Tech News

ISC StormCast for Thursday, December 27th 2018 December 26, 2018

Problems with IE Emergency Patch https://support.microsoft.com/en-us/help/4483229/december192018kb4483229osbuild143932670 Bitcoin Blacklists https://isc.sans.edu/forums/diary/Bitcoin+Blacklists/24456/ D-Link DIR-816 A2 Stack Overflow https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816

ISC StormCast for Friday, December 21st 2018 December 20, 2018

Windows 0-Day PoC Published: Arbitrary File Read as System https://sandboxescaper.blogspot.com/2018/12/readfile-0day.html Attacks Against 2FA in the Middle East https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/ FBI Shuts Down Booter Services http://www.documentcloud.org/documents/5648950-DOJ-indictments-in-booter-cases.html Intel VISA Undocumented Debug Feature https://www.blackhat.com/asia-19/briefings/schedule/index.html#intel-visa-through-the-rabbit-hole-13513

Episode 104 – SharePoint Teams with Mark Kashman December 20, 2018

Scott sits down with Mark Kashman to talk about SharePoint team sites, Microsoft Teams, and how you can approach the lifecycle of collaborative content

ISC StormCast for Thursday, December 20th 2018 December 19, 2018

Microsoft Publishes Emergency Patch for Internet Explorer https://isc.sans.edu/forums/diary/Microsoft+OOB+Patch+for+Internet+Explorer+Scripting+Engine+Memory+Corruption+Vulnerability/24438/ Restricting PowerShell Capabilities with NetSh https://isc.sans.edu/forums/diary/Restricting+PowerShell+Capabilities+with+NetSh/24434/ Remotely Bricking a Server https://eclypsium.com/2018/12/19/remotely-bricking-a-server/

ISC StormCast for Wednesday, December 19th 2018 December 18, 2018

ASUS Vulnerabilities https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities GIGABYTE Vulnerabilities https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities Apple App Store Phishing https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts Kibana Vulnerability Exploited https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/ Decrypter for InsaneCrypt and Everbe 1 https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-insanecrypt-or-everbe-1-family-of-ransomware/ http://id-ransomware.malwarehunterteam.com/ SANS Holiday Hack Challenge https://www.kringlecon.com

ISC StormCast for Tuesday, December 18th 2018 December 17, 2018

Password Protected ZIP with Maldoc https://isc.sans.edu/forums/diary/Password+Protected+ZIP+with+Maldoc/24426/ Memes Used as Covert Command and Control Channel https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/ Shamoon Disk Whipper Malware is Back https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/

ISC StormCast for Monday, December 17th 2018 December 16, 2018

Magellan Sqlite Vulnerability https://blade.tencent.com/magellan/index_en.html Logitech Options Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1663 Intel NUC BIOS Protection Flaw https://embedi.org/blog/nuclear-explotion/ HiddenTear Ransomware Decrypter https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-hiddentear-ransomware-with-ht-brute-forcer/

ISC StormCast for Friday, December 14th 2018 December 13, 2018

Fake E-Mail Bomb Threats https://www.cnn.com/2018/12/13/us/email-bomb-threats/index.html Phishing Via Non-Delivery Notices https://isc.sans.edu/forums/diary/Phishing+Attack+Through+NonDelivery+Notification/24412/ LamePyre MacOS Malware https://blog.malwarebytes.com/detections/osx-lamepyre/

Episode 103 – Enterprise Mobility with Simon Binder December 13, 2018

In Episode 103, Scott sits down with Simon Binder from the Knee Deep in Tech podcast to talk about Enterprise Mobility. They discuss device management, mobile application management, and how to manage user adoption when you're moving at the pace of the cloud. Sponsors Mover.io - Scan, Plan, Migrate, Report. Read More

ISC StormCast for Thursday, December 13th 2018 December 12, 2018

Yet Another DOSfuscation Sample https://isc.sans.edu/forums/diary/Yet+Another+DOSfuscation+Sample/24408/ OpenSSH Backdoors https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf Android Malware Bypasses 2FA For Paypal https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/

