Tech News

ISC StormCast for Monday, June 12th 2017 June 11, 2017

SAMBA Vulnerability Exploited To Install Bitcoin Miners https://securelist.com/78674/sambacry-is-coming/ Intel's AMT Technology Used For Covert Channel https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/ Broadcom Vulnerablities to be Announced https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets Release Lag In National Vulnerablity Database https://www.recordedfuture.com/vulnerability-disclosure-delay/

ISC StormCast for Friday, June 9th 2017 June 08, 2017

Cisco Prime Data Center Network Manager Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2 Oracle Peoplesoft Default Accounts https://erpscan.com/press-center/blog/peoplesoft-default-accounts/ FOSCAM Camera Default Passwords and Other Vulnerabilities http://images.news.f-secure.com/Web/FSecure/%7B43df9e0d-20a8-404a-86d0-70dcca00b6e5%7D_vulnerabilities-in-foscam-IP-cameras_report.pdf Android Malware With Code Injections https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/ STI Student John Dittmer: Legal Implication of Vulnerablity Scans https://www.sans.org/reading-room/whitepapers/legal/minimizing-legal-risk-cybersecurity-scanning-tools-37522

ISC StormCast for Thursday, June 8th 2017 June 07, 2017

Deceptive Advertisements: What They Do And Where They Come From https://isc.sans.edu/forums/diary/Deceptive+Advertisements+What+they+do+and+where+they+come+from/22494/ Instagram as Covert Channel https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/ Domain Shadowing Used in Rik Exploit Kit https://blogs.rsa.com/shadowfall/

ISC StormCast for Wednesday, June 7th 2017 June 06, 2017

Finding XOR Keys Part 2 https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+2/22490/ Instagram Stories Not Using TLS https://vvyper.com/2017/05/22/instagram-stories-ssl/ Printer "Dots" May Have Lead to Arrest of NSA Contractor http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html#.WTc9SMbMyRt Exfiltrating Data via Blinking LED https://arxiv.org/abs/1706.01140

ISC StormCast for Tuesday, June 6th 2017 June 05, 2017

Finding XOR Keys Used To Encode Malware https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+1/22486/ Citywide IMSI Discovery https://seaglass.cs.washington.edu Hijacking Country Level Domains https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html

ISC StormCast for Monday, June 5th 2017 June 04, 2017

Phishing Campaigns for Bitcoin https://isc.sans.edu/forums/diary/Phishing+Campaigns+Follow+Trends/22482/ Mouseover May Trigger Powerpoint Macro https://www.dodgethissecurity.com/2017/06/02/new-powerpoint-mouseover-based-downloader-analysis-results/ Vault 7 "Pandemic" Tool https://wikileaks.org/vault7/document/Pandemic-1_1-S-NF/Pandemic-1_1-S-NF.pdf Mozilla Considering Move Away From OCSP https://bugzilla.mozilla.org/show_bug.cgi?id=1366100 Defending Web Application Security Minneapolis https://www.sans.org/event/minneapolis-2017 Intrusion Detection in Depth Columbia MD https://www.sans.org/event/columbia-2017/course/intrusion-detection-in-depth

ISC StormCast for Friday, June 2nd 2017 June 01, 2017

Sharing Private Data With Webcast Invitations https://isc.sans.edu/forums/diary/Sharing+Private+Data+with+Webcast+Invitations/22478/ onelogin breach https://www.onelogin.com/blog/may-31-2017-security-incident Google AMP Phishing https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/ STI Student Paper: Kevin Kelly Tesla Crypt https://www.sans.org/reading-room/whitepapers/bestprac/indicators-compromise-teslacrypt-malware-37622

ISC StormCast for Thursday, June 1st 2017 May 31, 2017

Analysis of Competing Hypotheses, WCry and Lazarus https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+WCry+and+Lazarus+ACH+part+2/22470/ Windows XP Not Stable Enough for WannaCry https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html Mexican Biker Gang Uses Jeep Database to Steal Car https://regmedia.co.uk/2017/05/31/indictment5_30.pdf Dangers of Public WAS Snapshots https://www.nvteh.com/news/problems-with-public-ebs-snapshots

ISC StormCast for Wednesday, May 31st 2017 May 31, 2017

FreeRADIUS Vulnerability https://isc.sans.edu/forums/diary/FreeRadius+Authentication+Bypass/22466/ Microsoft Malware Protection Engine Update http://seclists.org/microsoft/2017/q2/8 Chrome UI Bug May Allow Unnoticed Recording https://medium.com/@barzik/the-new-html5-video-audio-api-has-privacy-issues-on-desktop-chrome-5832c99c7659 AWS Auditing Tools https://summitroute.com/blog/2017/05/30/free_tools_for_auditing_the_security_of_an_aws_account/ SANS Social Denver June 14th https://pages.sans.org/denversocial

