Tech News

Packet Captures Filtered By Process https://isc.sans.edu/forums/diary/Packet+Captures+Filtered+by+Process/22296/ C-LDAP Used to Amplify DDoS Attack https://isc.sans.edu/forums/diary/Akamai+reports+UDP+DDOS+Using+CLDAP+reaching+24Gbps/22300/ Juniper Updates https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES SAP Patches Code Injection in TREX https://erpscan.com/press-center/press-release/critical-vulnerability-affects-sap-hana-dozen-sap-applications/ More Details About Dallas Siren Hack https://duo.com/blog/the-dallas-county-siren-hack

Mole Ransomware Delivered via Fake USPS E-Mails https://isc.sans.edu/forums/diary/Malspam+on+20170411+pushes+yet+another+ransomware+variant/22290/ Identifying HTTPS-Protected Netflix Videos in Real-Time https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf SMS Messages Used to Control Oven https://www.pentestpartners.com/blog/iot-Aga-cast-iron-security-flaw/ Android Hardening TLS Use https://android-developers.googleblog.com/2017/04/android-o-to-drop-insecure-tls-version.html

MSFT/Adobe Patch Tuesday https://isc.sans.edu/forums/diary/April+2017+Microsoft+Patch+Tuesday/22288/ Solaris 0-Day https://twitter.com/hackerfantastic/status/851555538597011460 OWASP Top 10 Update https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf

TPLink Modem Responds With Admin Password to SMS http://www.theregister.co.uk/2017/04/10/tplink_3gwifi_modem_spills_credentials_to_an_evil_text_message/ Fake Google Map Weblinks https://www.bleepingcomputer.com/news/google/thousands-of-fake-google-maps-listings-redirect-users-to-fraudulent-sites-each-month/ Apple Fixes Apple Music For Android http://seclists.org/bugtraq/2017/Apr/26 Dalles Sirens Hacked via Wireless Attacks http://www.theregister.co.uk/2017/04/10/hackers_set_off_dallas_emergency_siren_system/ NATO Discovers (finally?) that IPv6 Can be Used As a Covert Channel https://t.co/FvSSwhtUH7

Domain Whitelisting with Alexa and Umbrella Lists (and update) https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists/22270/ https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists+update/22274/ SANS Security West (San Diego) https://www.sans.org/event/sans-security-west-2017 Dallas Tornado Sirens Hacked https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/?utm_term=.ca706deea318 Shadowbroker Files https://github.com/x0rz/EQGRP Word Vulnerability https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/

Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks https://www.sec.cs.tu-bs.de/pubs/2017-asiaccs.pdf Cisco Aironet Default Credentials https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame Intercepting Two-Factor Authentication https://breakdev.org/evilginx-advanced-phishing-with-two-factor-authentication-bypass/ QNAP NAS Vulnerabilities https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt

Whitelists: The Holy Grail of Attackers https://isc.sans.edu/forums/diary/Whitelists+The+Holy+Grail+of+Attackers/22262/ Java Struts2 Vulnerability Used To Install Ransomware https://isc.sans.edu/forums/diary/Java+Struts2+Vulnerability+Used+To+Install+Cerber+Crypto+Ransomware/22264/ Brazilian Bank Looses Control Over Domains https://threatpost.com/lessons-from-top-to-bottom-compromise-of-brazilian-bank/124770/ Google Android April Patch Day https://source.android.com/security/bulletin/2017-04-01#security-vulnerability-summary Radware Observes "BrickerBot" Destroying Devices https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/ Struts2 Vulnerability Webcast https://www.sans.org/webcasts/struts-shock-current-attacks-struts2-defend-104787

Exploiting Broadcom's Wi-Fi Stack https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html Covert Channel Between Virtual Machines Via CPU Cache https://cmaurice.fr/pdf/ndss17_maurice.pdf 40 Vulnerabilities in Samsung Tizen https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities

Apple Releases iOS 10.3.1 to Remedy Wifi Remote Code Execution https://support.apple.com/en-us/HT207688 Practical Use of SHA1 Collisions: ISO Images https://isc.sans.edu/forums/diary/A+Practical+Use+for+a+SHA1+Collision/22257/ Microsoft Defender False Positive https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FBluber.A Cracking Weak Session Secrets https://martinfowler.com/articles/session-secret.html Skype Malvertising Advertises Fake Flash Players https://www.bleepingcomputer.com/news/security/skype-malvertising-campaign-pushes-fake-flash-player/

