerability https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/ Cryptocoin Miner Found in Ubuntu Snap Store https://github.com/canonical-websites/snapcraft.io/issues/651

DNS Exfiltration in Windows https://isc.sans.edu/forums/diary/Exfiltrating+data+from+very+isolated+environments/23645/ Fake Electrun Wallet https://github.com/spesmilo/electrum-docs/blob/master/decompiling_guide.md Treasure Hunter PoS Malware Source Code Leaked https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/ More Malicious Chrome Extensions Spreading via Facebook https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/

In Episode 62, Ben and Scott take a walk through the latest news in the Microsoft world. Sponsors Join Ben and Scott at SharePoint Conference North America. Register today at sharepointna.com with the code SHOAG and save $50 on your registration. Office365AdminPortal.com - Providing admins the knowledge and tools to Read More

Loyds Bank Phish Leads to Trickbot https://isc.sans.edu/forums/diary/Nice+Phishing+Sample+Delivering+Trickbot/23641/ Firefox Group Policy Engine https://www.bleepingcomputer.com/news/software/group-policy-support-coming-to-firefox-60/ OS Vendors Fix Intel Debug Flaw https://www.kb.cert.org/vuls/id/631579 Cryptocoin Miner in Excel https://charles.dardaman.com/js_coinhive_in_excel

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2018+Patch+Tuesday/23637/ Basestriker Vulnerability Hitting Office 365 https://www.avanan.com/resources/basestriker-vulnerability-office-365 wget Cookie Injection Vulnerability http://seclists.org/fulldisclosure/2018/May/20

Parsing Windows Job Files https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/ SYN-ACK Ransomware Uses Dobbleganging Technique https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/ More Drupal Compromises https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/ Russia vs. Telegram https://twitter.com/instasegv/status/993521755192020992 https://www.bleepingcomputer.com/news/government/russia-blocks-50-vpns-and-proxy-services-providing-access-to-telegram/

Malicious NPM Library Stopped https://blog.npmjs.org/post/173526807575/reported-malicious-module-getcookies Popular GDPR Shield http://gdpr-shield.io (currently down) More Spectre Flaws https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html

More WebLogic Exploits https://isc.sans.edu/forums/diary/WebLogic+Exploited+in+the+Wild+Again/23617/ Ouch! GDPR Newsletter https://www.sans.org/security-awareness-training/ouch-newsletter GitHub / Twitter Password Storage Issues https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html https://www.zdnet.com/article/github-says-bug-exposed-account-passwords/ Facebook adds Homegraph Alert to Certificate Transparency log monitoring https://www.facebook.com/notes/protect-the-graph/phishing-domain-detection/2037453483161459/ Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315