Tech News

NanoCore RAT Malspam Update https://isc.sans.edu/forums/diary/Malspam+delivers+NanoCore+RAT/21615/ Dirty Cow Privilege Escalation Flaw https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 Lexmark Markvision Enterprise Application Vulnerability https://www.digitaldefense.com/blog-zero-day-lexmark-markvision/ WebRTC Security Overview https://webrtc-security.github.io UPnP Scanner https://www.tenable.com/blog/do-you-know-where-your-upnp-is

Spam Delivered Via .ICS Files https://isc.sans.edu/forums/diary/Spam+Delivered+via+ICS+Files/21611/ Comodo OCR Errors Leads to SSL Certificate Verification Issues https://heise.de/-3354229 (german only) Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Images Used to Exfiltrate CC Numbers From Web Stores https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.html

SSL Client Hellos Soliciting SSH Banners from HAProxy https://isc.sans.edu/forums/diary/OpenSSH+Protocol+Mismatch+In+Response+to+SSL+Client+Hello/21609/ Dyre is Back as Trickbot http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html How Stolen iPhones Are Unlocked https://www.linkedin.com/pulse/sin-card-how-criminals-unlocked-stolen-iphone-6s-renato-marinho?trk=pulse_spock-articles

Mozilla Users Reach 50% Https https://twitter.com/0xjosh/status/786971412959420424/photo/1 Retrieving LastPass Passwords From Memory https://techanarchy.net/2016/10/extracting-lastpass-site-credentials-from-memory/ Yahoo MITM Due To Weak Crossdomain.xml Configuration https://github.com/JordanMilne/YMail-Pineapple

PseudoDakrleech Uses Rig Exploit Kit to Spread Cerber https://isc.sans.edu/forums/diary/pseudoDarkleech+Rig+EK/21595/ Decoder.xls to Decode Word Malicious Macro https://isc.sans.edu/forums/diary/Analyzing+Office+Maldocs+With+Decoderxls/21601/ Auditing SSH Servers https://github.com/arthepsy/ssh-audit How Not To User HTML Purifier https://devwerks.net/blog/16/how-not-to-use-html-purifier/

Mount Docker Filesystems with docker-mount.py https://isc.sans.edu/forums/diary/New+tool+dockermountpy/21589/ Global Sign OCSP Mess Up Invalidates Countless Certs https://downloads.globalsign.com/acton/fs/blocks/showLandingPage/a/2674/p/p-008f/t/page/fm/0 Cisco Releases LockyDump http://blog.talosintel.com/2016/10/lockydump.html Google Updates Chrome https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html DXXD Ransomware Infected un-mapped Shares http://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/

WiFi Still Remains a Good Attack Vector https://isc.sans.edu/forums/diary/WiFi+Still+Remains+a+Good+Attack+Vector/21583/ AVTECH IP Camera Vulnerabilities http://seclists.org/bugtraq/2016/Oct/26 SAP Patches 3 Year Old Bug in P4 https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/ 1024 bit DSA Keys Factored https://eprint.iacr.org/2016/961.pdf

Microsoft and Adobe Patches https://isc.sans.edu/mspatchdays.html?viewday=2016-10-11 https://helpx.adobe.com/security/products/acrobat/apsb16-33.html http://www.minixforum.com/threads/neo-z64w-doesnt-start-anymore-after-windows-10-update-help.14122/ Review of Browsers SSL Failures https://docs.google.com/document/d/1b7lenmn5XO06QohaJzVffnJxjXjY1rD70wg34gfuxRo/edit#heading=h.w6vk76mv9e6n New Malware Targeting SWIFT Users http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks

Radare's Rehash Utility CAn calculate File Entropy https://isc.sans.edu/forums/diary/Radare2+rahash2/21577/ Spoofing IPs Still works https://idea.popcount.org/2016-09-20-strange-loop---ip-spoofing/ EU Commission Plants IoT Labeling http://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/

First Hurricane Matthew Phish Impersonating Stripe https://isc.sans.edu/forums/diary/First+Hurricane+Matthew+related+Phish/21571/ Samsung Galaxy S6 "KNOXOut" Vulnerability http://media.wix.com/ugd/4e84e6_668d564cc447434a9a8fda3c13a63f6a.pdf Windows 10 Anniversary Edition Improves IE 10 XSS Protection http://mksben.l0.cm/2016/10/xss-via-referrer.html

More Honeypot Fun https://isc.sans.edu/forums/diary/Checking+my+honeypot+day/21561/ OS X Webcam Exploit https://objective-see.com/products/oversight.html iOS 10 Private Browsing https://www.intaforensics.com/2016/09/30/ios-10-private-browsing-how-private-is-it/ Hacked Steam Accounts Used to Spread Malware http://www.bleepingcomputer.com/news/security/hacked-steam-accounts-spreading-remote-access-trojan/ Please Report Any Hurricane Matthew Related Malware/Scams https://isc.sans.edu/contact.html

