Tech News

VIA C3 "God Mode" https://github.com/xoreaxeaxeax/rosenbridge Apple MDM Vulnerablity https://www.wired.com/story/mac-remote-hack-wifi-enterprise/ Peeking into MSG Files https://isc.sans.edu/forums/diary/Peeking+into+msg+files+revisited/23974/ Hunting SSL/TLS Clients Using JA3 https://isc.sans.edu/forums/diary/Hunting+SSLTLS+clients+using+JA3/23972/ Mobile Payment Terminal Vulnerabilities https://www.blackhat.com/us-18/briefings.html#for-the-love-of-money-finding-and-exploiting-vulnerabilities-in-mobile-point-of-sales-systems

Vulnerabilities in Pacemaker Programmer and Insulin Pumps https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/ "Panic Attacks" Against City Infrastructure https://www.bbc.com/news/technology-45128053 Kaspersky VPN Leaks DNS Traffic https://www.inputzero.io/2018/08/kaspersky-vpn-leaks-dns-address.html Osiris Dropper Uses Process Dopplegaenging https://blog.malwarebytes.com/threat-analysis/2018/08/osiris-using-process-doppelganging/

In Episode 77, Ben and Scott run down some of the latest announcements for SharePoint Online and Office 365. Sponsors Mover.io – Scan, Plan, Migrate, Report. Migrations that don’t suck – with Mover! Office365AdminPortal.com - Providing admins the knowledge and tools to run Office 365 successfully Intelligink - We focus on Read More

Homebrew Exposed Github Credentials https://brew.sh/2018/08/05/security-incident-disclosure/ WhatsApp Vulnerability https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/ Netflix Releases Tool To Detected Cloud Credential Compromise https://medium.com/netflix-techblog/netflix-cloud-security-detecting-credential-compromise-in-aws-9493d6fd373a

Linux TCP DoS Vulnerability https://www.kb.cert.org/vuls/id/962459 Let's Encrypt Now Trusted By All Major Root CA Programs https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html Android Updates https://source.android.com/security/bulletin/2018-08-01 OpenEMR Vulnerabilities https://insecurity.sh/assets/reports/openemr.pdf

Numeric Obfuscation https://isc.sans.edu/forums/diary/Numeric+obfuscation+another+example/23960/ Crestron Touchscreen Vulnerability https://blog.securitycompass.com/security-advisory-regarding-crestron-tsw-xx60-touch-panel-devices-9f1a71a926a5 Facebook Releases "Fizz" TLS 1.3 Library https://github.com/facebookincubator/fizz

New WPA Attack https://hashcat.net/forum/thread-7717.html Fake Techsupport Uses More Intelligent Call Routing https://www.symantec.com/blogs/threat-intelligence/tech-support-scam-call-optimization HP Printer Updates https://support.hp.com/us-en/document/c06097712

Malware in Animated GIF Files https://isc.sans.edu/forums/diary/DHLthemed+malspam+reveals+embedded+malware+in+animated+gif/23944/ MikroTik Miner Botnet https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-%E2%80%93-First-we-cryptojack-Brazil,-then-we-take-the-World-/ Microsoft Edge Vulnerability https://www.netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file/

In Episode 76, Ben and Scott run through the latest announcements for SharePoint 2019, Skype for Business 2019, and Exchange 2019. Sponsors Mover.io - Scan, Plan, Migrate, Report. Migrations that don’t suck - with Mover! Office365AdminPortal.com - Providing admins the knowledge and tools to run Office 365 successfully Intelligink - Read More

Facebook Smishing Attack https://isc.sans.edu/forums/diary/Facebook+Phishing+via+SMS/23940/ Port 52869 UPNP Attacks https://isc.sans.edu/forums/diary/When+Cameras+and+Routers+attack+Phones+Spike+in+CVE20148361+Exploits+Against+Port+52869/23942/ Microsoft Improves Account Security for Midterm Elections https://www.bleepingcomputer.com/news/microsoft/microsoft-accountguard-service-offers-protection-for-political-and-election-orgs/ Google Improves "Government Sponsored Attacks" Alert for GSuite https://9to5google.com/2018/08/01/g-suite-admins-government-based-attackers/

Powershell Inside Certificates https://blog.nviso.be/2018/07/31/powershell-inside-a-certificate-part-1/ TEMPEST is Back http://youtu.be/BpNP9b3aIfY?a Big Star Labs Spyware https://adguard.com/en/blog/big-star-labs-spyware/

DOSFuscation Campaign https://isc.sans.edu/forums/diary/Malicious+Word+documents+using+DOSfuscation/23932/ Let's Encrypt Outage https://letsencrypt.status.io Malvertising Campaign Insides https://research.checkpoint.com/malvertising-campaign-based-secrets-lies/

Summary of Earchings in Recent Sextortion Attack https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money/23922/ Adware Distributed with Legitimate Applications https://www.bleepingcomputer.com/news/security/fake-websites-for-keepass-7zip-audacity-others-found-pushing-adware/ https://twitter.com/JusticeRage PDF Editor Supply Chain Exploit https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/

NetSpectre: Read Arbitrary Memory over the Network https://misc0110.net/web/files/netspectre.pdf Google Play Store Bans Crypto Miners https://play.google.com/about/developer-content-policy-print/ Japanese Calendar Issues https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/ Multiple Vulnerabilities in Samsung SmartThings Hub https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html?m=1 Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers. Ryan O'Grady https://www.sans.org/reading-room/whitepapers/artificialintelligence/times-change-training-data-too-effect-training-data-recency-twitter-classifiers-38500

In Episode 75, Ben and Scott continue the conversation on Office 365 security, celebrate the reappearance of the Office 365 Service Descriptions. Sponsors Office365AdminPortal.com - Providing admins the knowledge and tools to run Office 365 successfully Intelligink - We focus on the Microsoft Cloud so you can focus on your Read More

Etherscan.io XSS Vulnerability https://scotthelme.co.uk/xss-on-etherscan-io/ Tomcat Vulnerabilities Patched https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat DNS over HTTPS Standard Finalized https://datatracker.ietf.org/wg/doh/about/ ERP Systems Targeted in Recent Attacks https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications

Emotet Update https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/ Clear Text Phone Tracking https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/ Bluetooth Bug https://www.kb.cert.org/vuls/id/304725 Apache OpenWhisk Vulnerability https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702

More Spectre https://arxiv.org/pdf/1807.07940.pdf July IE Patch Fixed older Remote Code Exec. Bug http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/ Google Chrome 68 Released Today. HTTP sites marked as "insecure" https://support.google.com/chrome/a/answer/7679408?hl=en DNS Rebinding Vulnerablity Common in IoT https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/

New WebLogic Vulnerability Already Exploited https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/ Microsoft Edge Turns off XSS Protection https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge Intel Management Engine Vulnerabilities https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html User Tracking With TLS 1.2 Certificates http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf

Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Diqee Smart Vacuum Vulnerabilities http://en.diqee.com/goods/1994.html Instagram About To Release 2FA Update https://techcrunch.com/2018/07/17/instagram-2-factor/ Reporting Malicious Websites https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/