News

Episode 19 – The Office 365 Adoption Content Pack August 24, 2017

This week Scott and Ben tackle the Office 365 Content Adoption Pack. It's available for free, uses Power BI, and is an invaluable tool in your toolbox. Announcing the public preview of the Office 365 adoption content pack in Power BI Office Support - Office 365 Content Adoption Pack Working Read More

ISC StormCast for Thursday, August 24th 2017 August 23, 2017

Malware Loading Avast Safe Zone Browser https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/ Ropemaker E-Mail Content https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf Cloud Based Accounts Increasingly a Target https://www.microsoft.com/en-us/security/intelligence-report More Malware Found At Ukraining Accounting Software Makers https://issp.ua/issp_system_images/UPD_samples_analysis_eng.pdf

ISC StormCast for Wednesday, August 23rd 2017 August 22, 2017

Elcomsoft Releases Ability to Retrieve Apple Keychain from iCloud https://www.elcomsoft.com/eppb.html Mapping Rooms With Smart Speakers http://musicattacks.cs.washington.edu/activity-information-leakage.pdf Netcraft Identifies .fish Domain Used For Phishing https://news.netcraft.com/archives/2017/08/21/first-fishy-phishing-sites-sighted.html

ISC StormCast for Tuesday, August 22nd 2017 August 21, 2017

Hackers Scam $ 500,000 From Enigma Digital Currency Investors http://www.theregister.co.uk/2017/08/21/enigma_digital_currency_investors_scammed/ Bitcoin Privacy Threats https://arxiv.org/abs/1708.04748 $500 iPhone PIN Brute Forcing Box https://www.youtube.com/watch?v=IXglwbyMydM SyncCrypt Bypasses Antivirus Filters With Images https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/

ISC StormCast for Monday, August 21st 2017 August 20, 2017

EngineBox Banking Malware https://isc.sans.edu/forums/diary/EngineBox+Malware+Supports+10+Brazilian+Banks/22736/ It's Not An Invoice https://isc.sans.edu/forums/diary/Its+Not+An+Invoice/22738/ iOS Secure Enclave Key Posted https://www.theiphonewiki.com/wiki/Greensburg_14G60_%28iPhone6,1%29 Vulnerabilities in FoxIT PDF Reader https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader

ISC StormCast for Friday, August 18th 2017 August 17, 2017

Maldoc with auto-updated link https://isc.sans.edu/forums/diary/Maldoc+with+autoupdated+link/22730/ Rowhammer is Back: SSD Memory Affected https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf Nathaniel Quist: Active Defense in a Labyrinth of Deception https://www.sans.org/reading-room/whitepapers/ActiveDefense/active-defense-labyrinth-deception-37462

Episode 18: SharePoint Hybrid with Matt McDermott August 17, 2017

In this episode we have our first guest on the show! Scott and Ben interview Matt McDermott about SharePoint hybrid. You'll get an overview of the what exactly is SharePoint Hybrid and why you would want to do it. Then we jump into what may be some deal breakers when Read More

ISC StormCast for Thursday, August 17th 2017 August 16, 2017

Analysis of a Paypal Phishing Kit https://isc.sans.edu/forums/diary/Analysis+of+a+Paypal+phishing+kit/22726/ ShadowPad Backdoor in NetSarang Equipment https://securelist.com/shadowpad-in-corporate-networks/81432/ Solving Captcha Audio Challenges http://uncaptcha.cs.umd.edu/papers/uncaptcha_woot17.pdf

ISC StormCast for Wednesday, August 16th 2017 August 15, 2017

Malspam Pushing Trickbot Banking Trojan https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/ Banker Google Chrome Extension Targeting Brazil https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/ DJI "Go" App May Be Using JSPatch To Modify Applications After Install https://www.rcgroups.com/forums/showpost.php?p=38096850&postcount=2713 Smartlocks Bricked After Auto-Update http://www.securitysales.com/news/smart-locks-lobotomized-failed-update/

ISC StormCast for Tuesday, August 15th 2017 August 14, 2017

When A Malicious Looking E-Mail Turns Out to be "just" spam https://isc.sans.edu/forums/diary/Sometimes+its+just+SPAM/22716/ Android iOS Intra-Library Collusion https://arxiv.org/abs/1708.03520 SonicSpy: Android Spyware Apps https://blog.lookout.com/sonicspy-spyware-threat-technical-research Checking For Breached Passwords in Active Directory https://jacksonvd.com/checking-for-breached-passwords-in-active-directory/

ISC StormCast for Monday, August 14th 2017 August 13, 2017

Outlook Web Access Based Attacks https://isc.sans.edu/forums/diary/Outlook+Web+Access+based+attacks/22710/ The Good Phishing Email https://isc.sans.edu/forums/diary/The+Good+Phishing+Email/22712/ Git/CVS/Mercurial and others: ssh vulnerablity http://blog.recurity-labs.com/2017-08-10/scm-vulns Postgresql Vulnerablities https://bugzilla.redhat.com/show_bug.cgi?id=1477185

