Tech News

Episode 24 – Ignite Special: The Keynote Overview September 25, 2017

Scott and I do something different. On our drive down to Microsoft Ignite, we record our take on the announcements coming out of the keynote at Microsoft Ignite. We give our thoughts on the announcements based on our knowledge of the topics the day before the keynote. We’ll talk about Read More

ISC StormCast for Monday, September 25th 2017 September 24, 2017

Forensic Use of "mount --bind" https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/ Adobe Publishes Secret PGP Key By Mistake https://twitter.com/jupenur/status/911286403434246144 AVAST Publishes CCleaner Update https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident Compromised Android Keyboard App https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/

ISC StormCast for Friday, September 22nd 2017 September 21, 2017

More (Likely Fake) DDoS Extortion Attempts https://isc.sans.edu/forums/diary/Emails+threatening+DDoS+allegedly+from+Phantom+Squad/22856/ CVE-2017-8759 Used in Cyber Crime Attacks https://isc.sans.edu/forums/diary/Email+attachment+using+CVE20178759+exploit+targets+Argentina/22850/ CCleaner Command and Control Server http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html?m=1 Vulnerability in Intel Managment Engine Can Lead to Execution of Unsigned Code https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668

Episode 23 – Microsoft Planner September 21, 2017

In Episode 23, Ben and Scott cover Microsoft Planner, Microsoft’s work management solution for Office 365. Microsoft Cloud IT Pro Podcast at Ignite! YouTube Channel Microsoft Planner Product Page Microsoft Planner Microsoft Planner Limitations Office 365 Planner FAQ

ISC StormCast for Thursday, September 21st 2017 September 20, 2017

Newest Locky Update: RAR Attachments and "Invoice" E-Mails https://isc.sans.edu/forums/diary/Ongoing+Ykcol+Locky+campaign/22848/ Viacom S3 Bucket Leak https://www.upguard.com/breaches/cloud-leak-viacom iOS 11 Outlook.com Bug https://support.apple.com/en-us/HT208136

ISC StormCast for Wednesday, September 20th 2017 September 19, 2017

Mac-Robber Python Rewrite https://isc.sans.edu/forums/diary/New+tool+macrobberpy/22844/ Apache Tomcat Patch https://www.us-cert.gov/ncas/current-activity/2017/09/19/Apache-Releases-Security-Updates-Apache-Tomcat Apple Updates For iOS, Xcode, tvOS, watchOS and Safari https://support.apple.com/en-us/HT201222

ISC StormCast for Tuesday, September 19th 2017 September 19, 2017

CCleaner Compromise http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users Word INCLUDEPICTURE Feature Abuse https://securelist.com/an-undocumented-word-feature-abused-by-attackers/81899/ security.txt file https://www.ietf.org/id/draft-foudil-securitytxt-00.txt https://www.ietf.org/rfc/rfc2142.txt

ISC StormCast for Monday, September 18th 2017 September 17, 2017

Bashware: Bypassing Windows Security via Linux (WSL) https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/ Javascript Rogue Crypto Currency Miner https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/ NodeJS Hash Table DoS https://medium.com/@ahmadbamieh/nodejs-constant-hashtables-seeds-vulnerability-f03bf70e3593 HTTPS Interception https://blog.cloudflare.com/understanding-the-prevalence-of-web-traffic-interception/

ISC StormCast for Friday, September 15th 2017 September 14, 2017

Another Webshell; Another Backdoor https://isc.sans.edu/forums/diary/Another+webshell+another+backdoor/22826/ D-Link Vulnerability https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html Chrome To Label FTP As Insecure https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ More Google Play Store Malware https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/ Elasticsearch Botnet https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet

Episode 22 – Introduction to Exchange Online September 14, 2017

This week it's time to look at another pillar in the Office 365 stack. This week is an Introduction to Exchange Online! Exchange online could easily take several episodes if you go into any great depth, so we'll start off with just a high level overview. Expect some future episodes Read More

