Tech News

ISC StormCast for Thursday, November 30th 2017 November 29, 2017

Apple Releases Security Update 2017-001 To Fix Passwordless Root Bug https://support.apple.com/en-us/HT208315 Insecure Android Crypto Currency Wallets https://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html Coinhive Miner Now As Pop-Under https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/ Fileless Malicious PowerShell Sample https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/ .dev TLD Now Requires HTTPS in Chrome http://www.theregister.co.uk/2017/11/29/google_dev_network/

ISC StormCast for Wednesday, November 29th 2017 November 28, 2017

Password Less Root Account Allows for Trivial Privilege Escalation on MacOS High Sierra https://twitter.com/lemiorhan/status/935578694541770752 https://support.apple.com/en-us/HT204012 Defeating Facial Recognition https://arxiv.org/abs/1711.09001 Bitcoin Gold Wallet App Compromise https://bitcoingold.org/critical-warning-nov-26/ Project Exodus Identified Trackers in Android Apps https://reports.exodus-privacy.eu.org/reports/apps/

ISC StormCast for Tuesday, November 28th 2017 November 27, 2017

Golden SAML Ticket Attack https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/ Facebook Poll Image Vulnerability https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html

ISC StormCast for Monday, November 27th 2017 November 26, 2017

Critical Exim Mail Server Vulnerability (Exploit released!) https://bugs.exim.org/show_bug.cgi?id=2199 CoinPouch "Verge" Token Loss http://www.documentcloud.org/documents/4309909-StatementonVerge-11-21-17.html Bitcoin Routing Attacks https://btc-hijack.ethz.ch Scanning Ethereum Smart Contracts For Vulnerabilities https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df Fortiweb Manager Vulnerability https://fortiguard.com/psirt/FG-IR-17-248

Episode 38 – Being successful as an Office 365 Architect November 23, 2017

In Episode 38 Scott and Ben discuss how roles within IT have changed and evolved with move to the cloud. What does it take to be successful as an Office 365 Architect? How as the Admin's role changed with the move to Office 365? For everyone from SharePoint Admins to Read More

ISC StormCast for Wednesday, November 22nd 2017 November 21, 2017

Ethereum JSON-RPC Scans https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/ Updated OWASP Top 10 Released https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf TPLink Often Provides Outdated Firmware Version For Download https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads

ISC StormCast for Tuesday, November 21st 2017 November 20, 2017

Intel Patches Several Vulnerabilities in its Management Engine https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr Sandsifter CPU Fuzzer https://github.com/xoreaxeaxeax/sandsifter/ Android MediaProjection API Allows For Screen Capture / Audio Recording Without User Consent https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-MediaProjection-tapjacking-advisory-2017-11-13.pdf BusyBox Autocompletion Vulnerability https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/

ISC StormCast for Monday, November 20th 2017 November 19, 2017

Bitcoin Pickpockets Scanning For Wallets https://isc.sans.edu/forums/diary/BTC+Pickpockets/23052/ Resume-themed Malspam Pushing Smoker Loader https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/ F5-BigIP TLS Vulnerability https://support.f5.com/csp/article/K21905460 Microsoft Updates Patches / May Have Lost Sourcecode https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html http://borncity.com/win/2017/11/17/microsoft-confirms-epson-dot-matrix-printer-issue-after-november-2017-patchday-here-are-fixes/ Windows 8 And Later Fail To Apply ASLR Correctly https://www.kb.cert.org/vuls/id/817544 StartCom TLS Certificate Authority Shutting Down http://www.zdnet.com/article/startcom-to-shut-down-all-certificates-revoked-in-2020/

ISC StormCast for Friday, November 17th 2017 November 16, 2017

A Domain Dashboard For Splunk https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/ Oracle Critical PeopleSoft Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW GitHub Introducing Security Alerts for Dependencies https://github.com/blog/2470-introducing-security-alerts-on-github Exposing IP Addresses For Hidden Services http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001

Episode 37 – Office 365 and Azure Monitoring with Steve Peschka November 16, 2017

In Episode 37, Ben interviews Steve Peschka of Office365Mon where they discuss what you can monitor in Office 365 and Azure and most importantly - what you'll want to consider when it comes to monitoring the service health of your cloud-based platforms. About Steve Peschka Steve Peschka is one of Read More