ISC StormCast for Tuesday, May 30th 2017 May 29, 2017

Analysis of Competing Hypotheses https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+ACH+part+1/22460/ Microsoft Master File Table BSOD Exploit http://www.theregister.co.uk/2017/05/29/microsoft_master_file_table_bug_exploited_to_bsod_windows_7_81/ SMTP Split Tunnel / Transparent Proxy Exploit https://blog.securolytics.io/2017/05/split-tunnel-smtp-exploit-explained/

ISC StormCast for Friday, May 26th 2017 May 25, 2017

Samba Remote Code Execution Vulnerability https://isc.sans.edu/forums/diary/Critical+Vulnerability+in+Samba+from+350+onwards/22452/ Pacemaker Vulnerabilities http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html Patching May have Affected Access to Australian Health Systems http://www.cairnspost.com.au/news/cairns-hospital-suffers-software-catastrophe-with-possible-loss-of-patient-data/news-story/c828de3f4a0f73132ec3d19284cbae88

ISC StormCast for Thursday, May 25th 2017 May 24, 2017

Jaff Ransomware Gets a Makeover https://isc.sans.edu/forums/diary/Jaff+ransomware+gets+a+makeover/22446/ OpenVPN Access Server Vulnerability http://seclists.org/oss-sec/2017/q2/332 Large Credential Dumps Used in Password Brute Forcing Attacks http://info.digitalshadows.com/AccountTakeover-WhitePapersPage_Registration.html

ISC StormCast for Wednesday, May 24th 2017 May 23, 2017

Multiple Video Players are Vulnerable to Code Execution via Subtitle Files http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ Samsung Galaxy S8 Iris Scanner Bypass https://www.ccc.de/en/updates/2017/iriden Verizon XSS Flaw in Web Messaging Application https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages

ISC StormCast for Tuesday, May 23rd 2017 May 22, 2017

Fake "Uber Disputes" Site Lures Victims With Valid TLS Certificate https://isc.sans.edu/forums/diary/Investigating+Sites+After+They+are+Gone+And+a+Case+of+Uber+Phishing+With+SSL/22440/ Let's Encrypt Outage http://letsencrypt.status.io/pages/history/55957a99e800baa4470002da https://community.letsencrypt.org/t/ocsp-and-issuance-outage-2017-05-19/34506 More ImageMagik Flaws https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html

ISC StormCast for Monday, May 22nd 2017 May 21, 2017

Typosquatting: A recent example and what to do with look alike domains https://isc.sans.edu/forums/diary/Typosquatting+Awareness+and+Hunting/22436/ Netgear Collecting Analytics Data in Recent Update https://kb.netgear.com/000038663/What-router-analytics-data-is-collected-and-how-is-the-data-being-used-by-NETGEAR disable: https://kb.netgear.com/000038661/How-do-I-Enable-Disable-Router-Analytics-Data-Collection WannaCry Updates https://venturebeat.com/2017/05/19/ransomware-wannacry-causes-fewer-tears-than-feared/ LastPass Authenticator Cloud Backup https://blog.lastpass.com/2017/05/announcing-cloud-backup-for-lastpass-authenticator-easier-multifactor-security-for-everyone.html/

ISC StormCast for Friday, May 19th 2017 May 18, 2017

Discovering Relevant CVEs with CVE Bot https://isc.sans.edu/forums/diary/My+Little+CVE+Bot/22432/ Probablility of Vulnerability Re-Discovery https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758 Wannakey May Recover WannaCry Keys https://github.com/aguinet/wannakey Finding Bad With Splunk https://www.sans.org/reading-room/whitepapers/critical/finding-bad-splunk-3748

ISC StormCast for Thursday, May 18th 2017 May 18, 2017

Handbreak Proton Malware Used to Steal Sourcecode https://panic.com/blog/stolen-source-code/ NIST Password Guidance Update https://isc.sans.edu/forums/diary/Wait+What+We+dont+have+to+change+passwords+every+90+days/22428/ Exploiting XXE Vulnerabilities in Peoplesoft https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce

ISC StormCast for Wednesday, May 17th 2017 May 16, 2017

Docusign Breach Leads to Increase in Phishing Email https://trust.docusign.com/en-us/personal-safeguards/ HP Updates Audio Drivers (twice) to Remove Keylogger https://support.hp.com/us-en/document/c05519670 Chrome File Download Behaviour Can Lead to SMB Credential Theft http://defensecode.com/news_article.php?id=21

ISC StormCast for Tuesday, May 16th 2017 May 15, 2017

Apple Updates Everything https://support.apple.com/en-us/HT201222 OpenVPN Audit Results https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-evaluation-summary-report/ Italian Car Insurance Leaks User Driving Data https://www.andreascarpino.it/posts/how-my-car-insurance-exposed-my-position.html

ISC StormCast for Monday, May 15th 2017 May 14, 2017

WannaCry Malware Links Latest updates see https://isc.sans.edu Webcast: https://www.sans.org/webcasts/special-webcast-wannacry-ransomeware-threat-105160 PowerPoint: https://isc.sans.edu/presentations/WannaCry.ppt

Older Entries Newer Entries