Securing the Human Newsletter https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201610_en.pdf "Security Fatigue" https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly "Selfi Pay" Facial Recognition http://www.theregister.co.uk/2016/10/05/mastercard_selfie_pay/ "MarsJoke" Ransomware Decrypted https://threatpost.com/researchers-break-marsjoke-ransomware-encryption/121022/

SSL Requests to Non-SSL Web Servers https://isc.sans.edu/forums/diary/SSL+Requests+to+nonSSL+HTTP+Servers/21551/ Insulin Pump Vulnerablities https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump SSH Konami Codes http://pen-testing.sans.org/blog/2015/11/10/protected-using-the-ssh-konami-code-ssh-control-sequences Cyber Security Awareness Month https://securingthehuman.sans.org/blog/2016/10/02/week01-kicking-off-ncsam/ OpenJPEG Flaw http://blog.talosintel.com/2016/09/vulnerability-spotlight-jpeg2000.html

Password Buddies https://isc.sans.edu/forums/diary/Password+Buddies+A+Better+Way+To+Reset+Passwords/21547/ iMessage Data Leakage http://rsmck.co.uk/blog/imessage-preview/ Exploiting HP Thin Client http://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html

The Short Life of a Vulnerable DVR Connected to the Internet https://isc.sans.edu/forums/diary/The+Short+Life+of+a+Vulnerable+DVR+Connected+to+the+Internet/21543/ Another Day, Another Malicious Behaviour https://isc.sans.edu/forums/diary/Another+Day+Another+Malicious+Behaviour/21539/ Capcom's Streetfighter V Anti Cheat Tool Allows Privilege Escalation https://twitter.com/TheWack0lian/status/779397840762245124/photo/1?ref_src=twsrc%5Etfw Apple Joins Mozilla In Distrusting WoSign https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/lWJ1zdUJPLI "Footprints" Browser Extension Demonstrate Unmasking User's Idendity https://footprints.stanford.edu

Turning the lights off with SNMP https://isc.sans.edu/forums/diary/SNMP+Pwn3ge/21533/ Yahoo! Anwers Used in Command and Control Networks http://researchcenter.paloaltonetworks.com/2016/09/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/ Dlink Router Includes Stupid Simple UDP Backdoor https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html Hikvision XXE Vulnerability https://medium.com/@iraklis/an-unlikely-xxe-in-hikvisions-remote-access-camera-cloud-d57faf99620f#.qukzihoew

Rig Exploit Kit Used to Spread Locky Ransomware https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+from+the+Afraidgate+Campaign/21531/ Facebook Releases osquery for Windows https://blog.trailofbits.com/2016/09/27/windows-network-security-now-easier-with-osquery/ Update Cowrie and "New" Default Password used in Internet Wide Scans https://isc.sans.edu/ssh.html?pw=xc3511 BIND Name Server Update https://kb.isc.org/article/AA-01393/74/CVE-2016-2775%3A-A-query-name-which-is-too-long-can-cause-a-segmentation-fault-in-lwresd.html Various Cisco DoS Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x?product=NonCisco#~Vulnerabilities

Back in Time Memory Forensics https://isc.sans.edu/forums/diary/Back+in+Time+Memory+Forensics/21527/ Cameras Responsible For Large DDoS Attacks https://twitter.com/olesovhcom/status/779297257199964160 Google Releases CSP Support Tools https://csp-evaluator.withgoogle.com https://chrome.google.com/webstore/detail/csp-mitigator Microsoft Launches "fuzzing-as-a-service" https://www.microsoft.com/en-us/springfield/

Decompiling P-Code https://isc.sans.edu/forums/diary/VBA+and+Pcode/21521/ Lenovo To Add FIDO Compliant Fingerprint Reader http://www.theregister.co.uk/2016/09/26/intel_and_lenovo_give_the_finger_to_passwords_with_fido/ More Details On Simpler Password Hasing in iOS 10 https://twitter.com/thorsheim/status/779207177416351744 Mozilla to Remove WoSign and StartCom From Trusted List https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview

Analyzing Malicious .PUB files https://isc.sans.edu/forums/diary/PUB+Analysis/21517/ iOS 10 Backup Passwords Easier to Crack http://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/ Windows 10 Certificate Pinning of Microsoft Domains http://hexatomium.github.io/2016/09/24/hidden-w10-pins/ IBM Geoblocking Fail For Australian Census http://www.aph.gov.au/DocumentStore.ashx?id=124f22ba-caaa-46ff-899d-7d96851fee3e&subId=414127 97% Of Fortune 1000 Companies Have Leaked Credentials http://info.digitalshadows.com/rs/457-XEY-671/images/CompromisedCredentials-LearnFromtheExposureoftheWorlds1000BiggestCompanies-Download.pdf