Unpatched Vulnerablity in WebLogic Exploited https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+Alert+WebLogic+Zero+Day/24880/ Collecting Windows Service Accounts https://isc.sans.edu/forums/diary/Service+Accounts+Redux+Collecting+Service+Accounts+with+PowerShell/24882/ Confluence Vulnerablity Exploited by GandGrab https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/ New Micrsoft Security Baseline for Windows 10 / Windows Server https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/
In Episode 122, Ben and Scott talk about strategies for saving money on virtual machines in Azure by stopping them when they’re not needed, right-sizing your workloads, and techniques for horizontal scaling with Azure autoscale. Sponsors Mover.io - Scan, Plan, Migrate, Report. Migrations that don’t suck - with Mover! Sperry Read More
Rooting Out Unwanted Domain Admins With Powershell https://isc.sans.edu/forums/diary/Where+have+all+the+Domain+Admins+gone+Rooting+out+Unwanted+Domain+Administrators/24874/ Mac OS X-Protect Now Covering Windows Malware https://twitter.com/patrickwardle/status/1120771284286103552 Wifi Finder Leaks Hotspot Passwords https://techcrunch.com/2019/04/22/hotspot-password-leak/ Github Hosting Phishing Pages https://www.proofpoint.com/us/threat-insight/post/threat-actors-abuse-github-service-host-variety-phishing-kits RSA Webinar: The Five Most Dangerous New Attack Techniques and How to Counter Them https://www.rsaconference.com/videos/rsac-2019-the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them-continued
Decoding Malicious VBA Office Document Without Source Code https://isc.sans.edu/forums/diary/Malicious+VBA+Office+Document+Without+Source+Code/24870/ More Updates on "ShadowHammer" Supply Chain Attack https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/ A Malicious Sight in Google Sites https://www.netskope.com/blog/malicious-google-sites
.rar Files Exploiting ACE Vulneraiblity CVE-2018-20250 https://isc.sans.edu/forums/diary/rar+Files+and+ACE+Exploit+CVE201820250/24864/ Malware Senders Become Younger and Less Sophisticated (in German) https://www.heise.de/security/meldung/Malware-Verteiler-werden-immer-juenger-infizieren-sich-oft-selbst-4403823.html McAfee Antivirus Affected by April Windows Update Crashes http://kc.mcafee.com/corporate/index?page=content&id=KB91465 Rules to Protect Against Azure Blog Phishing in Outlook 365 https://malware-research.org/simple-rule-to-protect-against-spoofed-windows-net-phishing-attacks/ Windows 7 End of Support Messages https://www.windowslatest.com/2019/04/20/windows-7-users-are-now-receiving-the-end-of-support-notifications/
Analyzing UDF Files Using Python https://isc.sans.edu/forums/diary/Analyzing+UDF+Files+with+Python/24860/ HTML Ping To Be Adopted By All Major Browsers https://webkit.org/blog/8821/link-click-analytics-and-privacy/ Microsoft to Modify Edge User Agent for Some Sites https://www.onmsft.com/news/new-edge-insider-browser-can-change-user-agent-strings-based-on-what-website-youre-visiting French Government Chat System Used Weak User Management https://m.heise.de/security/meldung/Tchap-Frankreichs-nicht-so-exklusiver-Regierungschat-4403961.html
Malware Delivered As a UDF .img file https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/ Facebook Stored Passwords in Plain Text https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/ Iranian Statesponsored Malware and Data Leaked https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html Windows 8 Live Tiles Domain Takeover https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-ueber-windows-kacheln-1904-140709.html
In Episode 121, Ben and Scott walk through some of the latest announcements for Azure Storage and Azure AD. Sponsors Mover.io - Scan, Plan, Migrate, Report. Migrations that don’t suck - with Mover! Sperry Software - Powerful Outlook Add-ins developed to make your email life easy even if you’re too Read More
PoC Exploit for Windows 10 DHCP Client Vulnerability CVE-2019-0726 (russian) https://habr.com/ru/company/pt/blog/448378/ Oracle April 2019 Critical Patch Update https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html WiPro Breached Via Phishing Attacks https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/ IDA and GHydra Part 2 (Strings And Parameters) https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+2+strings+and+parameters/24848/
Common "False Positives" in DNS Query Logs https://isc.sans.edu/forums/diary/Odd+DNS+Requests+that+are+Normal/24844/ Adblock Plus Allows Filter List Providers to Inject Code in Pages https://armin.dev/blog/2019/04/adblock-plus-code-injection/ Executables in Polyglot DICOM Images https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf Malicious/Misleading VPN Ads https://www.bleepingcomputer.com/news/security/mobile-vpns-promoted-by-you-are-infected-or-hacked-ads/
Configuring MTA-STS https://isc.sans.edu/forums/diary/Configuring+MTASTS+and+TLS+Reporting+For+Your+Domain/24840/ How to Find Hidden Cameras in Your AirBNB https://isc.sans.edu/forums/diary/How+to+Find+Hidden+Cameras+in+your+AirBNB/24834/ Insecure Storage of VPN Credentials https://www.kb.cert.org/vuls/id/192371/ Microsoft Patch Problems https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472 https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446 Internet Explorer XML External Entity Vulnerability http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
GMail Will Be Supporting MTA-STS and SMTP TLS Reporting https://tools.ietf.org/html/rfc8461 https://tools.ietf.org/html/rfc8460 https://www.zdnet.com/article/gmail-becomes-first-major-email-provider-to-support-mta-sts-and-tls-reporting/ Juniper Patch Fixes Static Password in Junos OS https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10923&actp=METADATA Uniden Commercial IP Camera Site Hosting Malware https://twitter.com/JayTHL/status/1116200014630596609
Microsoft and Adobe Patches https://isc.sans.edu/forums/diary/Microsoft+April+2019+Patch+Tuesday/24826/ https://helpx.adobe.com/security.html Fake "Food Poisoning" emails in Germany (in german) https://www.polizei-praevention.de/aktuelles/erneut-mails-mit-schadsoftware-gegen-gewerbetreibende-im-umlauf.html Vulnerability in Apache Axis https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/ Golang DLL Injection Vulnerability https://www.openwall.com/lists/oss-security/2019/04/09/1
GHidra vs. IDA https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+1+the+decompilerunreachable+code/24822/ TrendMicro Patch https://success.trendmicro.com/solution/1122250 Dovecot Patch https://dovecot.org/list/dovecot-news/2019-March/000403.html Apache CVE-2019-0211 Exploit https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache Using JavaScript in Exploits https://www.youtube.com/watch?v=HfpnloZM61I
New Waves of Scans Detected By An Old Rule https://isc.sans.edu/forums/diary/New+Waves+of+Scans+Detected+by+an+Old+Rule/24812/ Xiaomi GuardApp Vulnerable to Man in the Middle https://blog.checkpoint.com/2019/04/04/xiaomi-vulnerability-when-security-is-not-what-it-seems/ Xwo Web Scanner Hunting for MongoDB https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner Vulnerable SmartWatches "Defaced" https://api.heise.de/svc/embetty/tweet/1112326532939374593-images-0 https://www.heise.de/newsticker/meldung/Vidimensio-Smartwatches-Der-Sicherheits-Alptraum-geht-weiter-4359967.html
