News

Cloud Metadata URLs https://isc.sans.edu/forums/diary/Cloud+Metadata+Urls/22046/ Intel Atom C2000 Chip Failures http://www.theregister.co.uk/2017/02/06/cisco_intel_decline_to_link_product_warning_to_faulty_chip/ More W-2 Scams, Now Combined With Wire Transfer Scams https://nakedsecurity.sophos.com/2017/02/08/beware-the-latest-tax-season-spear-phishing-scam/ Macro Malware Coming to MacOS https://objective-see.com/blog/blog_0x17.html

Using Emojis as Passwords https://isc.sans.edu/forums/diary/My+Password+is+taco+Using+Emojis+for+Stronger+Passwords/22042/ Popular iOS Applications Not Using TLS https://medium.com/@chronic_9612/76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-2c9a2409dd1#.nv0mf6w4e Web Bluetooth Security Model https://medium.com/@jyasskin/the-web-bluetooth-security-model-666b4e7eed2#.kqtxdk70h E-Mail Spoofing in GMail https://www.linkedin.com/pulse/aware-sender-spoofing-amongst-gmail-users-renato-marinho

Malicous or Not? Help Me Decide https://isc.sans.edu/forums/diary/Malicious+Or+Not+You+decide/22040/ OpenBSD Http Server DoS Vulnerability https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html Bypassing Tor Browser Via Windows DRM https://www.myhackerhouse.com/windows_drm_vs_torbrowser/ Freedom Hosting II Compromise https://www.scmagazineuk.com/major-dark-web-host-hacked-381000-sets-of-user-details-leaked-online/article/636259/

Base64 Encoded Malware Samples on Pastebin https://isc.sans.edu/forums/diary/Many+Malware+Samples+Found+on+Pastebin/22036/ Cisco Recaling Meraki Access Points over Fatal Hardware Flaw http://www.cisco.com/c/en/us/support/web/clock-signal.html SQL Injection Vulnerability in McAfee e Policy Orchastrator https://kc.mcafee.com/corporate/index?page=content&id=SB10187 Update from Microsoft on SMB 3 Vulnerability https://threatpost.com/microsoft-waits-for-patch-tuesday-to-fix-smb-zero-day/123541/ Malicious Files Sent via Whatsapp to Target Indian Military http://economictimes.indiatimes.com/news/defence/defence-security-forces-alerted-against-whatsapp-virus/articleshow/56258702.cms

SMB 3 0-Day DoS Exploit https://isc.sans.edu/forums/diary/Windows+SMBv3+Denial+of+Service+Proof+of+Concept+0+Day+Exploit/22029/ WordPress Update Silently Fixes Security Flaw https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/ Webroot Update Patches BSOD Flaw https://community.webroot.com/t5/Product-Questions/BSOD-0x50-PAGE-FAULT-IN-NONPAGED-AREA/td-p/284302?sf54120672=1&sf54123115=1 Google Adds Support for Mandatory Two-Factor Authentication to G-Suite https://security.googleblog.com/2017/02/better-and-more-usable-protection-from.html Cisco Prime Home Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home

Multiple Vulnerabilites in tcpdump https://isc.sans.edu/forums/diary/Multiple+Vulnerabilities+in+tcpdump/22017/ Quick Analysis of Data Left Available by Attackers https://isc.sans.edu/forums/diary/Quick+Analysis+of+Data+Left+Available+by+Attackers/22015/ Securing The Human Ouch! Newsletter https://securingthehuman.sans.org/ouch/ Redis CSRF Vulnerability Exploit https://github.com/dxa4481/whatsinmyredis

Fileless UAC Bypass Used to Drop Keybase Malware https://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/ Apple Removes Activation Lock Test Tool After Abuse https://www.macrumors.com/2017/01/30/activation-lock-website-used-in-hack/ Multiple Vulnerabilities in tcpdump https://www.debian.org/security/2017/dsa-3775 Postscript Printer Vulnerabilities http://seclists.org/fulldisclosure/2017/Jan/89 Stop Disabling SELinux https://learntemail.sam.today/blog/stop-disabling-selinux:-a-real-world-guide/

py2exe Decompiling Part 2 https://isc.sans.edu/forums/diary/py2exe+Decompiling+Part+2/22005/ Telemarketer Leaks Call Recordings https://mackeeper.com/blog/post/326-telemarketing-company-leaks-400k-of-sensitive-files Facebook Introduces Delegated Recovery Protocol https://github.com/facebookincubator/DelegatedRecovery/ https://raw.githubusercontent.com/facebookincubator/DelegatedRecovery/master/draft-hill-delegated-recovery.raw.txt Another Cisco WebEx Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Cryptkeeper Does Not Correctly Encrypt Folders https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751

