Tech News

Fake Updates Campaign Still Active in 2019 https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/ macOS Malware (Shlayer) Disables Gatekeeper https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/ Microsoft Exchange Server Patch (Errata for yesterday's podcast) https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce Cisco Network Assurance Engine Password Synchronization Issue https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos VFEMail Backup Failure https://www.vfemail.net/

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2019+Patch+Tuesday/24638/ Adobe Updates https://helpx.adobe.com/security.html Ubuntu Linux snapd "dirty_sock" exploit https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html

Severe Docker runc Vulnerability https://seclists.org/oss-sec/2019/q1/119 MacOS Mojave Privacy Flaw https://lapcatsoftware.com/articles/mojave-privacy3.html Android Malware Steals Crypto Addresses from Clipboard https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/ Not An E-Mail Virus, Just Intersting Malware https://isc.sans.edu/forums/diary/Have+You+Seen+an+Email+Virus+Recently/24634/

Phishing Kit with JavaScript Keylogger https://isc.sans.edu/forums/diary/Phishing+Kit+with+JavaScript+Keylogger/24622/ Phishing Via Google Translate https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html iPhone Apps Record Screens https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/ Packet Challenge https://johannes.homepc.org/packet10.txt

Value of UAC https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/ Apple Releases Facetime Patch https://support.apple.com/en-us/HT201222 Skype Video Now Allows For Blurred Background https://blogs.skype.com/news/2019/02/06/introducing-background-blur-in-skype/ Microsoft Exchange Server Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190007

Ben schools Scott on calling in the cloud, including options for inter-org communication, chat, voice, and other traditional phone features that are available in Office 365.

Android Monthly Security Update https://source.android.com/security/bulletin/2019-02-01.html Skia Graphics Library Vulnerability https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html Google Chrome Password Check https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno/related Hancitor HelloFax Malspam https://isc.sans.edu/forums/diary/Hancitor+malspam+and+infection+traffic+from+Tuesday+20190205/24616/

Mitigations against Mimikatz Style Attacks https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks/24612/ LibreOffice Macro Vulnerability https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html Firefox 65 Breaks HTTPS AV Scanning https://bugzilla.mozilla.org/show_bug.cgi?id=1523701 RDP Client Vulnerabilities https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/ DNS "Lookingglass" https://isc.sans.edu/tools/dnslookup.html

Exploiting Struts in vCenter https://isc.sans.edu/forums/diary/Struts+Vulnerability+CVE20175638+on+VMware+vCenter+the+Gift+that+Keeps+on+Giving/24606/ Wikipedia Tech Support Scam https://isc.sans.edu/forums/diary/Wikipedia+Articles+as+part+of+Tech+Support+Scamming+Campaigns/24608/ Stealing MacOS Keychain https://www.youtube.com/watch?v=nYTBZ9iPqsU Beauty Camera Ads for Android include Adware https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/

Sextortion EMail Update https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+cashout+begins/24592/ Ubiquity Devices Used in DDoS Attack https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/?fbclid=IwAR0OUPQIfSV7YsBLvkjoC2WIbe_E4p9WGAM4LCTsL9TKr30I7aQ2Qwqoins Google Chrome Experimenting with Typo Domain Detection https://www.usenix.org/conference/enigma2019/presentation/stark YouTube Copyright Extortion https://www.youtube.com/watch?v=Q0i-sLESXqo

Tracking DNS Changes https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/ SystemD/JournalD PoC Exploit https://capsule8.com/blog/exploiting-systemd-journald-part-1/ Windows Defender Boot Issues https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform Mac Malware Steals Crytocurrency Exchange Cookies https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/

In Episode 110, Ben and Scott start having a discussion about new Azure Fundamentals exam from Microsoft and how it focuses on core concepts of the cloud. In this episode, they get started at the beginning with cloud concepts, such as the differences between IaaS, PaaS, and SaaS. Sponsors Mover.io Read More

Chrome Update https://www.zdnet.com/article/google-chrome-72-removes-hpkp-deprecates-tls-1-0-and-tls-1-1/ Firefox Update https://techdows.com/2019/01/firefox-to-disable-extensions-in-private-browsing-mode-by-default.html Facebook (and Google) Research VPN https://techcrunch.com/2019/01/29/facebook-project-atlas/ https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/ RCE In Samsung Store via "evilgrade" https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/

Phishing Not Ready for IPv6 https://isc.sans.edu/forums/diary/A+Not+So+Well+Done+Phish+Why+Attackers+need+to+Implement+IPv6+Now/24582/ Apple Disables Facetime Group Messages https://www.apple.com/support/systemstatus/ Outlook 365 Safe Link Errors https://twitter.com/Swiss_Jay/status/1090271197193940992

Relaying Exchange's NTLM Autentication to Become Domain Admin https://isc.sans.edu/forums/diary/Relaying+Exchanges+NTLM+authentication+to+domain+admin+and+more/24578/ Facetime Bug Allows Users to Receive Audio before Call is Accepted https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/ AZORult Fake (signed) Google Update https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update

Cisco RV320/325 Router Vulnerability Exploited https://github.com/0x27/CiscoRV320Dump https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info HTTP Signed Exchanges https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html BGP Experiments Disrupt Routers https://mailman.nanog.org/pipermail/nanog/2019-January/098761.html Packet Challenge https://johannes.homepc.org/packet9.txt

Ghostscript Remote Code Execution Vulnerability https://www.openwall.com/lists/oss-security/2019/01/23/5 Abusing Exchange to Obtain Domain Admin https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/ IPC Voucher UaF Remote Jailbreak http://blogs.360.cn/post/IPC%20Voucher%20UaF%20Remote%20Jailbreak%20Stage%202%20(EN).html Cisco Security Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo

Ben and Scott talk about some of the recent updates to MyAnalytics and the availability of the analytics suite being expanded outside of Office 365 E5 SKUs. They also get into some announcements around containers in Azure, including the depreciation of the Azure Container Service (ACS) and how to think Read More

DHS Emergency Directive Regarding DNS Tampering https://cyber.dhs.gov/ed/19-01/ Abuse of Trusted Microsoft Azure Domains https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/issues/233 Tech Support Scammers Unmasked https://www.fidusinfosec.com/turning-the-tables-on-virgin-media-twitter-scammers/

Turning MISP Data into RPZs https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/ Man in the Middle Vulnerablity in apt https://justi.cz/security/2019/01/22/apt-rce.html PHP PEAR Compromised Package http://pear.php.net Apple Security Updates https://support.apple.com/en-us/HT201222