Tech News

In Episode 224, Ben and Scott go down a rabbit hole to explore Windows Hello for Business and passwordless authentication options in Windows. They also talk about how these features can be used to satisfy requirements for standards such as CMMC. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make Read More

WiFi IDS's and Private MAC Addresses https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/ Update on PHP Incident https://externals.io/message/113981 Details about Linux Kernel Bluetooth Vulnerabilities https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html LinkedIn Leak https://www.ehackingnews.com/2021/04/data-stolen-from-500-million-linkedin.html VMWare Carbon Black Cloud Workload Applicatnce Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0005.html Cisco SD-WAN vManage Software Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy

Malspam with Lokibot vs. Outlook and RFCs https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/ SAP Attacks https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications QNAP Upates Older EOL Devices https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322 GIGASET Android Phones Infected by Compromised Update Server https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html

LinkedIn Spear-Phishing Campaign Targets Job Hunters https://threatpost.com/linkedin-spear-phishing-job-hunters/165240/ Malicious Text Files (CVE-2019-8761) https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html Rust Privacy Concerns https://www.bleepingcomputer.com/news/security/most-loved-programming-language-rust-sparks-privacy-concerns/

C2 Activity: Sandboxes or Real Victims https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/ Exploitation of Fortinet FortiOS Vulnerabilities https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios https://www.ic3.gov/Media/News/2021/210402.pdf GitHub Actions Used to Mine Crypto https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/ Large Facebook Leak https://thehackernews.com/2021/04/533-million-facebook-users-phone.html

April 2021 Forensic Quiz https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/ Coinhive Domains Used to Warn Victims https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Detecting Attacker's BITS Utility Use https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html Kansas Man Indicted For Tampering With Public Water System https://www.justice.gov/usao-ks/pr/indictment-kansas-man-indicted-tampering-public-water-system Older QNAP Devices Vulnerable And No Longer Patched https://securingsam.com/new-vulnerabilities-allow-complete-takeover/

In Episode 223, Ben and Scott sit down with Laurent St-Pierre from ShareGate to discuss the release of their report State of Microsoft 365: Migration, Modernization, and Security in 2021. You can learn more about ShareGate at and connect with Laurent on LinkedIn and follow him on Twitter. Sponsors Sperry Read More

Quick Analysis of a Modular InfoStealer https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/ Google Chrome Update / DoH on Linux https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html https://docs.google.com/document/d/1zAdSK393IznaLKQ0ItOmwLBy59fIq9ydxBRJQX-2ntQ/edit# Chinese Tax Authority Facial Recognition System Fooled https://www.scmp.com/tech/tech-trends/article/3127645/chinese-government-run-facial-recognition-system-hacked-tax

Old TLS Versions: Gone but not Forgotten https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/ Perl Netmask Vulnerability https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2021-0004.html Pre-P0wned Docker Containers https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/

Jumping Into Shellcode https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/ PHP git repo compromised https://news-web.php.net/php.internals/113838 npm "netmask" package vulnerability https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/

In Episode 222, Ben and Scott talk about considerations for upping your presentation game with a teleprompter and Teams and then spend some time talking through the latest Azure Active Directory outage and considerations for customers when Azure AD is unavailable. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make Read More

A Simple Python Keylogger https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/ New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/ Zoom Screen Sharing Leak https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt MyBB Remote Code Execution https://blog.mybb.com/2021/03/10/mybb-1-8-26-released-security-release/

In Episode 221, Ben and Scott talk about Ben's new M1 Mac Mini, the general availability of Routing Preference, and the introduction of Azure Trusted launch which brings support for vTPMs, trusted boot, and virtualization-based security (VBS). Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your email life easy Read More

"American Rescue Plan" Used as Theme in Phishing Lures Dropping Dridex https://cofense.com/blog/american-rescue-plan-phish/ Apple May Split Security Updates from Other Updates https://9to5mac.com/2021/03/15/ios-security-fixes-could-soon-be-delivered-separately-from-other-updates-beta-code-suggests/ Polyglot Images on Twitter https://twitter.com/David3141593/status/1371978592679309315 Magento 2 PHP Credit Card Skimmer Saves to JPG https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html

One-Click Microsoft Exchange On-Premises Mitigation Tool https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/ Microsoft Explains Authentication Issues with Azure Active Directory https://www.documentcloud.org/documents/20515443-authentication-errors-across-multiple-microsoft-services-tracking-id-ln01-p8z JavaScript Less Side-Channel Exploits https://arxiv.org/abs/2103.04952

NimzaLoader Malware Written in "nim" https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware Windows 10 Emergency Update to Fix Printing Crashes https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/ Windows Azure AD Outage https://status.azure.com/status IBM DB2 Patch https://www.ibm.com/support/pages/node/6427855

Wireshark Code Execution Exploit https://gitlab.com/wireshark/wireshark/-/issues/17232 Google Chrome Vulnerability Exploited in the Wild https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193 Malware Installs Honeypot https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/ Twitter "Memphis" Bug https://www.bleepingcomputer.com/news/technology/twitter-bug-automatically-suspends-you-when-tweeting-memphis/

Pichktochart - Phishing with Infographics https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/ ProxyLogon Public PoC https://www.praetorian.com/blog/reproducing-proxylogon-exploit/ Windows 10 Crashes After March 10th Updates https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/ DNS Vulnerability Updates https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dynamic-updates/ Rob Upchurch: Preventing Windows 10 SMHNR DNS Leakage https://www.sans.org/reading-room/whitepapers/dns/preventing-windows-10-smhnr-dns-leakage-40165

In Episode 220, Ben and Scott talk through follow-up post-Microsoft Ignite, some ways you can track changes to the governance plane of Azure using AzAdvertizer, and a new tool for tracking documentation changes in docs.microsoft.com with Docs Update Tracker. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your email Read More

SharpRDP - PSExec with PSExec, PSRemoting without PowerShell https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/ F5 Critical Vulnerabilities https://support.f5.com/csp/article/K02566623 Netgear Updates https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ Linux Foundation sigstore https://sigstore.dev