Tech News

ISC StormCast for Friday, December 22nd 2017 December 21, 2017

Critical Flaw in SMBv1 Implementation of Dell EMC Data Domain DD OS http://seclists.org/fulldisclosure/2017/Dec/79 Facebook Enables Feature To Review All E-Mails Sent By Facebook https://www.facebook.com/notes/facebook-security/new-security-feature-reveals-if-facebook-mails-are-legit/10154983636230766/ EtherDelta DNS Attack https://twitter.com/etherdelta Enigmail Vulnerability https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf

Episode 42 – Microsoft Flow with John Liu December 21, 2017

In Episode 42, Scott has a fireside chat with Microsoft MVP John Liu about Microsoft Flow. John Liu .NET SharePoint/PnP-PowerShell Administration and ALM best practices for PowerApps, Microsoft Flow, and the Common Data Service Understand on-premises data gateways for Microsoft Flow Microsoft Blog - Flow Microsoft Flow & SharePoint: how to Read More

ISC StormCast for Thursday, December 21st 2017 December 20, 2017

Kernel Hooking Basics https://isc.sans.edu/forums/diary/Guest+Diary+Etay+Nir+Kernel+Hooking+Basics/23155/ Intel Memory Encryption https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=33e63acc119d15c2fac3e3775f32d1ce7a01021b WordPress Sites Infected with Monero Miners https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-attack/

ISC StormCast for Wednesday, December 20th 2017 December 19, 2017

Example of "MouseOver" Link in a Powerpoint File https://isc.sans.edu/forums/diary/Example+of+MouseOver+Link+in+a+Powerpoint+File/23149/ Adups Malware Still Haunting Android Phones https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/ Popular Wordpress Captcha Included Backdoor https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/ Comparing DNS Filters https://medium.com/@nykolas.z/dns-security-filters-compared-quad9-x-opendns-x-comodo-secure-x-norton-connectsafe-x-yandex-safe-a00ace3bf21f

ISC StormCast for Tuesday, December 19th 2017 December 18, 2017

Not So Malicious Word Doc https://isc.sans.edu/forums/diary/Phish+or+scam+Part+1/23141/ https://isc.sans.edu/forums/diary/Phish+or+scam+Part+2/23145/ AMF Descerializer Vulnerability http://codewhitesec.blogspot.com/2017/04/amf.html?m=1 Windows "Keeper" Password Manager Vulnerable https://bugs.chromium.org/p/project-zero/issues/detail?id=1481&desc=3 Android Malware Destroys Device https://securelist.com/jack-of-all-trades/83470/

ISC StormCast for Monday, December 18th 2017 December 17, 2017

Microsoft Office VBA Macro Obfuscation via Metadata https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/ Large Scale BGP Attack https://bgpmon.net/popular-destinations-rerouted-to-russia/ HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html

ISC StormCast for Friday, December 15th 2017 December 14, 2017

Citizen Lab Security Planner https://securityplanner.org/ Apple Update to iOS/tvOS/iCloud (Windows) https://support.apple.com/en-us/HT201222 Fortinet Client Credentials Shared Key https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html Fox-It Victim of a Man-in-the-Middle Attack https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/

Episode 41 – Getting Started with Office 365 (Part 1 of ?) December 14, 2017

In Episode 41, Ben and Scott respond to listener feedback and start the first of a who-knows-how-many series on how to onboard into Office 365. Episode 5 – Office 365 SKUs & Licensing Episode 6 – Office 365 License Management (For Real This Time) Network planning and performance tuning for Read More

ISC StormCast for Thursday, December 14th 2017 December 13, 2017

Tracking Newly Registered Domains https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/ Critical Palo Alto Firewall Flaws Allow RCE as root http://seclists.org/fulldisclosure/2017/Dec/38 Hiding Changes from git-diff https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/ Apple Airport Update https://support.apple.com/en-us/HT208354

ISC StormCast for Wednesday, December 13th 2017 December 12, 2017

Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/ EV Certificate Model Broken? https://stripe.ian.sh ROBOT Attack Against TLS https://robotattack.org

ISC StormCast for Tuesday, December 12th 2017 December 11, 2017

Pornographic Spam Messages Used to Deliver Crypto Coin Miner https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/ Microsoft Leaks Secret SSL Key For Dynamics 365 https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648 Proxy Botnet Used to Launch Variety of Web Application Attacks https://news.drweb.com/show/?i=11627&lng=en FoxIT Releases Utility to Recover Manipulated Windows Logs https://github.com/fox-it/danderspritz-evtx