ISC StormCast for Thursday, November 16th 2017 November 15, 2017

Malicious Document Turns Off Word Macro Protections https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/ Blueborne Affects Amazon Echo and Google Home Devices (now patched) http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf More Malicious Apps In Google's Play Store https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/ OnePlus Phones Found With Preinstalled Debug App https://twitter.com/fs0c131y https://twitter.com/__Tux/status/754085708843786240

ISC StormCast for Wednesday, November 15th 2017 November 14, 2017

Microsoft Patch Tuesday Updates https://helpx.adobe.com/security.html Adobe Patches https://helpx.adobe.com/security.html Abusing Anti-Virus Quarantine Folders for Priv. Escalation https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/

ISC StormCast for Tuesday, November 14th 2017 November 13, 2017

FaceID Beaten By Mask http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure Various URL Validation and HTTP Request Libraries Allow SSRF https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf Using Heart Rythm As Biometric ID http://www.buffalo.edu/news/releases/2017/09/034.html

ISC StormCast for Monday, November 13th 2017 November 12, 2017

Auditing TLS Root Certificates on Windows https://isc.sans.edu/forums/diary/Keep+An+Eye+on+your+Root+Certificates/23030/ How Google Accounts Are Hijacked https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html Battling E-Mail Phishing https://isc.sans.edu/forums/diary/Battling+email+phishing/23028/ Hacking Airplanes http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/

ISC StormCast for Friday, November 10th 2017 November 09, 2017

Twilio Credentials Found in Mobile Apps (requires registration) http://info.appthority.com/-q4-2017-mtr-download-eavesdropper Drive By Cryto Currency Mining Keeps Increasing https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf Intel's Management Engine Firmware Decoded https://twitter.com/h0t_max https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/

Episode 36 – Office 365 News for October 2017 November 09, 2017

In Episode 36, Ben and Scott cover Office 365 news for October 2017, including the Skype to Microsoft Teams transition roadmap Roadmap for Skype for Business capabilities coming to Microsoft Teams now available Skype for Business to Teams Capabilities Roadmap.pdf Office 365 Roadmap - Teams Features Changes to the previous Read More

ISC StormCast for Thursday, November 9th 2017 November 08, 2017

Mantistek Gaming Keyboard Cloud Driver Exfiltrates Keystroke Data https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html Logitech Will Discontinue Harmony Link Device and Brick it via Firmware Update in March 2018 https://www.theverge.com/circuitbreaker/2017/11/8/16623076/logitech-harmony-link-discontinued-bricked Amazon Is Introducing Additional Security Features for S3 https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/

ISC StormCast for Wednesday, November 8th 2017 November 07, 2017

Interesting RTF Maldoc VBA Dropper https://isc.sans.edu/forums/diary/Interesting+VBA+Dropper/23016/ Multiple Linux USB Flaws Made Public http://www.openwall.com/lists/oss-security/2017/11/06/8 Google Android November Patches https://source.android.com/security/bulletin/2017-11-01#media-framework Ethereum Multi Signature Wallet Bug Cause Loss of $280 Million https://paritytech.io/blog/security-alert.html https://github.com/paritytech/parity/issues/6995

ISC StormCast for Tuesday, November 7th 2017 November 06, 2017

Fake WhatsApp App in Google Play Store https://www.reddit.com/r/Android/comments/7ahujw/psa_two_different_developers_under_the_same_name/ Crunchyroll.com Redirect Leads to Malware https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155 https://bartblaze.blogspot.com.au/2017/11/crunchyroll-hack-delivers-malware.html Recovering Previously Encrypted iOS Backups https://www.gillware.com/forensics/blog/digital-forensics-case-study/new-solution-encrypted-backups/

ISC StormCast for Monday, November 6th 2017 November 05, 2017

PDF Parser for URLs and Text Content of PDFs https://isc.sans.edu/forums/diary/Extracting+the+text+from+PDF+documents/23008/ https://isc.sans.edu/forums/diary/PDF+documents+URLs/23006/ Mobile Pwn2Own Contest 2017 https://www.zerodayinitiative.com/blog OpenSSL Patch https://www.openssl.org/news/secadv/20171102.txt IEEE P1735 Standard Leads to Weak Crypto https://eprint.iacr.org/2017/828.pdf

Older Entries Newer Entries