Ghidra tips for IDA users: Automatic Comments for API Call Parameters https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+0+automatic+comments+for+API+call+parameters/24806/ Security Awareness Newsletter: Making Passwords Simple https://www.sans.org/security-awareness-training/resources/making-passwords-simple IRS Themed Phishing Emails https://www.proofpoint.com/us/threat-insight/post/tax-themed-email-campaigns-target-2019-filers Large Leak of Facebook User Data via 3rd Party App https://www.upguard.com/breaches/facebook-user-data-leak Arbitrary Command Execution in PostgreSQL https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
Common "OpenAction" False Positive in PDFs Created by OpenOffice https://isc.sans.edu/forums/diary/Analysis+of+PDFs+Created+with+OpenOfficeLibreOffice/24798/ Android Monthly Update https://source.android.com/security/bulletin/2019-04-01#2019-04-01-details Malicious Android App Forwards Banking Calls to Attacker https://www.blackhat.com/asia-19/briefings/schedule/index.html#when-voice-phishing-met-malicious-android-app-13419 Google Allowing WebAuthn Login from Firefox/Edge https://twitter.com/christiaanbrand/status/1111430192596025347 All Your Data Are Belong to Us: Defending Against Credential Stuffing Attacks https://www.sans.org/webcasts/data-belong-us-defend-credential-stuffing-110340
Annotating Golang Binaries with Cutter and Jupyter https://isc.sans.edu/forums/diary/Annotating+Golang+binaries+with+Cutter+and+Jupyter/24790/ ASUS Targeted MAC Addresses Available for Download https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/ Weaponized Version of New Zealand Attack Manifesto https://bluehexagon.ai/blog/weaponized-version-of-new-zealand-terror-suspects-manifesto-discovered-in-the-wild/ Kubernetes Directory Traversal https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/ VMWare Patches https://www.vmware.com/security/advisories/VMSA-2019-0005.html
Creating Your Own Passive DNS Logs https://isc.sans.edu/forums/diary/Running+your+Own+Passive+DNS+Service/24784/ Incomplete Patch for Cisco RV320 Routers https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-003/-cisco-rv320-unauthenticated-configuration-export https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-004/-cisco-rv320-unauthenticated-diagnostic-data-retrieval TPLink Debug Port Vulnerability https://twitter.com/mjg59/status/1111106885736787975 https://pastebin.com/GAzccR95
Ben and Scott dive into the slew of announcements from the last week, including upcoming changes to Microsoft Defender, Windows Virtual Desktop in Azure, and updates for Microsoft Teams.
Microsoft Releases Application Guard for Firefox and Chrome https://blogs.windows.com/windowsexperience/2019/03/15/announcing-windows-10-insider-preview-build-18358/ New Set of LTE Vulnerabilities https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf NVidia Privilege Escalation https://rhinosecuritylabs.com/application-security/nvidia-arbitrary-file-writes-to-command-execution-cve-2019-5674/
Apple Updates https://support.apple.com/en-us/HT201222 ASUS Response to Kaspersky Report https://www.asus.com/News/hqfgVUyZ6uyAyJe1 Firefox Importing Windows Root Certificates https://bugzilla.mozilla.org/show_bug.cgi?id=1533397 UC Webbrowser MITM Vulnerability https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/
ASUS Live Update "ShadowHammer" Backdoor https://www.kaspersky.com/blog/shadow-hammer-teaser https://shadowhammer.kaspersky.com/ Telegram Unsent Feature https://techcrunch.com/2019/03/25/going-going-gone/ F5 Big IP Updates https://support.f5.com/csp/article/K14812883
Reversing Malware Written In Golang https://isc.sans.edu/forums/diary/Introduction+to+analysing+Go+binaries/24770/ More "VelvetSweatshop" Maldocs https://isc.sans.edu/forums/diary/VelvetSweatshop+Maldocs/24772/ Reading QR Codes in Python https://isc.sans.edu/forums/diary/Decoding+QR+Codes+with+Python/24774/ Pwn2Own Contest: Firefox, Safari, Edge and others fall https://www.zdnet.com/article/tesla-car-hacked-at-pwn2own-contest/ Norwegian Nokia Phones Sent Data to China (Article in Norwegian) https://nrkbeta.no/2019/03/21/norske-telefoner-sendte-personopplysninger-til-kina/ Java Card Vulnerabilities https://seclists.org/fulldisclosure/2019/Mar/35
Google Photo Cross-Site-Leak Exposes Picture Meta Data https://www.imperva.com/blog/now-patched-google-photos-vulnerability-let-hackers-track-your-friends-and-location-history/ Fake CDC EMails Spread GandCrab Ransomware https://myonlinesecurity.co.uk/fake-cdc-flu-pandemic-warning-delivers-gandcrab-5-2-ransomware/ Atlassian Sourcetree Vulnerability https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html Microsoft Defender for MacOS https://www.theregister.co.uk/2019/03/21/microsoft_defender_atp/
Using Active Directory (AD) To Find Hosts That Are Not in AD https://isc.sans.edu/forums/diary/Using+AD+to+find+hosts+that+arent+in+AD+fun+with+the+IPAddress+construct/24762/ Microsoft Anti Malware Crashing Windows https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance&prof=required Reduction in DDoS Attacks https://www.nexusguard.com/threat-report-q4-2018
Putty Updates https://www.chiark.greenend.org.uk/~sgtatham/putty/ Fujitsu Wireless Keyboard Vulnerabilities https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt Signed Malware Goes Undetected https://twitter.com/malwrhunterteam/status/1104082562216062978/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1104082562216062978&ref_url=https%3A%2F%2Fwww.theregister.co.uk%2F2019%2F03%2F18%2Fsecurity_roundup_150319%2F Free Support for Ubuntu 14.04 LTS Ends in April https://lists.ubuntu.com/archives/ubuntu-announce/2019-March/000241.html Latest Mirai Version with Even More Exploits https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
Binary Analysis With Jupyter and Radare2 https://isc.sans.edu/forums/diary/Binary+Analysis+with+Jupyter+and+Radare2/24748/ IMAP Brute Forcing against Cloud Accounts https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols Google Allows GSuite Users to Disable SMS/Voice Authentication https://gsuiteupdates.googleblog.com/2019/03/more-control-over-2-step-verification-security-phone-sms.html Sniffing Bitlocker Keys from TPM https://pulsesecurity.co.nz/articles/TPM-sniffing
Analyzing ZIP Files in Ghydra https://isc.sans.edu/forums/diary/Tip+Ghidra+ZIP+Files/24732/ 64 Bit Certificate Serial Number Revocation https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/ Cisco Default Account Problem https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv Intel Patches https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Ben and Scott dive into Azure Sentinel, a new cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution from Microsoft.
DevOps Tool StackStorm Vulnerability https://quitten.github.io/StackStorm/ Developers Will Not Code Secure By Default https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf Gaming Industry Supply Chain Attack https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/
Reversing HTA Files https://isc.sans.edu/forums/diary/Quick+and+Dirty+Malicious+HTA+Analysis/24728/ Apache SOLR Patch https://issues.apache.org/jira/browse/SOLR-13301 Windows 7 + Google Chrome Exploit in the Wild https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html Vulnerable Car Alarms https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