ISC StormCast for Monday, December 11th 2017 December 10, 2017

Sometimes An RTF Document is Just an RTF Document https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/ HP Keyboard Drivers Can Log Keystrokes https://support.hp.com/us-en/document/c05827409 https://zwclose.github.io/HP-keylogger/ Android App Signature Bypass https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures MSFT Patches Antimalware Engine https://portal.msrc.microsoft.com/en-US/eula

ISC StormCast for Friday, December 8th 2017 December 07, 2017

Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf Tracking Users Without GPS http://ieeexplore.ieee.org/document/8038870/ Process Doppelgaenger Anti-Malware Bypass https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf Friday Webcast About Recent OWASP Top 10 Update https://www.sans.org/webcasts/owasp-top-10-2017-106560

Episode 40 – Office 365 News for November 2017 December 07, 2017

In Episode 40, Scott and Ben review the latest Office 365 news for November 2017, including SharePoint Online, OneDrive for Business, Exchange Online, and Microsoft Teams. New and updated web parts rolling out to SharePoint in Office 365 New features for SharePoint list and library preview web parts Hybrid Self-Service Read More

ISC StormCast for Thursday, December 7th 2017 December 06, 2017

Apple Updates Everything https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23107/ Do Not Trust Reverse DNS. And here is an example why https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/ NiceHash Hacked https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/

ISC StormCast for Wednesday, December 6th 2017 December 05, 2017

AI.Type Data Exposed in MongoDB Database https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records Mailsploit Makes it Easier to Spoof From Headers in E-Mails https://www.mailsploit.com StorageCrypt Ransomware Encrypts NAS Devices https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/ Android December Update https://source.android.com/security/bulletin/2017-12-01

ISC StormCast for Tuesday, December 5th 2017 December 04, 2017

Incidence Response Using TheHive https://isc.sans.edu/forums/diary/IR+using+the+Hive+Project/23099/ SSL/TLS For Scapy https://github.com/tintinweb/scapy-ssl_tls tvOS 11.2 Released (but no details about security content yet) https://support.apple.com/en-us/HT201222 System Vendors Ship Laptops With Intel ME Disabled https://www.reddit.com/r/linuxhardware/comments/7grglm/how_to_buy_a_dell_laptop_with_the_intel_me/ http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan Hacker Falsified Jail Records To Free Friend https://www.justice.gov/usao-edmi/pr/ann-arbor-man-pleads-guilty-computer-intrusion-case SeKey: Touch ID Control for ssh-agent https://github.com/ntrippar/sekey

ISC StormCast for Monday, December 4th 2017 December 03, 2017

Brazilian Banking Malware Uses UTF-16 Encoded .BAT File https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/ Phishing Abuse of JotForm https://isc.sans.edu/forums/diary/Phishing+Kit+AbUsing+Cloud+Services/23089/ Apple Releases iOS 11.2 https://support.apple.com/en-us/HT201222 (no details live yet) Critical Patch For RSA Authentication Agent http://seclists.org/fulldisclosure/2017/Nov/46 https://community.rsa.com/community/products/securid/authentication-agent-web-apache Slurp S3 Bucket Enumerator https://github.com/bbb31/slurp.git

ISC StormCast for Friday, December 1st 2017 November 30, 2017

More Malspam Pushing Emotet Malware https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/ Google Chrome To Block Some Third Party Software Mid-2018 https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html European Union Funds VLC Bug Bounty https://joinup.ec.europa.eu/news/hackerone-vlc STI Student Scott Perry: Virtual System Forensics http://www.sans.org/reading-room/whitepapers/bestprac/exploring-effectiveness-approaches-discovering-acquiring-virtualized-servers-esxi-38155

Episode 39 – Azure IaaS: VMs and Storage November 30, 2017

In Episode 39, Ben and Scott provide an overview of onboarding into Azure Virtual Machines and the associated Infrastructure-as-a-Service (IaaS) components of Azure. Azure Virtual Machines Create a Windows virtual machine with the Azure portal Create a Windows virtual machine from an ARM Template Azure Quickstart Templates Overview of Azure Read More

Older Entries Newer Entries