Tech News

RSA Panel Video https://www.rsaconference.com/videos/the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them Disposable E-Mail Addresses https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Disposable+Email+Addresses/24716/ NetApp Default Account Vulnerability https://security.netapp.com/advisory/ntap-20190305-0001/ Cisco NS-OS NX-API Privilege Escalation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj Slub Backdoor Users GitHub and Slack https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/

Ben and Scott start their day trying to understand the psychology of Microsoft and their latest marketing efforts for Office on the desktop and then they discuss the recent outages in Microsoft Teams and alerts in Azure Monitor.

More Resume Malspam. Now With Trickbot and EternalBlue https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/ Cloudflare Deploys Rules to Protect Against Recent Drupal Exploit https://www.bleepingcomputer.com/news/security/cloudflare-deploys-firewall-rule-to-block-new-drupal-exploits/ Cisco DoS Vulnerability Activity Exploited https://www.pentestpartners.com/security-blog/cisco-rv130-its-2019-but-yet-strcpy/ MonitorKit uses macOS Game Engine to Analyze Security Events https://github.com/objective-see

Comcast Uses same "0000" PIN For All Number Porting Requests https://nakedsecurity.sophos.com/2019/03/05/comcast-security-nightmare-default-0000-pin-on-everybodys-account/ NSA Releases Ghidra Reverse Analysis Tool https://ghidra-sre.org/ Recent Google Chrome Vulnerability Being Exploited https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html?m=1 Android Monthly Security Bulletin https://source.android.com/security/bulletin/2019-03-01

MacOS Unpatched Privilge Escalation Vulnerability made Public https://bugs.chromium.org/p/project-zero/issues/detail?id=1726 Windows Exploit Suggester Next Generation Released https://github.com/bitsadmin/wesng Docker Vulnerability used for Crypto Miners https://www.imperva.com/blog/hundreds-of-vulnerable-docker-hosts-exploited-by-cryptocurrency-miners/ Russian GPS Jamming Exercises https://thebarentsobserver.com/en/security/2019/03/russian-military-officials-arrive-oslo-norway-provides-facts-gps-jamming

Cisco Router Patch https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex Coldfusion Patch and Exploit https://www.carehart.org/blog/client/index.cfm/2019/3/1/urgent_CF_security_update_Part_1 Ransomware Impersonates Protonmail https://twitter.com/demonslay335/status/1097866931762282498 eBay Site Used for eBay Phish (article in German) https://www.heise.de/security/meldung/eBay-Phishing-auf-eBay-Seite-4324266.html

Emotet Backend Analysis https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/ Kaspersky Vs. Chromecast https://www.bleepingcomputer.com/news/security/kaspersky-av-having-certificate-conflicts-with-google-chromecast/ MageCart Updates https://www.riskiq.com/research/inside-magecart/

Ben and Scott have a chat with Sarah Lean, a Cloud Solution Architect from Microsoft about why you should be looking at the cloud and how to govern your Azure environments.

Coinhive Shutting Down https://coinhive.com/blog/en/discontinuation-of-coinhive Azure Blob Storage Phishing https://www.edgewave.com/phishing/feeling-blue-about-phishing/ Old 2014 Elastic Search Vulnerability Exploited https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html Latest Drupal Vulnerability Exploited https://www.imperva.com/blog/latest-drupal-rce-flaw-used-by-cryptocurrency-miners-and-other-attackers/ F5 Big IP Patches https://support.f5.com/csp/article/K91026261

Thunderbolt "Thunderclap" Vulnerabilities https://thunderclap.io/thunderclap-paper-ndss2019.pdf Altering Signed PDF Documents https://www.pdf-insecurity.org/ NVidia Patches https://nvidia.custhelp.com/app/answers/detail/a_id/4772

WinRAR ACE Vulnerabilty used in Malspam https://twitter.com/360TIC/status/1099987939818299392 Sextortion Email With QR Code https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/ ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation https://www.icann.org/news/announcement-2019-02-22-en Android FIDO2 Certification https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/

B0ront0k Linux Server Ransomware https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/ Cr1pt0r Ransomware Targets DLink NAS Devices https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3 LinkedIn Messages Used to Push Fake Job Offers https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers

Adobe Re-Patches Reader/Acrobat Data Leakage Bug https://helpx.adobe.com/security/products/acrobat/apsb19-13.html Microsoft Releases Fix for DoS Vulnerability in IIS https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005 Drupal Fixes Remote Code Execution Vulnerability https://www.drupal.org/sa-core-2019-003 Linux Kernel Code Execution Vulnerablity https://nvd.nist.gov/vuln/detail/CVE-2019-8912 MikroTik Unauthenticated Proxy https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24

Ben and Scott dive into the latest Office 365 and SharePoint Online updates, including access to mega menus in Hub sites and new options for footers in Communication sites, new options for security baselines in InTune, and how to use the Graph Security API with Azure Logic Apps, Flow, and Read More

Microsoft Edge Whitelists Facebook to Run Flash https://bugs.chromium.org/p/project-zero/issues/detail?id=1722 Chinese Android Banking App Stores Screenshots of Other Apps https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html Password Manager Vulnerabilities https://www.securityevaluators.com/casestudies/password-manager-hacking/

Russian Malspam Pushing Shade/Troldesh Ransomware https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/ Bitdefender Releases GandCrab Decrypter https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/ Bank Infrastructure Used in Phishing Attacks (russian) https://www.group-ib.ru/blog/incident SHA-2 Patch For Windows 7 / 2008 R2 SP1 https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus

Know What You Are Logging https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/ Spectre Software Mitigation Insufficient https://arxiv.org/pdf/1902.05178.pdf VMWare Releases Update To Address runc Vulnerability https://www.vmware.com/security/advisories/VMSA-2019-0001.html Swedish Healthcare Breach Leaks Phone call Recordings https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet

Snap Patches Available https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing Finding Property Values in Office Documents https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/ Bro-Sysmon https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88 Cryptojacking Apps in Microsoft App Store https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store

PDF includes SMB Link https://isc.sans.edu/forums/diary/Suspicious+PDF+Connecting+to+a+Remote+SMB+Share/24646/ QNAP Malware https://www.qnap.com/en/security-advisory/nas-201902-13 Bomb Threat Spammers Arrested https://www.justice.gov/usao-cdca/pr/members-hacker-collective-face-federal-charges-attacking-computer-systems-emailing-mass Managed Service Providers Targeted By Ransomware https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/

Scott and Ben talk all things Azure Front Door, a Layer 7 service which can be used to optimize web applications for best performance, instant global failover, and application layer security.