News

Hancitor/Pny/Vawtrak installed by Malicious Word Document in Fake Parking Ticket E-Mail https://isc.sans.edu/forums/diary/HancitorPonyVawtrak+malspam/21919/ Godaddy Revokes > 6,000 SSL Certs After Validation Bug https://www.godaddy.com/garage/godaddy/information-about-ssl-bug/ DVR Master Password List Leaked https://www.pentestpartners.com/blog/leaked-dvr-creds-added-to-the-iot-fail-list/ Autofill Enables Information Leakage https://github.com/anttiviljami/browser-autofill-phishing

Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/January+2017+Microsoft+Patch+Tuesday/21915/ Adobe Patch Tuesday Summary https://isc.sans.edu/forums/diary/Adobe+January+2017+Patches/21917/ Port 37777 "MapTable" Requests https://isc.sans.edu/forums/diary/Port+37777+MapTable+Requests/21913/ CVE 2016-7200/7201 Exploit Included in Sundown Exploit Kit http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html

Damn Vulnerable Web Sockets (DVWS) Demonstrates WebSocket Vulnerabilities https://github.com/interference-security/DVWS St. Jude Medical Patches Vulnerable Cardiac Devices https://threatpost.com/st-jude-medical-patches-vulnerable-cardiac-devices/122955/ Cracking Hashes of Passwords 12 Characters and Longer http://www.netmux.com/blog/cracking-12-character-above-passwords VNC Library Update https://www.debian.org/security/2017/dsa-3753

Careful With Security Tools That Submit Files to Virustotal https://isc.sans.edu/forums/diary/Great+Misadventures+of+Security+Vendors+Absurd+Sandboxing+Edition/21895/ Vulnerable Security Tools Can Be Used Against You https://isc.sans.edu/forums/diary/Using+Security+Tools+to+Compromize+a+Network/21903/ Elaborate Ransomware Attacks http://www.actionfraud.police.uk/news/department-of-education-ransomware-alert-jan17 E-Mail and iTunes Popup Extortion https://blog.malwarebytes.com/101/mac-the-basics/2017/01/tech-support-scam-page-attempts-denial-of-service-via-mail-app/

Google.com.br DNS Hijack https://www.linkedin.com/pulse/googlecombr-hacked-renato-marinho Attackers Use Stolen Passwords To Take Over Spreadshirt.com Accounts. https://www.heise.de/security/meldung/Angriff-auf-Spreadshirt-Konten-3589579.html (sorry, only in German) Ransomware Adding DDoS Component https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/ Old Malware Returning in Targeted Attacks https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose

GRE Packets May Be Related To Linux Kernel Bug http://www.openwall.com/lists/oss-security/2016/10/13/11 Insecure MongoDB Instances Hit By Fake Ransomware https://twitter.com/0xDUDE Android Security Update https://source.android.com/security/bulletin/2017-01-01.html Identifying WordPress Websites on Local Networks https://www.netsparker.com/blog/web-security/bruteforce-wordpress-local-networks-xshm-attack/

Removing "Ransom Ware" From Android Based LG TVs https://www.youtube.com/watch?v=0WZ4uLFTHEE libpng Patches 30 Year Old Bug http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567619 Kaspersky Antivirus SSL Interception Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=978 Thunderbird Update Fixes Critical Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/

AT&T 2G Network Shutdown https://www.att.com/esupport/article.html#!/wireless/KM1084805 Leap Second https://blog.cloudflare.com/how-and-why-the-leap-second-affected-cloudflare-dns/ Thunderbird Patch https://www.heise.de/security/meldung/Thunderbird-Mozilla-schliesst-mit-Sicherheitsupdate-kritische-Luecken-3583472.html iMessage Crash https://vincedes3.com/crash-message-app-iphone/ Truffle Hog https://github.com/dxa4481/truffleHog

Protocol 47 (GRE) Traffic https://isc.sans.edu/forums/diary/Increase+in+Protocol+47+denys/21865/ US Cert Releases "Grizzly Steppe" Report https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity Android Malware Changes Router DNS Settings https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/

More PHPMailer Issues. Update Again https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities CCC Talk: Lockpicking in the IoT https://media.ccc.de/v/33c3-8019-lockpicking_in_the_iot CCC Talk: IPv6 Scanning https://media.ccc.de/v/33c3-8061-you_can_-j_reject_but_you_can_not_hide_global_scanning_of_the_ipv6_internet

Using Daemonlogger as a Software Tap https://isc.sans.edu/forums/diary/Using+daemonlogger+as+a+Software+Tap/21859/ CCC Conference https://events.ccc.de/congress/2016/wiki/Main_Page PHPMailer Exploit Released https://legalhackers.com/exploits/CVE-2016-10033/PHPMailer-RCE-exploit-poc.txt Patch For Exim Mail Server https://exim.org/static/doc/CVE-2016-9963.txt Signal Uses Domain Fronting To Evade Censor Ship https://whispersystems.org/blog/doodles-stickers-censorship/

