Tech News

In Episode 74, Ben and Scott lament the disappearance of the Office 365 Service Descriptions and then dive into securing Office 365. Sponsors Office365AdminPortal.com - Providing admins the knowledge and tools to run Office 365 successfully Intelligink - We focus on the Microsoft Cloud so you can focus on your Read More

Increase in scans for port 15454 https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/ Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Venmo Public Transaction API https://publicbydefault.fyi Credential Stuffing Responsible for Majority of Login Attempts http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security

Searching for Geographically Improbably Login Attempts https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/ Typo3 CMS Update https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/ GitHub Expands Security Scanner to Python https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/ Money Laundry Scheme Exposed by Open Mongo database. https://kromtech.com/blog/security-center/digital-laundry

Encrypted SNI in TLS 1.3 https://tools.ietf.org/html/draft-rescorla-tls-esni-00 Microsoft to Retire "Delta Updates" https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426 Practical GPS Spoofing of Navigation Devices https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf

Processing JSON https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/ Cryptocoin Mining Javascript (yet again) https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/ Dahua Passwords Leaked/Cached by Search Engine https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/ MDM Used in Targeted Attack Against iPhone Users https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html

Extortion Claims Include Leaked Passwords to Appear more Plausiable https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/ npm Package Compromised and Used To Steal Credentials https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026 CIRCL IMAP Proxy https://github.com/CIRCL/IMAP-Proxy Checkpoint Names "Dorkbot" As A Top Threat (Signup required) https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/

In Episode 73, Ben and Scott talk about Azure Government - what it is, who can use it, and some of the considerations when you do. Sponsors Office365AdminPortal.com - Providing admins the knowledge and tools to run Office 365 successfully Intelligink - We focus on the Microsoft Cloud so you Read More

Hello Peppa Followup https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/ Spectre 1.1 and 1.2 https://people.csail.mit.edu/vlk/spectre11.pdf Internet Exchanges Band Together against BGP Hijacking https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/ Google Enabled Site Isolation in Chrome https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/

MSFT Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+July+2018+now+with+Dashboard/23858/ https://patchtuesdaydashboard.com/ SettingContent-ms Files Blacklisted https://support.office.com/en-us/article/packager-activation-in-office-365-desktop-applications-52808039-4a7c-4550-be3a-869dd338d834?ui=en-US&rs=en-US&ad=US Adobe Patches https://helpx.adobe.com/security.html Stolen DLINK Certificate https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/

Reverse Shell via Weblogic Flaw https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/ Apple Patches Everything Again https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/ Microsoft Offers Better Azure AD Password Protection http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/

Trivial Exploit For HP iLO 4 (patched last August) https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf Flexible Miner/Ransomware https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/ Hacker Steals Gas From Gas Station https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411

Gentoo GitHub Breach Post Morten https://wiki.gentoo.org/wiki/Github/2018-06-28 Hamas Sets World Cup Trap for Israeli Soldiers https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX

In Episode 72, Ben and Scott interview Microsoft's Omar Shahine, Director of Program Management, OneDrive and SharePoint. It is an "around-the-world" tour of the program management process at Microsoft, SharePoint Spaces, and how customers interact directly with the product teams to drive features and functionality in the Office 365 product suite. Read More

Progress Indication For Scripts in Windows https://isc.sans.edu/forums/diary/Progress+indication+for+scripts+on+Windows/23830/ Stylish Extension Steals History https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ Data Leaks From Android Apps https://recon.meddle.mobi/panoptispy/

Odd PHP Exploit Attempt https://isc.sans.edu/forums/diary/Hello+Peppa+PHP+Scans/23826/ Diameter Security Report https://www.ptsecurity.com/ww-en/premium/diameter-2018/ Attack Against Trezor via DNS or BGP https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced Symantec Offers VPNFilter Check http://www.symantec.com/filtercheck/

MacOS Malware Targeting Slack/Dicord Crypto Comunities https://isc.sans.edu/forums/diary/Crypto+community+target+of+MacOS+malware/23816/ New LTE Attacks Made Public https://alter-attack.net Rowhammer Attacks Against Android https://rampageattack.com

Less Greedy Cryptominers https://isc.sans.edu/forums/diary/New+and+Improved+Cryptominers+Now+with+50+less+Greed/23812/ Disassemling Webassembly https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries Spectre Browser Mitigation Bypass https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/ Gentoo Github Repository Compromise https://archives.gentoo.org/gentoo-announce/message/dc23d48d2258e1ed91599a8091167002

In Episode 71, Ben and Scott get you off your desktop, out of your browser and discuss accessing Office 365 from a mobile device. Sponsors Office365AdminPortal.com - Providing admins the knowledge and tools to run Office 365 successfully Intelligink - We focus on the Microsoft Cloud so you can focus Read More

Secret Office 365 Activity Log API Unveiled (plus tool to extract logs) http://lmgsecurity.com/exposing-the-secret-office-365-forensics-tool/ Anonymizing Printers https://tu-dresden.de/ing/informatik/sya/ps/die-professur/news/geheime-daten-auf-dem-druckpapier-diplominformatiker-der-tu-dresden-entwickeln-verfahren-gegen-druckerueberwachung Silently Profiling Unknown Malware Samples https://isc.sans.edu/forums/diary/Silently+Profiling+Unknown+Malware+Samples/23808/ Cisco CVE-2018-0296 Exploited https://www.bleepingcomputer.com/news/security/cisco-asa-flaw-exploited-in-the-wild-after-publication-of-two-pocs/

Analyzing XPS Files https://isc.sans.edu/forums/diary/Analyzing+XPS+files/23804/ WPA3 Standard Finalized https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security Executing Code with SettingContent-ms Files https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39 EFF Analysis of STARTTLS https://www.eff.org/deeplinks/2018/06/technical-deep-dive-starttls-everywhere