ISC StormCast for Wednesday, December 12th 2018 December 11, 2018

Microsoft December 2018 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+December+2018+Patch+Tuesday/24404/ Adobe Patch Tuesday https://helpx.adobe.com/security/products/acrobat/apsb18-41.html Certificate Authority Weaknesses https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf

ISC StormCast for Tuesday, December 11th 2018 December 10, 2018

Kubernetes Unauthenticated PoC Exploit for CVE-2018-1002105 https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc WebAssembly Brings Buffer Overflows to Browsers https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly Increased Ethereum Miner Attacks https://isc.sans.edu/port.html?port=8545 https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter Android Click Fraud Apps are Emulating iPhones for Higher Revenue https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/

ISC StormCast for Monday, December 10th 2018 December 09, 2018

Analyzing Malicious Docker Images https://isc.sans.edu/forums/diary/A+Dive+into+malicious+Docker+Containers/24388/ Arrest of Huawei CFO Inspires Advance Fee Scam https://isc.sans.edu/forums/diary/Arrest+of+Huawei+CFO+Inspires+Advance+Fee+Scam/24396/ Sextortion Messages Leading to Ransomware https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware WebKit Exploit Released https://github.com/LinusHenze/WebKit-RegEx-Exploit Implants Found in Russian Banks https://securelist.com/darkvishnya/89169/

ISC StormCast for Friday, December 7th 2018 December 06, 2018

Adobe Vulnerability PoC Released https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/ WatchOS Update https://support.apple.com/en-us/HT209343 Data Exfiltration During Pentests https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/ PoC Exploit for Kubernetes Vulnerability https://github.com/evict/poc_CVE-2018-1002105 Preston Ackerman: Marketing 2FA https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695

Episode 102 – Azure AD Goes Down (Again?) December 06, 2018

In Episode 102, Ben and Scott discuss what’s been happening with Azure AD MFA and how to have fun with nested virtualization in Azure. Sponsors Mover.io - Scan, Plan, Migrate, Report. Migrations that don’t suck - with Mover! Office365Mon.com - How do you know what's going on with the health of Read More

ISC StormCast for Thursday, December 6th 2018 December 05, 2018

Adobe Releases Emergency Flash Patch https://helpx.adobe.com/security/products/flash-player/apsb18-42.html Apple Updates Everything (but not WatchOS) https://support.apple.com/en-us/HT201222 New Privacy Issues Affecting 3G-5G protocols https://eprint.iacr.org/2018/1175

ISC StormCast for Wednesday, December 5th 2018 December 04, 2018

Fake Ransomware Decryption Service https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/ Latest Lokibot Malspam https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/ Chrome 71 Released https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/ RSA Followup Webcast https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come

ISC StormCast for Tuesday, December 4th 2018 December 03, 2018

Word Maldoc: Yet Another Place to Hide a Command https://isc.sans.edu/forums/diary/Word+maldoc+yet+another+place+to+hide+a+command/24370/ US-Cert Releases SamSam Alerts https://www.us-cert.gov/ncas/alerts/AA18-337A Kubernetes Patches https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88 Malicious iOS App Tricks User in Payment https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead/

ISC StormCast for Monday, December 3rd 2018 December 02, 2018

KingMiner Improved Cryptomining https://research.checkpoint.com/kingminer-the-new-and-improved-cryptojacker/ Siglent Technologies Oscilloscope Vulnerabilities https://seclists.org/fulldisclosure/2018/Nov/68 Autocad Malware https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft ISC Stickers (login required. first 10 requests each day) https://isc.sans.edu/sticker.html

ISC StormCast for Friday, November 30th 2018 November 29, 2018

Russian Language Malspam Pushing Shade (Troldesh) Ransomware https://isc.sans.edu/forums/diary/Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24358/ Scamclub Malvertising Against iOS Users https://blog.confiant.com/malvertising-attack-hijacks-300-million-sessions-over-48-hours-9d0218fe02cd Andre Shori: To Block Or Not To Block? Impact and Analysis of Actively Blocking Shodan Scans http://www.sans.org/reading-room/whitepapers/networksecurity/block-block-impact-analysis-actively-blocking-shodan-scans-38645

Older Entries Newer Entries