ISC StormCast for Thursday, September 14th 2017 September 13, 2017

No IPv6? Challenge Accepted https://isc.sans.edu/forums/diary/No+IPv6+Challenge+Accepted+Part+1/22820/ Exploiting CVE-2017-8759 https://www.mdsec.co.uk/2017/09/exploiting-cve-2017-8759-soap-wsdl-parser-code-injection/ Wordpress Plugin Found With Backdoor https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/

ISC StormCast for Wednesday, September 13th 2017 September 13, 2017

Microsoft Patch Tuesday https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html https://technet.microsoft.com/security/advisories BlueBorne Bluetooth Vulnerability http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf

ISC StormCast for Tuesday, September 12th 2017 September 11, 2017

Cisco Struts Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce Google Chrome Warning Users of Anti-Malware SSL Interception https://twitter.com/sashaperigo/status/906263091624591360 Machinelearning To Identify Malicious TLS Connections https://arxiv.org/pdf/1607.01639.pdf Comodo Breaking CAA Standard https://www.mail-archive.com/[email protected]/msg08027.html

ISC StormCast for Monday, September 11th 2017 September 11, 2017

Analyzing JPEG Files https://isc.sans.edu/forums/diary/Analyzing+JPEG+files/22806/ Auditing Windows With WINspect https://isc.sans.edu/forums/diary/Windows+Auditing+with+WINspect/22810/ Windows PSSetLoadImageNotifyRoutine Vulnerability https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/ IOTA Cryptocurrency Vulnerable Hash Function https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367

ISC StormCast for Friday, September 8th 2017 September 07, 2017

Yet Another Struts RCE Vulnerability https://struts.apache.org/docs/s2-053.html Equifax Compromise https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack Hash Extension Flaws https://isc.sans.edu/forums/diary/Modern+Web+Application+Penetration+Testing+Hash+Length+Extension+Attacks/22792/ Matt Hosburgh: Offensive Intrusion Analysis: Uncovering Insiders with Threat Hunting and Active Defense

Episode 21 – Office 365 News for August 2017 September 07, 2017

We're back with your Microsoft Cloud news for August 2017. This month we've got some exciting updates on Microsoft Ignite, where Microsoft stands in the collaboration space, and a bunch of platform updates! Microsoft Cloud IT Pro Podcast Live from Ignite! Microsoft OneDrive recognized as a Leader in Gartner Magic Quadrant Read More

ISC StormCast for Thursday, September 7th 2017 September 06, 2017

Struts2 Metasploit Module https://github.com/rapid7/metasploit-framework/pull/8924/commits/5ea83fee5ee8c23ad95608b7e2022db5b48340ef Google Docs Table With Hacked MongoDB Databases https://docs.google.com/spreadsheets/d/1QonE9oeMOQHVh8heFIyeqrjfKEViL0poLnY8mAakKhM/edit#gid=1781677175 Bypassing Cloudflare https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/

ISC StormCast for Wednesday, September 6th 2017 September 05, 2017

A Look Back At Nira and What's Next https://isc.sans.edu/forums/diary/The+Mirai+Botnet+A+Look+Back+and+Ahead+At+Whats+Next/22786/ New Struts Vulnerability and Patch https://isc.sans.edu/forums/diary/Struts+vulnerability+patch+released+by+apache+patch+now/22788 Mastercard Internet Gateway Service Flaw http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/ Mac OS X High Sierra Insecure Kernel Module Loading https://objective-see.com/blog/blog_0x21.html

ISC StormCast for Tuesday, September 5th 2017 September 04, 2017

Locky Ransom Ware is Back and This Time Pretents to Be a Font https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/ When is a PDF Just a PDF? https://isc.sans.edu/forums/diary/It+is+a+resume+Part+1/22780/ Asterisk Vulnerable to RTPBleed https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleed Arris AT&T Modems With Backdoor https://www.nomotion.net/blog/sharknatto/

ISC StormCast for Friday, September 1st 2017 August 31, 2017

Is Remote Work Feasible in a SOC? https://isc.sans.edu/forums/diary/Remote+SOC+Workers+Concerns/22772/ Linux Random Number Generator Reviewed https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5 Adobe Acrobat and Reader Security Patch https://blogs.adobe.com/psirt/?p=1484 Turning Speakers into Microphones https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf

Older Entries Newer Entries