Google Discovers More LastPass Vulnerabilities; https://bugs.chromium.org/p/project-zero/issues/detail?id=1225&desc=6 Attacking KeePass https://www.slideshare.net/harmj0y/a-case-study-in-attacking-keepass https://github.com/HarmJ0y/KeeThief Bypassing Cylance http://www.blackhillsinfosec.com/?p=5792 Mimi Penguin: Extracting Credentials From Memory on Linux Tools https://github.com/huntergregal/mimipenguin Windows 2003 / IIS 6 Exploit https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html https://github.com/rapid7/metasploit-framework/pull/8162

Diverting built-in features for the bad https://isc.sans.edu/forums/diary/Diverting+builtin+features+for+the+bad/22250/ Fake Job Offers to GitHub Developers Include Malware http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/ Drones With Lasers! https://arxiv.org/pdf/1703.07751.pdf

Logical and Physical Security Correlation https://isc.sans.edu/forums/diary/Logical+Physical+Security+Correlation/22243/ Recent Mirai DDoS Attacks https://www.incapsula.com/blog/new-mirai-variant-ddos-us-college.html Crusader Injects Fake Support Phone Numbers into Websites https://www.bleepingcomputer.com/news/security/adware-replaces-phone-numbers-for-security-firms-returned-in-search-results/ VMWare Closes Pwn2Own Guest Escape Vulnerabilities http://www.vmware.com/security/advisories/VMSA-2017-0006.html Apple iCloud for Windows Update https://support.apple.com/de-de/HT207607

New Exploit Variant for Recent Struts2 Vulnerability https://blog.gdssecurity.com/labs/2017/3/27/an-analysis-of-cve-2017-5638.html PoC Exploit for iBook ePub Javascript Vulnerability https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html Microsoft Docs.com Leak https://twitter.com/gossithedog/status/845446263244050434 Symantec SSL CA tool https://www.renditioninfosec.com/socapps/sslcheck/index.php

Apple Updates https://support.apple.com/en-us/HT201222 IIS 6 / Windows Server 2003 Exploit https://github.com/edwardz246003/IIS_exploit/blob/master/exploit.py Symantec SSL Update https://www.symantec.com/connect/blogs/message-our-ca-customers

Google Announces Removal of Symantec CAs for Extended Validation https://www.symantec.com/connect/blogs/symantec-backs-its-ca https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/symantec/README.md Spoofing Referrer in Microsoft Edge https://www.brokenbrowser.com/referer-spoofing-patch-bypass/ Smart TV Compromise Via Broadcast Signals https://www.youtube.com/watch?v=bOJ_8QHX6OA Defending Web Applications Class https://www.sans.org/event/sans-security-west-2017/course/defending-web-applications-security-essentials

"Swearing Trojan" Uses Fake BTSs To Spread Malware http://blog.checkpoint.com/2017/03/21/swearing-trojan-continues-rage-even-authors-arrest/ Lastpass Updates ClickJacking Exploit (Again) https://bugs.chromium.org/p/project-zero/issues/detail?id=1188&desc=2 Application Verifier "Bug" https://github.com/ionescu007/HookingNirvana/blob/master/Esoteric%20Hooks.pdf

Criminals Threaten to Erase Millions of iCloud Conntected Apple devices https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom?utm_source=vicefbus Siemens Control Systems Affected by Fake Firmware https://dragos.com/blog/mimics/ GitHub Used for C&C http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/ Adium IM Vulnerable to Older libpurple Issue http://seclists.org/fulldisclosure/2017/Mar/57

Password Encrypted Word File Delivers Malware https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+documents/22203/ Critical LastPass Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1209 Nest Camera Bluetooth Vulnerability https://github.com/jasondoyle/Google-Nest-Cam-Bug-Disclosures/blob/master/README.md

CISCO Releases Advisory With Details Regarding CMP Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp Pwn2Own Contest Leads to Exploits Against All Browsers (and VM!) https://www.zerodayinitiative.com/blog/2017/3/17/the-results-pwn2own-2017-day-three Git Moving Away From SHA1 (likely to SHA3) https://news.ycombinator.com/item?id=13906804 Proxy Security https://isc.sans.edu/forums/diary/What+is+really+being+proxied/22165/ https://www.us-cert.gov/ncas/alerts/TA17-075A

An Example of a Multiple States Dropper https://isc.sans.edu/forums/diary/Example+of+Multiple+Stages+Dropper/22197/ Real-World Wiretaping Attacks Against ZRTP https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf Authenticating Against MySQL Server Using a Hashed Password https://github.com/cyrus-and/mysql-unsha1