News

MSFT Re-Releases June Outlook Update https://support.office.com/en-us/article/Outlook-known-issues-in-the-June-2017-security-updates-3f6dbffd-8505-492d-b19f-b3b89369ed9b?ui=en-US&rs=en-US&ad=US&fromAR=1 Iranian Hackers Use Social Media To Collect Data https://www.darkreading.com/attacks-breaches/iranian-hackers-ensnared-targets-via-phony-female-photographer/d/d-id/1329502?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple ShieldFS Self Healing Filesystem http://shieldfs.necst.it/continella-shieldfs-2016.pdf

SMBloris DoS Attack Locks Up Windows https://twitter.com/jennamagius/status/891434286212984832 https://isc.sans.edu/forums/diary/SMBLoris+the+new+SMB+flaw/22662/ Text Banking Attacks https://isc.sans.edu/forums/diary/Text+Banking+Scams/22666/ Nissan Leaf WiFi Vulnerability https://github.com/HackingThings/Publications/blob/cdb72df7c3feffd02593a31d67a34ae353b09114/2017/DC25_Driving%20down%20the%20rabbit%20hole-Mickey_Jesse_Oleksander.pdf

Targeting HTTP's Hidden Attack-Surface http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html Petya/Goldeneye Decrypter https://blog.malwarebytes.com/malwarebytes-news/2017/07/bye-bye-petya-decryptor-old-versions-released/ TinyPot, My Small Honeypot https://isc.sans.edu/forums/diary/TinyPot+My+Small+Honeypot/22654/ Shaun McCullough https://www.sans.org/reading-room/whitepapers/testing/docker-create-multi-container-environments-research-sharing-lateral-movement-37855

Malspam Pushing Emotet Malware https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/ Broadpwn Released http://blog.exodusintel.com/2017/07/26/broadpwn/ Microsoft Announces Windows 10 Bug Bounty https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/ Custom Map Vulnearbilty in Valve Games https://oneupsecurity.com/research/remote-code-execution-in-source-games

Adobe Announces End of Flash for 2020 https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html JA3 Hash To Fingerprint SSL/TLS Connections https://github.com/salesforce/ja3 https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41 New Wave of Apple iCloud Ransom Attacks https://www.heise.de/mac-and-i/meldung/Erneut-iCloud-Erpressungswelle-ueber-Meinen-Mac-suchen-und-Mein-iPhone-suchen-3782075.html

Uber Drivers Targeted in Social Engineering Scam https://isc.sans.edu/forums/diary/Uber+drivers+new+threat+the+passenger/22626/ Mac Malware FruitFly2 https://motherboard.vice.com/en_us/article/zmv79w/mysterious-mac-malware-has-infected-hundreds-of-victims-for-years Exploit Released for Critical Netscaler SD WAN 9.1.2 Vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6316

Malicious .iso Attachments https://isc.sans.edu/forums/diary/Malicious+iso+Attachments/22636/ Maldoc with .lnk File https://isc.sans.edu/forums/diary/Another+lnk+File/22640/ Large Ethereum Hack http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/

Symantec Sloppy Key Verification Leads To Revocation of Certificates https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html Gnome Thumbnailer Executes Code http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html

Bots Searching for Keys and Config Files https://isc.sans.edu/forums/diary/Bots+Searching+for+Keys+Config+Files/22630/ Apple Updates Everything https://support.apple.com/en-us/HT201222 Trend Micro Sees SambaCry Exploits http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/ Google Increases Developer Scrutiny https://developers.googleblog.com/2017/05/updating-developer-identity-guidelines.html

Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html Cisco WebEx Plugin Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex https://bugs.chromium.org/p/project-zero/issues/detail?id=1324&desc=2 Node.JS DoS Vulnerability https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/ Bitdefender Remote Stack Buffer Overflow https://landave.io/2017/07/bitdefender-remote-stack-buffer-overflow-via-7z-ppmd/ Coindash Hack https://twitter.com/coindashio/status/886936799695818752 https://www.coindash.io DowJones Leaks Customer Data via S3 Buckets https://www.upguard.com/breaches/cloud-leak-dow-jones

