Tech News

Outlook Includes plain text version of e-mail with S/MIME Encryption https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html RubyGems Remote Code Execution Vulnerability http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html Google Home Mini Recorded Everything http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/ Cameradar Finds Open RTSP Streams https://github.com/EtixLabs/cameradar

Microsoft Monthly Updates https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/ Spoofed iOS iCloud Login https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking

In our final Microsoft Ignite special, Scott has a Microsoft Teams Interview with Wictor Wilén.  They talk at a high level about Microsoft Teams and then dive into extending Teams using the Yeoman Generator from Wictor. Microsoft Teams Microsoft Teams Yeoman Generator Microsoft Teams Development Center Getting Started with Bots Read More

Base64 Encoded Word Documents https://isc.sans.edu/forums/diary/Base64+All+The+Things/22912/ Skimmer Scanner Helps Find Credit Card Skimmers https://github.com/sparkfunX/Skimmer_Scanner TLS 1.3 Remains "On Hold" https://www.ietf.org/mail-archive/web/tls/current/msg24517.html FIDO U2F Key Review / Test https://www.imperialviolet.org/2017/10/08/securitykeytest.html

Payment Handler API https://w3c.github.io/payment-handler/ https://blog.lukaszolejnik.com/privacy-of-web-request-api/ OpenSSH Version 7.6 Released http://www.openssh.com/txt/release-7.6 Microsoft Delaying Some Patches for Earlier Windows Versions https://googleprojectzero.blogspot.sg/2017/10/using-binary-diffing-to-discover.html The Dangers of Cables https://isc.sans.edu/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/

In this special episode from Microsoft Ignite, Ben interviews Anne and Shilpi from Microsoft all new announcements around Office 365 Usage Analytics.  Including announcements around: New Usage Report, Usage Score and Advanced Usage Analytics in Office 365. Usage and Reporting Announcements from Ignite BRK2039: Introducing Advanced Usage Reporting Tools   Read More

Extract HTTP Requests from PCAPs and Turn Them Into cURL Commands https://isc.sans.edu/forums/diary/pcap2curl+Turning+a+pcap+file+into+a+set+of+cURL+commands+for+replay/22900/ Apple Patches Embarrasing MacOS High Sierra Flaw https://www.appleworld.today/blog/2017/10/5/macos-high-sierra-flaw-exposes-passwords-of-encrypted-apfs-volumes Another Tomcat PUT Vulnerability https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E Dallas Haselhorst: HL7 Healthcare Protocol https://www.sans.org/reading-room/whitepapers/hipaa/hl7-data-interfaces-medical-environments-understanding-fundamental-flaw-healthcare-38005 https://www.sans.org/reading-room/whitepapers/vpns/hl7-data-interfaces-medical-environments-attacking-defending-achilles-heel-healthcare-38010 https://www.tripwire.com/state-of-security/security-data-protection/hl7-data-interfaces-in-medical-environments/

Live from Microsoft Ignite! In Episode 29, Ben and Scott discuss the architecture of Microsoft Teams, how it is deployed and managed by Microsoft, and how organizations can enable themselves for a successful deployment in light of the announcement that Skype for Business will be built into Microsoft Teams. YouTube Read More

Cyber Security Awareness Month: Ouch! Newsletter https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201710_en.pdf Modified Rowhammer Attack Bypasses Current Defenses https://arxiv.org/pdf/1710.00551.pdf Metasploit Modules For VMWare Escape https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor

Fedex Malspam Pushes Formbook Infostealer Malware https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/22888/ Wordpress Plugins Heavily Abused For Site Defacements https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/ Fake WordPress Security Plugin Being Advertised https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html Proof Of Concept Information Disclosure for Internet Explorer https://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/ Nzyme Wifi Frame Recording and Forensics https://wtf.horse/2017/10/02/introducing-nzyme-wifi-802-11-frame-recording-and-forensics/ Cyber Security Interviews https://twitter.com/CSI_Podcast/status/915026734801489921

Passive DNS Investigating Security Incidents with Passive DNS Bypassing Domain Authentication https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c DNSMasq Vulnerabilities https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Who's Borrowing Your Resources. Javascript Monero Miners on Video Sites https://isc.sans.edu/forums/diary/Whos+Borrowing+your+Resources/22882/ OS X Silently Patches Javascript Quarantine Bypass https://www.wearesegment.com/research/Mac-OS-X-Local-Javascript-Quarantine-Bypass.html Apple EFI Updates Often Not Applied https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research

In Episode 28, Scott and Ben sit down with Corey Sanders, Director of Azure Compute, to discuss the latest updates to the Azure platform announced at Microsoft Ignite. Topics include compute, networking, and security. Azure Blog Tuesdays With Corey on Channel 9

Dealing With Massive Packet Captures https://isc.sans.edu/forums/diary/The+easy+way+to+analyze+huge+amounts+of+PCAP+data/22876/ Illusion Gap Anti-Virus Bypass https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/ DNSSEC KSK Update Delayed https://www.icann.org/news/announcement-2017-09-27-en Linux PIE/Stack Corruption https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt

Everything You Ever Wanted To Know About JPEGs (and more) https://isc.sans.edu/forums/diary/It+is+a+resume+Part+3/22808/ Linux 4.14 Memory Encryption https://lwn.net/Articles/686808/ CLKSCREW: Exposing Secure Enclaves via Energy Management https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf ~ ~ ~ ~

In this episode, we had the opportunity to sit down with Microsoft's own Dan Holme and talk to him about the SharePoint ecosystem, where it's been, and where it is now.  We also jump into some of the new announcements from Microsoft Ignite and how they continue to move SharePoint Read More

In Episode 26, Ben has a chat with Anthony Woodward, the CTO of RecordPoint, where they discuss records management and compliance in SharePoint. About Anthony Woodward Anthony Woodward is the CTO of RecordPoint. As one of the original founders, Anthony has a vast amount of experience in the ECM features Read More

XPCTRA Steals Banking / Cryptocurrency Info https://isc.sans.edu/forums/diary/XPCTRA+Malware+Steals+Banking+and+Digital+Wallet+Users+Credentials/22868/ Vulnerable Mobile Investment Applications http://blog.ioactive.com/2017/09/are-you-trading-securely-insights-into.html iOS WiFi Exploit PoC Code Published https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 Android Malware Exploiting "Dirty Cow" http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/

In episode 25, Scott sits down with John "JG" Chirapurath, General Manager of Microsoft's data platform business to chat about how customers can approach Microsoft's data platform offerings in Azure and enable new workloads in the cloud. Azure data and analytics platform

macOS High Sierra Security Updates https://support.apple.com/en-us/HT201222 Possible macOS Keychain Leak https://twitter.com/patrickwardle/status/912254053849079808 Monero Cryptocoin Miner Found on Showtime Website https://badpackets.net/coinhive-miner-found-on-official-showtime-network-websites-in-latest-case-of-cryptojacking/