Tech News

AgentTesla Dropped Through Automatic Click in Microsoft Help File https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/ Telegram used to Defraud Delivery Serivces https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/ Singtel Suffers Zero-DAy Cyberattack https://threatpost.com/singtel-zero-day-cyberattack/163938/ Vulnerabilities in Mobile Health Apps https://approov.io/download/all-that-we-let-in_hacking-mhealth-apps-and-apis.pdf Bloomberg Supermicro Story https://www.bloomberg.com/features/2021-supermicro/ https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/

Agent Tesla Hidden in Historical Anti-Malware Tool https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/ McAfee Total Protection Vulnerabilities https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx Intel Patches https://blogs.intel.com/technology/2021/02/ipas-security-advisories-for-february-2021 Discord Used to Distribute Malware https://www.zscaler.com/blogs/security-research/discord-cdn-popular-choice-hosting-malicious-payloads

In Episode 216, Ben and Scott talk through the latest news and events, including the announcement of Microsoft Viva, an overview of the IT Ops Talk All Things Hybrid event, and improvements coming to Azure AD. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your email life easy even Read More

Phishing Message to the ISC Handlers E-Mail Distro https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/ Google Phishing Statistics https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams Adobe Security Updates https://helpx.adobe.com/security/products/acrobat/apsb21-09.html Apple Sudo Patch https://support.apple.com/en-us/HT212177 Number:Jack ISN Generation Weaknesses https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/ https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/ Dependency Confusion https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf

Tshark and Malware Analysis https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/ Barcode Scanner Going Bad https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/ Morse Code Obfuscation https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/ Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/ Water Treatment Facility Compromised https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-to-poison-supply-sheriff-says-idUSKBN2A82FV

VBA Macro Trying to Alter the Application Menus https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/ The Great Suspender Going Malicious https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/ https://github.com/greatsuspender/thegreatsuspender/issues/1263 Google Chrome Zero Day https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html Plex Media SSDP Amplication DDoS https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack

Abusing Google Chrome Extension Syncing For Data Exfiltration and C&C https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/ Microsoft Defender ATP Google Chrome False Positive https://twitter.com/itquartz/status/1356940218138509312 Social Engineering Attacks against Security Researchers Used IE 0 day https://enki.co.kr/blog/2021/02/04/ie_0day.html# https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/

In Episode 215, Ben and Scott discuss preview features coming to Azure Storage for configuring resource-specific instance access through the service level firewall. After that, it is on to Logic Apps Preview and the new runtime based on Azure Functions. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your Read More

Excel Spreadsheets Push SystemBC Malware https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/ SolarWinds Vulnerability https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28389 SolarWinds SANS Lightning Summit https://www.sans.org/webcasts/solarwinds-lightning-summit-118550 SonicWall Patch https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/ Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x Realtek RTL8195A Wi-Fi Module Vulnerability https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered

New Example of XSL Script Processing aka "Mitre T1220" https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/ Camerfirma Certificate Authority Revocation https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw Kobalos HPC Linux Malware https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/ Agent Tesla Overwries Windows AMSI https://threatpost.com/agent-tesla-microsoft-asmi/163581/

MacOS 11.2 Update https://support.apple.com/en-us/HT212147 Objective-See Tools Now Open Sources https://twitter.com/patrickwardle/status/1356149073045143553 iMessage Blastdoor https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html SonicWall Update https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/

Perl.com Domain Hijacked https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html Spamcop Domain Expired https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/ libgcrypt vulnerability https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html Fingerprinting QUIC https://arxiv.org/pdf/2101.11871.pdf

New Cryptojacking Malware https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/ SlipStreaming https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/ Shadowsocks https://shadowsocks.org/en/index.html

In Episode 214, Ben and Scott highlight some resources to help you administer your Microsoft 365 tenant, a new set of videos for ISVs to learn more about Azure Governance, and the release of the Microsoft Lists app on iOS. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your Read More

Emotet vs. Windows Attack Surface Reduction https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/ Go Lang Vulnerability https://blog.golang.org/path-security Azure Docker Escape https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/

Critical sudo Vulnerability https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit Quakbot (QBot) Update https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/ Targeting Security Researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ Apple Updates iOS, iPad, tvOS, watchOS, Xcode and iCloud for Windows https://support.apple.com/en-us/HT201222

Fun With nmap nse Scripts and DoH (DNS over HTTPS) https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/ Malicious NPM Module Stealing Discord Passwords https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains Mitigating the $I30 Bug https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/ https://github.com/OSRDrivers/i30Flt ProtonVPN BSOD https://protonstatus.com/incidents/124

Another File Extension to Block: JNLP https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/ SonicWall Vulnerability Used to Breach SonicWall https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/ iObit Forum Breached / Used for Ransomware Distribution https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/

Powershell Ropping REvil Ransomware https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/ SAP Exploit Circulating https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujan2021.html RDP Used for DDoS https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010