SMS Phishing Asks Victims to Upload Picture of Token Card https://isc.sans.edu/forums/diary/SMS+Phishing+induces+victims+to+photograph+its+own+token+card/22616/ Critical FreeRADIUS Update https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/ OS X Malware Installs Crypto Messenger Signal https://blog.checkpoint.com/2017/07/13/osxdok-refuses-go-away-money/

NemucodAES UPS Malspam https://isc.sans.edu/forums/diary/NemucodAES+and+the+malspam+that+distributes+it/22614/ Analyzing Malicious Office Document With LNK https://isc.sans.edu/forums/diary/Office+maldoc+lnk/22618/ Gandi Breach Leads to Domain Compromise https://news.gandi.net/en/2017/07/detailed-incident-report/ iSmart Alarm Vulnerabilities http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/

Malware Loads ffmpeg For Video Recording Features https://blog.malwarebytes.com/threat-analysis/2017/07/malware-abusing-ffmpeg/ Password Managers and Cloud Storage https://discussions.agilebits.com/discussion/76956/can-i-still-buy-standalone-license-for-the-1password-no-longer-being-marketed/p8 SAP Point of Sales Express Patch https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-july-2017/ Roderick Currie: Car Hacking Developments https://www.sans.org/reading-room/whitepapers/internet/developments-car-hacking-36607

Simple File Integrity Monitoring With Backup Scripts https://isc.sans.edu/forums/diary/Backup+Scripts+the+FIM+of+the+Poor/22606/ Ethereum Wallet Services Targeted By Scammers http://www.ibtimes.co.uk/ethereum-under-siege-scammers-make-700000-6-days-slack-reddit-phishing-attacks-1629866 MongoDB Security Surprises For Shared Hosting https://medium.com/@alexbyk/mongodb-at-shared-hosting-security-surprises-c441ecb84b54 Trend Micro Vulnerabilities https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities

Microsoft Patch Tuesday https://isc.sans.edu/diary//22602 AT&T Cell Phone Takeover https://carpeaqua.com/2017/07/07/hack-the-planet/ Systemd Invalid Username Bug To Be Fixed https://github.com/systemd/systemd/pull/6300

Takeover of .io TLD https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/ Malwarebytes Quarterly Malware Report https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf OpenBSD Introducing KARL To Randomize Kernel Layout at Boot https://marc.info/?l=openbsd-tech&m=149732026405941&w=2

More DDoS Ransom Demands https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Adversary Hunting With SOF-ELK https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Petya Master Key Published https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F Template Attacks Against Critical Infrastructure http://blog.talosintelligence.com/2017/07/template-injection.html

Finding Odd Domain Names https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/ BitTorrent Sync 2.0 Log Files https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/ Cisco Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2 Finding Weak Password Hashing Algorithms Via Hash Collisions https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/ BIND TSIG Exploit http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf

AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf Microsoft Will Prompt Users to Update Windows 10 https://support.microsoft.com/en-us/help/4023814 Bithumb Bitcoin Exchange Hacked (Article in Korean) http://bithumb.cafe/archives/7329 Turkish Airlines and Emirates Remove Laptop Ban http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/ Ukrainian Authorities Raid MeDoc (Article in Ukrainian) https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/

Microsoft Patches Skype Vulnerability https://www.vulnerability-lab.com/get_content.php?id=2071 SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug) https://github.com/systemd/systemd/issues/6237 Cisco Fixes SNMP Vulnerability in IOS and IOS XE https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp Smartphones Can Be Compromised with shady replacement parts https://iss.oy.ne.ro/Shattered Siemens Fixes Intel AMT Bug https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf Update For libgcrypt https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev