PowerApps, Flow, the Common Data Service (CDS) and Poetry? Scott and Ben walk you through getting started building solutions in Office 365 leveraging these three technologies. PowerApps Modify SharePoint forms with PowerApps PowerApps pricing and skus Flows Pricing for Microsoft Flow Common Data Service (CDS) introduction Use Cases: Paul Culmsee Read More
Coinhive Domain Compromise https://coinhive.com/blog/dns-breach Dell Loses Control of Backup and Recovery Cloud Storage Domain https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267 Google ReCaptcha Broken https://github.com/ecthros/uncaptcha Users in Iran Targeted by Cryptoransomware Masquerading as VPN https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/ Crypto Currency Phishing https://www.dearbytes.com/blog/cryptocurrency-phishing/
Stop Relying on File Extensions https://isc.sans.edu/forums/diary/Stop+relying+on+file+extensions/22962/ BadRabbit New Ransomware Wave Hitting Russia and Ukraine https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/ https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/ Over 70% Of Web Traffic Now via TLS https://transparencyreport.google.com/https/overview?hl=en Static RNG Seeds in Fortinet Devices https://duhkattack.com
Is a Telco in Brazil Hosing An Epidemic of Open SOCKS Proxies? https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/ Android May Be Adding DNS Over TLS https://www.xda-developers.com https://tools.ietf.org/html/rfc7858 Fake Crypto Currency Trading Applications https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
IoT "Reaper" Botnet http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/ https://research.checkpoint.com/new-iot-botnet-storm-coming/ Elmedia Player and Folx Infected with Proton Malware https://www.eltima.com/blog/2017/10/elmedia-player-and-folx-malware-threat-neutralized.html Google Expands Bug Bounty To Popular Android Apps https://www.google.com/about/appsecurity/play-rewards/index.html Increased Use of Last Week's Flash Vulnerability https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
In Episode 33, Ben and Scott review all (well most of) the SharePoint-specific news from around Microsoft Ignite. Updating content management for the cloud SharePoint & OneDrive Security & Compliance Updates from Microsoft Ignite Security you can trust, control you can count on with SharePoint and OneDrive (Ignite News) Changes Read More
Baselining Servers to Detect Outliers https://isc.sans.edu/forums/diary/Baselining+Servers+to+Detect+Outliers/22940/ Test Script Available for KRACK Vulnerability https://github.com/vanhoefm/krackattacks-test-ap-ft WaterMiner Distributed With Gaming Mods https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner Microsoft Releases Fall Creators Update https://blogs.windows.com/windowsexperience/2017/10/17/whats-new-windows-10-fall-creators-update/#76CQXoUYxT81RLJi.97
WPA2 "Krack" Attack https://www.krackattacks.com/ https://securingthehuman.sans.org/blog/2017/10/16/28748/ Adobe Flash Player Update https://helpx.adobe.com/security/products/flash-player/apsb17-32.html Two (identical) uTorrent Binaries With Different Hashes https://isc.sans.edu/forums/diary/Its+in+the+signature/22928/
Peeking Into an Outlook .msg File https://isc.sans.edu/forums/diary/Peeking+into+msg+files/22926/ Abandoned Domains / Equifax/Transunion Lead to Fake Falsh Update https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/ Microsoft Patch Causes Corrupted Systems https://support.microsoft.com/en-us/help/4049094 DoubleLocker Android Ransomware https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/ Chrome Extension Mines Crypto Currency https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/
Version Control Tools Are Not Only For Developers https://isc.sans.edu/forums/diary/Version+control+tools+arent+only+for+Developers/22922/ Coin Hive Javascript Crypto Currency Miner Found on Piratebay https://twitter.com/esterling_/status/918240914623090695 https://crypto-loot.com Macro-less Code Exec in MSWord Rediscovered https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/ https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/ Hard Disks Can Be Used As Microphones https://github.com/ortegaalfredo/kscope/blob/master/doc/HDD-microphones.pdf
In this episode, Scott and Ben update you on the latest Office 365 news for September that was NOT from Microsoft Ignite. We talk mostly about news that was announced pre-ignite that you may have missed or glossed over with the flurry of news during Ignite. Fewer login prompts: The Read More
Outlook Includes plain text version of e-mail with S/MIME Encryption https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html RubyGems Remote Code Execution Vulnerability http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html Google Home Mini Recorded Everything http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/ Cameradar Finds Open RTSP Streams https://github.com/EtixLabs/cameradar
In our final Microsoft Ignite special, Scott has a Microsoft Teams Interview with Wictor Wilén. They talk at a high level about Microsoft Teams and then dive into extending Teams using the Yeoman Generator from Wictor. Microsoft Teams Microsoft Teams Yeoman Generator Microsoft Teams Development Center Getting Started with Bots Read More
Payment Handler API https://w3c.github.io/payment-handler/ https://blog.lukaszolejnik.com/privacy-of-web-request-api/ OpenSSH Version 7.6 Released http://www.openssh.com/txt/release-7.6 Microsoft Delaying Some Patches for Earlier Windows Versions https://googleprojectzero.blogspot.sg/2017/10/using-binary-diffing-to-discover.html The Dangers of Cables https://isc.sans.edu/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/
In this special episode from Microsoft Ignite, Ben interviews Anne and Shilpi from Microsoft all new announcements around Office 365 Usage Analytics. Including announcements around: New Usage Report, Usage Score and Advanced Usage Analytics in Office 365. Usage and Reporting Announcements from Ignite BRK2039: Introducing Advanced Usage Reporting Tools Read More
