News

ISC StormCast for Friday, December 15th 2017 December 14, 2017

Citizen Lab Security Planner https://securityplanner.org/ Apple Update to iOS/tvOS/iCloud (Windows) https://support.apple.com/en-us/HT201222 Fortinet Client Credentials Shared Key https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html Fox-It Victim of a Man-in-the-Middle Attack https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/

Episode 41 – Getting Started with Office 365 (Part 1 of ?) December 14, 2017

In Episode 41, Ben and Scott respond to listener feedback and start the first of a who-knows-how-many series on how to onboard into Office 365. Episode 5 – Office 365 SKUs & Licensing Episode 6 – Office 365 License Management (For Real This Time) Network planning and performance tuning for Read More

ISC StormCast for Thursday, December 14th 2017 December 13, 2017

Tracking Newly Registered Domains https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/ Critical Palo Alto Firewall Flaws Allow RCE as root http://seclists.org/fulldisclosure/2017/Dec/38 Hiding Changes from git-diff https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/ Apple Airport Update https://support.apple.com/en-us/HT208354

ISC StormCast for Wednesday, December 13th 2017 December 12, 2017

Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/ EV Certificate Model Broken? https://stripe.ian.sh ROBOT Attack Against TLS https://robotattack.org

ISC StormCast for Tuesday, December 12th 2017 December 11, 2017

Pornographic Spam Messages Used to Deliver Crypto Coin Miner https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/ Microsoft Leaks Secret SSL Key For Dynamics 365 https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648 Proxy Botnet Used to Launch Variety of Web Application Attacks https://news.drweb.com/show/?i=11627&lng=en FoxIT Releases Utility to Recover Manipulated Windows Logs https://github.com/fox-it/danderspritz-evtx

ISC StormCast for Monday, December 11th 2017 December 10, 2017

Sometimes An RTF Document is Just an RTF Document https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/ HP Keyboard Drivers Can Log Keystrokes https://support.hp.com/us-en/document/c05827409 https://zwclose.github.io/HP-keylogger/ Android App Signature Bypass https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures MSFT Patches Antimalware Engine https://portal.msrc.microsoft.com/en-US/eula

ISC StormCast for Friday, December 8th 2017 December 07, 2017

Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf Tracking Users Without GPS http://ieeexplore.ieee.org/document/8038870/ Process Doppelgaenger Anti-Malware Bypass https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf Friday Webcast About Recent OWASP Top 10 Update https://www.sans.org/webcasts/owasp-top-10-2017-106560

Episode 40 – Office 365 News for November 2017 December 07, 2017

In Episode 40, Scott and Ben review the latest Office 365 news for November 2017, including SharePoint Online, OneDrive for Business, Exchange Online, and Microsoft Teams. New and updated web parts rolling out to SharePoint in Office 365 New features for SharePoint list and library preview web parts Hybrid Self-Service Read More

ISC StormCast for Thursday, December 7th 2017 December 06, 2017

Apple Updates Everything https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23107/ Do Not Trust Reverse DNS. And here is an example why https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/ NiceHash Hacked https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/

ISC StormCast for Wednesday, December 6th 2017 December 05, 2017

AI.Type Data Exposed in MongoDB Database https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records Mailsploit Makes it Easier to Spoof From Headers in E-Mails https://www.mailsploit.com StorageCrypt Ransomware Encrypts NAS Devices https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/ Android December Update https://source.android.com/security/bulletin/2017-12-01

ISC StormCast for Tuesday, December 5th 2017 December 04, 2017

Incidence Response Using TheHive https://isc.sans.edu/forums/diary/IR+using+the+Hive+Project/23099/ SSL/TLS For Scapy https://github.com/tintinweb/scapy-ssl_tls tvOS 11.2 Released (but no details about security content yet) https://support.apple.com/en-us/HT201222 System Vendors Ship Laptops With Intel ME Disabled https://www.reddit.com/r/linuxhardware/comments/7grglm/how_to_buy_a_dell_laptop_with_the_intel_me/ http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan Hacker Falsified Jail Records To Free Friend https://www.justice.gov/usao-edmi/pr/ann-arbor-man-pleads-guilty-computer-intrusion-case SeKey: Touch ID Control for ssh-agent https://github.com/ntrippar/sekey

