Tech News

Guilty By Association https://isc.sans.edu/forums/diary/Guilty+by+association/23800/ Filezila and Adware https://forum.filezilla-project.org/viewtopic.php?t=48441 iOS Pin Brute Forcing Confusion https://twitter.com/hackerfantastic/status/1010631766087032832 https://twitter.com/hackerfantastic/status/1010240042990596096 Azure Baseline Security Policy https://cloudblogs.microsoft.com/enterprisemobility/2018/06/22/baseline-security-policy-for-azure-ad-admin-accounts-in-public-preview/ Phone Battery Usage as Keystroke Logger https://sites.google.com/site/silbersteinmark/Home/popets18power.pdf?attredirects=1

XPS Documents Used for Spam https://isc.sans.edu/forums/diary/XPS+Attachment+Used+for+Phishing/23794/ New Exploit Kit Trends https://researchcenter.paloaltonetworks.com/2018/06/unit42-the-old-and-new-current-trends-in-web-based-threats/ https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-review/ Deprecating TLSv1.0 and TLSv1.1 https://datatracker.ietf.org/doc/draft-moriarty-tls-oldversions-diediedie/ Leaky Firebase Installs http://info.appthority.com/-q2-2018-mtr-download-Firebase-vulnerability

Fake Fortnite https://blog.malwarebytes.com/cybercrime/2018/06/fake-fortnite-android-links-found-youtube/ Fake Wannacry E-Mails https://twitter.com/actionfrauduk/status/1009803967705092096 Ransomware Installs In Internet Cafes http://hznews.hangzhou.com.cn/shehui/content/2018-06/16/content_7020998.htm OpenVPN Malicious Configuration Files https://medium.com/tenable-techblog/reverse-shell-from-an-openvpn-configuration-file-73fd8b1d38da Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x

In Episode 70, Scott and Ben crawl out of their holes to bring you the latest and greatest happenings in Office 365. Sponsors Office365AdminPortal.com - Providing admins the knowledge and tools to run Office 365 successfully Intelligink - We focus on the Microsoft Cloud so you can focus on your Read More

Netflix Phishing Sites Using TLS https://isc.sans.edu/forums/diary/Secure+Phishing+Netflix+Phishing+Goes+TLS/23786/ OpenBSD Disables Hyperthreading By Default https://www.mail-archive.com/[email protected]/msg99141.html Bithumb Cyrpto Currency Exchnage Breached Again https://www.bleepingcomputer.com/news/security/bithumb-hacked-second-time-in-a-year-hackers-steal-31-million/ Microsoft Edge CORS Bypass via Audio Files https://jakearchibald.com/2018/i-discovered-a-browser-bug/ Microsoft Releases a Special Patch for Oracle Outside-In Libraries https://support.microsoft.com/en-us/help/4092041/description-of-the-security-update-for-microsoft-exchange-server-2013

PowerShell ScriptBlock Loggin Bypass in the Wild https://isc.sans.edu/forums/diary/PowerShell+ScriptBlock+Logging+Or+Not/23782/ Virustotal "False Positive" Alert http://blog.virustotal.com/2018/06/vtmonitor-to-mitigate-false-positives.html Cloud Environments Explosed to the Internet https://info.lacework.com/hubfs/Containers%20At-Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf Google Home DNS Rebinding Attack Reveals Geolocation https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home

Obfuscated JavaScript Targeting Mobile Devices https://isc.sans.edu/forums/diary/Malicious+JavaScript+Targeting+Mobile+Browsers/23778/ Axis Camera Vulnerabilities https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/ Apple Caches Confidential Data on Unencrypted Drives https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/ Andy Emulator Infected With CryptoMiner https://www.reddit.com/r/emulators/comments/8rj8g5/warning_andy_android_emulator_andyos_andyroid/

SMTP Strangeness - Possible C2 https://isc.sans.edu/forums/diary/SMTP+Strangeness+Possible+C2/23770/ Encrypted Office Documents https://isc.sans.edu/forums/diary/Encrypted+Office+Documents/23774/ Recent Port 8000 Scans https://www.bleepingcomputer.com/news/security/all-that-port-8000-traffic-this-week-yeah-thats-satori-looking-for-new-bots/ New Clipboard Cryptocoin Stealing Bot https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/ WebUSB Weakness https://pwnaccelerator.github.io/2018/webusb-yubico-disclosure.html