ISC StormCast for Friday, August 11th 2017 August 10, 2017

Maldoc Analysis With ViperMonkey https://isc.sans.edu/forums/diary/Maldoc+Analysis+with+ViperMonkey/22702/ Microsoft Joins Google/Mozilla in Banishing WoSign and StartCom From Trusted CA List https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/ SMS Touch App Leaking Messages https://www.zscaler.com/blogs/research/mobile-app-wall-shame-sms-touch Mac Adware Mughthesec https://objective-see.com/blog/blog_0x20.html

Episode 17 – Azure Automation August 10, 2017

In Episode 17, Ben and Scott review Azure Automation, Microsoft's cloud-based automation platform. Azure Automation Overview Azure Automation Integration Modules Variable assets in Azure Automation Credential assets in Azure Automation Runbook execution in Azure Automation Checkpoints in PowerShell Workflow Azure Automation: Reliable, Fault-Tolerant Runbook Execution Using Checkpoints Automate resources in Read More

ISC StormCast for Thursday, August 10th 2017 August 09, 2017

DirectDefense Accuses Carbon Black of Data Leak https://www.carbonblack.com/2017/08/09/directdefense-incorrectly-asserts-architectural-flaw-in-cb-response/ https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/ Vulnerabilities in Solar Generation https://horusscenario.com Hunting Malicious npm Packages https://duo.com/blog/hunting-malicious-npm-packages

ISC StormCast for Wednesday, August 9th 2017 August 08, 2017

Microsoft Updates https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2017/22694/ Adobe Updates https://helpx.adobe.com/security.html Android Patches https://source.android.com/security/bulletin/2017-08-01 How Are People Fooled By This? Email To Sign a Contract Provides Malware https://isc.sans.edu/forums/diary/How+are+people+fooled+by+this+Email+to+sign+a+contract+provides+malware+instead/22696/

ISC StormCast for Tuesday, August 8th 2017 August 07, 2017

PHPMyAdmin Scans https://isc.sans.edu/forums/diary/Increase+of+phpMyAdmin+scans/22688/ Hotspot Shield Leakes Private User Data https://cdt.org/files/2017/08/FTC-CDT-VPN-complaint-8-7-17.pdf Debian Turning Off Support for TLS 1.0/1.1 https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html Ongoing Phishing Attacks Against Google Chrome Plugin Developers https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/

ISC StormCast for Monday, August 7th 2017 August 06, 2017

Opengraph Used to Obfuscate Facebook Links https://isc.sans.edu/forums/diary/Use+of+the+Open+Graph+Protocol+to+Disguise+Malicious+Facebook+Links/22684/ Cerber Adding Bitcoin and Password Stealer to Crypto Ransomware http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/ Symantec Selling Certificate Business To Digicert https://www.heise.de/security/meldung/Nachspiel-einer-fatalen-Panne-Symantec-verkauft-Zertifikatssparte-an-DigiCert-3793482.html Siemens Medical Imaging Systems Vulnerable to Old Windows Flaws https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184.pdf

ISC StormCast for Friday, August 4th 2017 August 03, 2017

Raspberry Pi Honeypot https://github.com/DShield-ISC/dshield Troy Hunt Releases Password List https://haveibeenpwned.com/Passwords Typosquatting npm Packages http://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry SEC503: Intrusion Detection in Depth Berlin (Oct 23rd-28th) https://www.sans.org/event/berlin-2017/course/intrusion-detection-in-depth

ISC StormCast for Thursday, August 3rd 2017 August 02, 2017

Attacking NoSQL Applications https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications+part+2/22676/ Web Developer Chrome Toolbar Replaced with AdWare https://twitter.com/chrispederick Android Banking Trojans https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/ Amazon Stops Selling Blu Smartphones http://www.zdnet.com/article/amazon-halts-blu-phone-sales-over-potential-security-issue/

ISC StormCast for Wednesday, August 2nd 2017 August 01, 2017

Detect SMB Versions with nmap https://isc.sans.edu/forums/diary/Rooting+Out+Hosts+that+Support+Older+Samba+Versions/22672/ CopyFish Google Chrome Extension Replaced by Adware https://a9t9.com/blog/chrome-extension-adware/ StartCom Applying to be Included in Mozilla SSL CAs again https://bugzilla.mozilla.org/show_bug.cgi?id=1311832#c12 McAffee Uses Mixed SSL/nonSSL Content For Online Malware Scan https://blogs.securiteam.com/index.php/archives/3350 Netflix Releases DoS Testing Tool https://medium.com/netflix-techblog/starting-the-avalanche-640e69b14a06

Older Entries Newer Entries