Port 5358 Scans for Devices https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/ OpenSSH Vulnerablity http://www.openwall.com/lists/oss-security/2017/01/26/2 Ransomware Hits Traffic Cameras in DC https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html Hotel Hit By Ransomware http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms Not So Private Android VPNs http://www.icir.org/vern/papers/vpn-apps-imc16.pdf Google Starting its own Certificate Authority https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html

IOCs: Risks of False Positive Floods https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/ Android Ransomware in Google Play Store http://blog.checkpoint.com/2017/01/24/charger-malware/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html#y2017 Facebook To Implement U2F (FIDO) Login https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766 WebEx Update https://bugs.chromium.org/p/project-zero/issues/detail?id=1100

Cisco WebEx Remains Vulnerable. Other Browsers Affected https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Malicious SVG Files Fund in the Wild https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/ W2 Scams Hitting Again http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html XXE Entity Vulnerability in Uber https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1 Firefox 51 Released https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/

Cisco Releases Patch for Chrome Webex Plugin https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/ Companies Fall For Fake Ransomware https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/ systemd priviledge escalation vulnerablity http://www.openwall.com/lists/oss-security/2017/01/24/4 nginx update released http://nginx.org/en/CHANGES

Experimenting With IPv6 Fragments https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/ Apple Updates Everything https://support.apple.com/en-us/HT201222 WebEx Secret Install URL https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 Vulnerability in Symantec Norton Download Manager https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00 Exploit for Microsoft RDC Client on Mac https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution

Sage 2.0 Ransomware https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/ Starwars Twitter Botner https://regmedia.co.uk/2017/01/20/starwarsbotnet.pdf Symantec Messes Up SSL Certificates Again https://www.mail-archive.com/[email protected]/msg05455.html Github CSP Experiences https://githubengineering.com/githubs-post-csp-journey/ Podcast Survey https://www.surveymonkey.com/r/sbn2017

Open Hadoop Instances Are At Risk http://www.threatgeek.com/2017/01/open-hadoop-installs-wiped-worldwide.html Upcoming SHA-1 Deadlines https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ Google "Verify Apps" Algorithm https://blog.google/topics/connected-workspaces/silence-speaks-louder-words-when-finding-malware/ Practical JSONP Injection https://securitycafe.ro/2017/01/18/practical-jsonp-injection/ Necurs Decline Huring Loky Distribution http://blog.talosintel.com/2017/01/locky-struggles.html

US-Cert Considers Netbios/SMBv1 Harmfull https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices IPv6 Atomic Fragments Can Lead to DDoS Attack https://tools.ietf.org/html/rfc8021 Facebook Was Affectd by ImageTragick Flaw http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html Malwarebytes Identifies Old Mac Backdoor https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/ Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA

domain_stats.py: A Web API For SEIM Phishing Hunts; https://isc.sans.edu/forums/diary/domainstatspy+a+web+api+for+SEIM+phishing+hunts/21943/ Mutiple RCE in ZyXEL/Billion/True Online Routers http://seclists.org/fulldisclosure/2017/Jan/40 Dovecot Passes Security Audit https://wiki.mozilla.org/images/4/4d/Dovecot-report.pdf Dutch Web Developers Left Backdoors Behind http://www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_backdoors_for_carding/ Mobile Applications Contain Secrets https://hackernoon.com/we-reverse-engineered-16k-apps-heres-what-we-found-51bdf3b456bb

Whitelisting File Extensions in Apache https://isc.sans.edu/forums/diary/Whitelisting+File+Extensions+in+Apache/21937/ Wordpress 4.7.1 Updates PHPMailer https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ Tricky Phishing Attacks Harvesting Google Passwords https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ More Refined Browser Fingerprinting Via GPU Features https://drive.google.com/file/d/0B4s900Byvv1ibW5uc1NiU2g3R3c/view

Backup Files Are Good if They are Outside Your Web Servers Document Root https://isc.sans.edu/forums/diary/Backup+Files+Are+Good+but+Can+Be+Evil/21935/ Exploiting Apache Server Status http://blog.mazinahmed.net/2017/01/exploiting-misconfigured-apache-server-status-instances.html WhatsApp Backdoor Controversy https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/ Hardening Windows 10 https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/ Injecting JavaScript Into PDFs http://insert-script.blogspot.in/2016/10/pdf-how-to-steal-pdfs-by-injecting.html

System Resources Utilization Monitor #SRUM https://isc.sans.edu/forums/diary/System+Resource+Utilization+Monitor/21927/ Docker Fixes Privilege Escalation Vulnerability http://seclists.org/fulldisclosure/2017/Jan/21 Taking Over Expired Name Servers https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/ Updated Certificate Revocation Data https://isc.sans.edu/crls.html Shadow Broker Releasing More Tools and Going Dark https://heimdalsecurity.com/blog/security-alert-the-shadow-brokers-windows-hacking-tools/ Extracting Fingerprints from Selfies http://www.japantimes.co.jp/news/2017/01/11/national/crime-legal/researchers-warn-fingerprint-theft-peace-sign/