ISC StormCast for Monday, December 4th 2017 December 03, 2017

Brazilian Banking Malware Uses UTF-16 Encoded .BAT File https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/ Phishing Abuse of JotForm https://isc.sans.edu/forums/diary/Phishing+Kit+AbUsing+Cloud+Services/23089/ Apple Releases iOS 11.2 https://support.apple.com/en-us/HT201222 (no details live yet) Critical Patch For RSA Authentication Agent http://seclists.org/fulldisclosure/2017/Nov/46 https://community.rsa.com/community/products/securid/authentication-agent-web-apache Slurp S3 Bucket Enumerator https://github.com/bbb31/slurp.git

ISC StormCast for Friday, December 1st 2017 November 30, 2017

More Malspam Pushing Emotet Malware https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/ Google Chrome To Block Some Third Party Software Mid-2018 https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html European Union Funds VLC Bug Bounty https://joinup.ec.europa.eu/news/hackerone-vlc STI Student Scott Perry: Virtual System Forensics http://www.sans.org/reading-room/whitepapers/bestprac/exploring-effectiveness-approaches-discovering-acquiring-virtualized-servers-esxi-38155

Episode 39 – Azure IaaS: VMs and Storage November 30, 2017

In Episode 39, Ben and Scott provide an overview of onboarding into Azure Virtual Machines and the associated Infrastructure-as-a-Service (IaaS) components of Azure. Azure Virtual Machines Create a Windows virtual machine with the Azure portal Create a Windows virtual machine from an ARM Template Azure Quickstart Templates Overview of Azure Read More

ISC StormCast for Thursday, November 30th 2017 November 29, 2017

Apple Releases Security Update 2017-001 To Fix Passwordless Root Bug https://support.apple.com/en-us/HT208315 Insecure Android Crypto Currency Wallets https://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html Coinhive Miner Now As Pop-Under https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/ Fileless Malicious PowerShell Sample https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/ .dev TLD Now Requires HTTPS in Chrome http://www.theregister.co.uk/2017/11/29/google_dev_network/

ISC StormCast for Wednesday, November 29th 2017 November 28, 2017

Password Less Root Account Allows for Trivial Privilege Escalation on MacOS High Sierra https://twitter.com/lemiorhan/status/935578694541770752 https://support.apple.com/en-us/HT204012 Defeating Facial Recognition https://arxiv.org/abs/1711.09001 Bitcoin Gold Wallet App Compromise https://bitcoingold.org/critical-warning-nov-26/ Project Exodus Identified Trackers in Android Apps https://reports.exodus-privacy.eu.org/reports/apps/

ISC StormCast for Tuesday, November 28th 2017 November 27, 2017

Golden SAML Ticket Attack https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/ Facebook Poll Image Vulnerability https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html

ISC StormCast for Monday, November 27th 2017 November 26, 2017

Critical Exim Mail Server Vulnerability (Exploit released!) https://bugs.exim.org/show_bug.cgi?id=2199 CoinPouch "Verge" Token Loss http://www.documentcloud.org/documents/4309909-StatementonVerge-11-21-17.html Bitcoin Routing Attacks https://btc-hijack.ethz.ch Scanning Ethereum Smart Contracts For Vulnerabilities https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df Fortiweb Manager Vulnerability https://fortiguard.com/psirt/FG-IR-17-248

Episode 38 – Being successful as an Office 365 Architect November 23, 2017

In Episode 38 Scott and Ben discuss how roles within IT have changed and evolved with move to the cloud. What does it take to be successful as an Office 365 Architect? How as the Admin's role changed with the move to Office 365? For everyone from SharePoint Admins to Read More

ISC StormCast for Wednesday, November 22nd 2017 November 21, 2017

Ethereum JSON-RPC Scans https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/ Updated OWASP Top 10 Released https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf TPLink Often Provides Outdated Firmware Version For Download https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads

Older Entries Newer Entries