Tech News

DNS Cmd and Ctrl via AAAA Records https://isc.sans.edu/forums/diary/Command+and+Control+Channels+Using+AAAA+DNS+Records/21301/ Microsoft Authenticator https://blogs.technet.microsoft.com/enterprisemobility/2016/07/25/microsoft-authenticator-coming-august-15th/ WPAD May Leak HTTPS URLs http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/ HOnions: Tor Servers To Discover Snooping Tor Nodes https://regmedia.co.uk/2016/07/25/10_honions-sanatinia.pdf

Python Malware - Part 4 https://isc.sans.edu/forums/diary/Python+Malware+Part+4/21297/ Powerware Decrypter https://github.com/pan-unit42/public_tools/blob/master/powerware/powerware_decrypt.py No More Ransomware https://www.nomoreransom.org Pangu iOS 9.3.3 Jailbrake http://en.pangu.io Safe Skies TSA Keys Duplicated http://www.3ders.org/articles/20160725-hackers-create-3d-printed-tsa-safe-skies-master-key-for-luggage-release-blueprints.html

NIST Digital Authentication Guide Preview https://github.com/usnistgov/800-63-3 Powerware Ransomware Spoofing Locky http://researchcenter.paloaltonetworks.com/2016/07/unit42-powerware-ransomware-spoofing-locky-malware-family/ SAP HANA Security Advisory http://www.onapsis.com/research/security-advisories Pokemon Go Forensics https://www.gillware.com/forensics/blog/mobile-forensics/oh-no-pokemon-go-forensic-artifacts

A Practice ntds.dit File For Hash Extraction and Password Cracking https://isc.sans.edu/forums/diary/Practice+ntdsdit+File/21287/ Mozilla Further Reducing Flash Content https://blog.mozilla.org/futurereleases/2016/07/20/reducing-adobe-flash-usage-in-firefox/ Little Snitch Update https://www.obdev.at/products/littlesnitch/releasenotes.html PHP 7.0.9 / 5.6.24 Released (fixes httpoxy vulnerability) http://php.net/ChangeLog-7.php#7.0.9 http://www.php.net/ChangeLog-5.php#5.6.24 Google Chrome Update http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Oracle Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html DNS Root Key Rotation http://schd.ws/hosted_files/icann562016/60/Matt%20Larson%20ICANN56%20KSK%20roll%20briefing.pdf Anti-Malware Codehooking Vulnerabilities http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/ More Details Regaring Apple's Image I/O Vulnerablity http://www.talosintelligence.com/reports/TALOS-2016-0171/ Hidden Backdoor in Dell Security Software https://www.digitaldefense.com/ddi-six-discoveries/

Objective Systems ASN1C Compiler Creates Vulnerable Code https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080 Office Maldoc Analysis https://isc.sans.edu/forums/diary/Office+Maldoc+Lets+Focus+on+the+VBA+Macros+Later/21275/ Defeating GMail's Malicious Macro Signatures https://warroom.securestate.com/bypassing-gmails-malicious-macro-signatures/

httpoxy Vulnerability https://isc.sans.edu/forums/diary/HTTP+Proxy+Header+Vulnerability+httpoxy/21271/ Apple Security Updates https://support.apple.com/en-us/HT201222 Toll Number Calling via Two Factor Authentication https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/

More Python Malware Critical Juniper Vulnerability https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search MS16-053 Included in Neutrino Exploit Kit https://www.fireeye.com/blog/threat-research/2016/07/exploit_kits_quickly.html SSH Username Disclosure http://seclists.org/fulldisclosure/2016/Jul/51

The Power of Web Shells https://isc.sans.edu/forums/diary/The+Power+of+Web+Shells/21257/ Airtel India Intercepting Cloudflare Traffic https://medium.com/@karthikb351/airtel-is-sniffing-and-censoring-cloudflares-traffic-in-india-and-they-don-t-even-know-it-90935f7f6d98#.g78ucnpo6 WordPress SEO Pack Plugin Persistent Cross Site Scripting https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_all_in_one_seo_pack_wordpress_plugin.html Github Releases synsanity SYN Flood Defense http://githubengineering.com/syn-flood-mitigation-with-synsanity/ MS16-094 Prevents Booting Linux On Microsoft Surface http://www.theregister.co.uk/2016/07/15/windows_fix_closes_rt_unlock_loophole/

Hunting for Malicious Files with MISP + OSSEC https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Files+with+MISP+OSSEC/21251/ Drupal: Patch released today to fix a highly critical RCE in contributed modules https://isc.sans.edu/forums/diary/Drupal+Patch+released+today+to+fix+a+highly+critical+RCE+in+contributed+modules/21255/ Riffle anonymity network trying to compete with tor http://people.csail.mit.edu/devadas/pubs/riffle.pdf

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+July+2016/21249/ "Ranscam" Ransom Ware Deleted Data http://blog.talosintel.com/2016/07/ranscam.html