Analyzing a Compromised Wordpress Site https://isc.sans.edu/forums/diary/A+Bunch+of+Compromized+Wordpress+Sites/23764/ Breacking Bluetooth Low Energy Smart Padlock https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-smart-lock/ WIM Disk Image Vulnerability https://blog.talosintelligence.com/2018/06/vulnerability-spotlight-talos-2018-0545.html Extracting Timely Sign-In Data from Office 365 Logs https://www.sans.org/reading-room/whitepapers/logging/extracting-timely-sign-in-data-office-365-logs-38435

In Episode 69, Ben sits down with Laura Rogers from IW Mentor at SharePoint Conference 2018. Laura shares her experience with SharePoint Swoop and provides insights on the PowerApps landscape. Sponsors Office365AdminPortal.com - Providing admins the knowledge and tools to run Office 365 successfully Intelligink - We focus on the Read More

From MicroTik With Love: Yet Another Router Botnet? https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/ Using Cortana To Compromise Windows 10 https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140/ Compromised Docker Images https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers Lazy FPU Save/Restore Allows Malware Access to FPU https://access.redhat.com/solutions/3485131

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2018+Patch+Tuesday/23758/ Apple Code Signing Verification Vulnerability https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/ Google Chrome Restricting Inline Extension Install https://blog.chromium.org/2018/06/improving-extension-transparency-for.html

More Malspam Pushing Lokibot https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/ Ethereum JSON RPC Theft https://twitter.com/360Netlab/status/1006065566728085504 CryptoCurrency Miner Plays hide-and-seek https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/ Apple Outlaws Crypto Currency Miners in App Store https://developer.apple.com/app-store/review/guidelines/#hardware-compatibility FBI Arrests Suspect in BEC Investigation https://www.fbi.gov/news/stories/international-bec-takedown-061118

The Seven Properties of Highly Secure Devices https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf Finding Deserialisation Issues With Burp https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/finding-deserialisation-issues-has-never-been-easier-freddy-the-serialisation-killer/ FTC Starts Looking Into Cryptojacking https://www.consumer.ftc.gov/blog/2018/06/protecting-your-devices-cryptojacking Drupal Disputes Number of Vulnerable Sites https://groups.drupal.org/node/520149

Critical Adobe Flash Update https://helpx.adobe.com/security/products/flash-player/apsb18-19.html SuperMicro Firmware Vulnerability https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/ FOSCAM Video Camera Vulnerabilities https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/ Sofacy Update https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/ Automated Twitter Loot Collection https://isc.sans.edu/forums/diary/Automated+twitter+loot+collection/23743/

In Episode 68, Ben sits down with Bill Baer to talk about the latest announcements from SharePoint Conference 2018 and the SharePoint Virtual Summit! They touch on everything from the latest announcements with SharePoint spaces to the functionality and release timelines for SharePoint 2019. Sponsors Office365AdminPortal.com - Providing admins the Read More

VPNFilter Update https://blog.talosintelligence.com/2018/06/vpnfilter-update.html Prowli Botnet https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining/ Cisco Security Bulletins https://tools.cisco.com/security/center/publicationListing.x F-Secure RAR Vulnerability https://www.f-secure.com/en/web/labs_global/fsc-2018-2 PCAP to Weblogs https://isc.sans.edu/forums/diary/Converting+PCAP+Web+Traffic+to+Apache+Log/23739/

Analysis of a Post Exploit Script Malicious Post-Exploitation Batch File Zip Slip Vulnerability https://snyk.io/research/zip-slip-vulnerability Redis Exploits https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html Drupalgeddon 2 Update https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/

Running Only Signed Code. Does it work in Windows 10? https://isc.sans.edu/forums/diary/Digging+into+Authenticode+Certificates/23731/ Misconfigured G-Suite Mailing Lists https://www.kennasecurity.com/widespread-google-groups-misconfiguration-exposes-sensitive-information/ Microsoft Releases Open Source Post Quantum VPN https://github.com/Microsoft/PQCrypto-VPN

Apple Patches Everything https://isc.sans.edu/forums/diary/Apple+Security+Updates/23727/ VPNFilter Makes a Comeback https://jask.com/from-russia-with-love/ Reverse Analysis with Radare2 https://isc.sans.edu/forums/diary/Binary+analysis+with+Radare2/23723/ Pet Location Tracker Vulnerabilities https://threatpost.com/pet-trackers-open-to-mitm-attacks-interception/132291/