Criticial RCE Flaw in PHPMailer https://isc.sans.edu/forums/diary/Critical+security+update+PHPMailer+5218+CVE201610033/21855/ Malware Delays Execution with "Ping" https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/ Apple Extends TLS Deadline https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/

Mirai Trying Various Telnet Alternatives https://isc.sans.edu/forums/diary/UPDATED+x1+Mirai+Scanning+for+Port+6789+Looking+for+New+Victims+Now+hitting+tcp23231/21833/ Ukraining Power Outages http://uawire.org/news/ukrenergo-claims-that-blackouts-in-kyiv-could-have-been-caused-by-hackers OurMine Hacks Netflix and Other Twitter Accounts http://www.bbc.com/news/technology-38390343?ocid=socialflow_twitter Methbot Generating Millions of Dollars With Click Fraud http://go.whiteops.com/rs/179-SQE-823/images/WO_Methbot_Operation_WP.pdf

vSphere Data Protection Known SSH Key http://www.vmware.com/security/advisories/VMSA-2016-0024.html nmap Update https://nmap.org/download.html SCCM Software Metering https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html CryptXXX Version 3 Decryptor Available https://noransom.kaspersky.com Airline Inflight Entertainment System Hack http://blog.ioactive.com/2016/12/in-flight-hacking-system.html SEC503, Intrusion Detection in Depth: Brussles January 16th-21st 2017 https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth

Mirai Likely Behind Port 6789 Scans. Yet Another Backdoor https://isc.sans.edu/forums/diary/Mirai+Scanning+for+Port+6789+Looking+for+New+Victims/21833/ OpenSSH update https://www.openssh.com/releasenotes.html#7.4 Google Releases Tool to Audit Crypto Libraries https://security.googleblog.com/2016/12/project-wycheproof.html Escaping A Restricted Shell https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/

Verizon Webmail XSS Exploit https://randywestergren.com/persistent-xss-verizons-webmail-client/ Blocking Powershell Connections via Windows Firewall https://isc.sans.edu/forums/diary/Blocking+Powershell+Connection+via+Windows+Firewall/21829/ Exploit Kits Delivering Cerber Ransomware https://isc.sans.edu/forums/diary/One+if+by+email+and+two+if+by+EK+The+Cerbers+are+coming/21823/ More Security Companies joining "No More Ransom" https://www.nomoreransom.org IT Contractor Trying to Take Over Radio Station https://regmedia.co.uk/2016/12/16/kcohvtaylorfiling.pdf Holiday Safe Computing Tips https://isc.sans.edu/forums/diary/Holiday+Safe+Computing+Tips/21827/

Domain Cops Malware Analysis https://isc.sans.edu/forums/diary/Domaincop+malpsam/21821/ OS X Filevault Password Retrieval http://blog.frizk.net/2016/12/filevault-password-retrieval.html QEMU/Xen Vulnerability http://xenbits.xen.org/xsa/advisory-199.html DNS Changer Attacking Home Routers https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices

Malicious JavaScript Bypasses UAC https://isc.sans.edu/forums/diary/UAC+Bypass+in+JScript+Dropper/21813/ Skype Unauthorized API Access Blocked https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-OS-X/?page=1&year=0&month=0 Facebook Anounces Certificate Transparency Monitoring Tool https://www.facebook.com/notes/protect-the-graph/introducing-our-certificate-transparency-monitoring-tool/1811919779048165 Another Tor Browser (and Firefox) Bug Fixed https://blog.torproject.org/blog/tor-browser-608-released Cheap Android Phones Arrive With Malware Preinstalled https://news.drweb.com/show/?i=10345&lng=en Exploit for Nagios https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html

Microsoft Patch Tuesday + Adobe Flash https://isc.sans.edu/mspatchdays.html?viewday=2016-12-13 Apple Updates https://support.apple.com/en-us/HT201222 More Netgear Products Vulnerable; Beta Patch Available http://kb.netgear.com/000036386/CVE-2016-582384?cid=wmt_netgear_organic iOS Profile Vulnerability PoC Available https://cxsecurity.com/issue/WLB-2016110046

Apple Releases Patches for iOS/WatchOS and tvOS https://support.apple.com/en-us/HT201222 Windows 8/10 Update Causing DHCP Problems https://community.plus.net/t5/Broadband/Windows-8-10-Issues/m-p/1393675#M310992 McAfee VirusScan Enterprise for Linux Vulnerabilities https://nation.state.actor/mcafee.html Snowball Marketing for Ransomware https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/ Europol Arrests DDoS Miscreants http://www.theregister.co.uk/2016/12/12/europol_arrests_34_ddos_kiddies/ 5 Questions to Ask you IoT Vendor https://isc.sans.edu/forums/diary/5+Questions+to+Ask+your+IoT+Vendors+But+Do+Not+Expect+an+Answer/21807/