Hiding in White Text: Word Documents with Embedded Payloads https://isc.sans.edu/forums/diary/Hiding+in+White+Text+Word+Documents+with+Embedded+Payloads/21227/ Pokemon Go Requests "Full Access" to iOS User's Google Account http://adamreeve.tumblr.com/post/147120922009/pokemon-go-is-a-huge-security-risk Hacking Siri With Barely Audible Voice Commands https://security.cs.georgetown.edu/~tavish/hvc_usenix.pdf iOS Users Locked Out of Devices by Ransom Attacks http://www.csoonline.com/article/3093016/security/apple-devices-held-for-ransom-rumors-claim-40m-icloud-accounts-hacked.html Contact Form For Feedback https://isc.sans.edu/contact.html

Pentesters (and Attackers) Love Internet Connected Security Cameras! https://isc.sans.edu/forums/diary/Pentesters+and+Attackers+Love+Internet+Connected+Security+Cameras/21231/ Lessons Learned From Industrial Control Systems https://isc.sans.edu/forums/diary/Lessons+Learned+from+Industrial+Control+Systems/21243/ BMW Portal Insecurity http://www.vulnerability-lab.com/get_content.php?id=1736 http://www.vulnerability-lab.com/get_content.php?id=1737 Pokemon Go App Used To Rob Users https://regmedia.co.uk/2016/07/10/34798567498753.pdf Facebook Messenger End-to-End Encryption http://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/

Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste? https://isc.sans.edu/forums/diary/Patchwork+Is+it+still+Advanced+if+all+you+have+to+do+is+CopyPaste/21235/ OUCH Newsletter https://securingthehuman.sans.org/resources/newsletters/ouch/2016#july2016 Discovering Malware in TLS Traffic http://arxiv.org/abs/1607.01639 TP-Link Uses tplinklogin.net Domain http://thehackernews.com/2016/07/tp-link-router-setting.html

CryptXXX Update https://isc.sans.edu/forums/diary/CryptXXX+ransomware+updated/21229/ Symantec Patches On the Way (but not fast) https://twitter.com/taviso?lang=en Android Adware/Malware https://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf HP Updates Comware and VCX Routers https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05184351 Tracking Devices With Randomized Wifi MAC Addresses http://papers.mathyvanhoef.com/asiaccs2016.pdf

Apache Fixes Critical HTTP/2 TLS Authentication Flaw https://isc.sans.edu/forums/diary/Apache+Update+TLS+Certificate+Authentication+Bypass+with+HTTP2+CVE20164979/21223/ Gigabyte and HP Motherboards Affected by "ThinkPwn" UEFI Vulnerability https://twitter.com/al3xtjames UK Police Data Breaches https://www.bigbrotherwatch.org.uk/wp-content/uploads/2016/07/Safe-in-Police-Hands.pdf Mac Malware Uses Tor For C&C https://labs.bitdefender.com/2016/07/new-mac-backdoor-nukes-os-x-systems/ Front Door Intercom Backdoor http://www.synacktiv.ninja/ressources/NDH-Intercoms_presentation_Dudek.pdf wget arbitrary command line execution with redirects https://blogs.securiteam.com/index.php/archives/2701

Change in patterns for the pseudoDarkleech Campaign https://isc.sans.edu/forums/diary/Change+in+patterns+for+the+pseudoDarkleech+campaign/21217/ Thinkpad SMS Arbitrary Code Execution Exploit https://github.com/Cr4sh/ThinkPwn SQLLite Temp File Vulnerability http://seclists.org/fulldisclosure/2016/Jul/0 AVG Publishes Mulit-Ransomware Decryption Tool http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/ Euro 2016 App Leaks User's Data http://wandera.com/downloads/Euro_Paper.pdf

Phishing Campaign with Blurred Images https://isc.sans.edu/forums/diary/Phishing+Campaign+with+Blurred+Images/21207/ FoxIT Patches PDF Reader Security Flaws https://www.foxitsoftware.com/support/security-bulletins.php#content-2016 Vulnerabilities in StartCom's API https://www.computest.nl/blog/startencrypt-considered-harmful-today/ Hummer Trojan Leads Android Malware http://www.cmcm.com/blog/en/security/2016-06-29/995.html

Critical Symantec AV Vulnerabilities http://googleprojectzero.blogspot.ca/2016/06/how-to-compromise-enterprise-endpoint.html Google "My Activity" https://myactivity.google.com/myactivity Hashcat/OCLHashcat 3.0 Released https://hashcat.net/forum/thread-5559.html Lenovo Thinkpad Firmware Reverse Analysis http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html Linux Privilege Escalation Vulnerabilities http://www.openwall.com/lists/oss-security/2016/06/24/5

Odd User-Agents https://isc.sans.edu/forums/diary/What+is+your+most+unusual+UserAgent/21203/ ZimbraCrypt Ransomware http://www.bleepingcomputer.com/news/security/zimbra-ransomware-written-in-python-targets-zimbra-mail-store/ Hard Drives Still Not Wiped Before Selling Them on EBay http://www2.blancco.com/en-rs-leftovers-a-data-recovery-study PhotoLogin Option For LogmeOnce https://www.logmeonce.com/photologin/