Tech News

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2020+Patch+Tuesday/26672/ Adobe Updates https://helpx.adobe.com/security/products/flash-player/apsb20-58.html

Nested .MSGs: Turtles All The Way Down https://isc.sans.edu/forums/diary/Nested+MSGs+Turtles+All+The+Way+Down/26668/ Microsoft Attempting To Take Down Trickbot C2 Infrastructure https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/ Google Chrome Cache Partitioning https://developers.google.com/web/updates/2020/10/http-cache-partitioning

Phishing Kits As Far As The Eye Can See https://isc.sans.edu/forums/diary/Phishing+kits+as+far+as+the+eye+can+see/26660/ Open Packaging Conventions https://isc.sans.edu/forums/diary/Open+Packaging+Conventions/26662/ Analyzing MSG Files https://isc.sans.edu/forums/diary/Analyzing+MSG+Files+With+pluginmsgsummary/26664/ Cisco Video Surveillance 8000 Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-rcedos-mAHR8vNx 55 New Apple Flaws https://samcurry.net/hacking-apple/

Hashicorp Vault Vulnerabilities https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html Ryuk Ransomware Writeup https://thedfirreport.com/2020/10/08/ryuks-return/ Ricky Tan: Zeek Log Reconnaissance with Netowrk Graphs Using Maltego Casefile https://www.sans.org/reading-room/whitepapers/securityanalytics/zeek-log-reconnaissance-network-graphs-maltego-casefile-39815

In Episode 198, Ben and Scott follow up on announcements from Microsoft Ignite, including Azure Resource Mover and SharePoint Syntex. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your email life easy even if you’re too busy to manage your inbox ShareGate - ShareGate's industry-leading products help IT professionals Read More

Today, Nobody is Going to Attack You https://isc.sans.edu/forums/diary/Today+Nobody+is+Going+to+Attack+You/26654/ Google Chrome Patches https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html Android Security Update https://source.android.com/security/bulletin/2020-10-01 QNAP Patches Helpdesk Application https://www.qnap.com/en/security-advisory/QSA-20-08 Comcast Remote Control Evesdropping https://www.guardicore.com/2020/10/wareztheremote-turning-remotes-into-listening-devices/

Apple T2 Chip Vulnerability https://ironpeak.be/blog/crouching-t2-hidden-danger/ NVIDIA Patches https://nvidia.custhelp.com/app/answers/detail/a_id/5075 Cloudflare DDoS Alerts https://blog.cloudflare.com/announcing-ddos-alerts/ Gravatar Privacy Issue https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/

Obfuscation and Repetition https://isc.sans.edu/forums/diary/Obfuscation+and+Repetition/26648/ Compromised UEFI Payload Found https://securelist.com/mosaicregressor/98849/ Privilege Escalation Flaw in All AntiVirus Products https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower Rapid7 SMTP "NICER" Report https://blog.rapid7.com/2020/10/02/nicer-protocol-deep-dive-internet-exposure-of-smtp/

Analysis of a Phishing Kit https://isc.sans.edu/forums/diary/Analysis+of+a+Phishing+Kit/26634/ Hoaxcalls Botnet Scanning for Huawei Home Gateway https://isc.sans.edu/forums/diary/Scanning+for+SOHO+Routers/26638/ SQL Server Cumulative Update 8 https://support.microsoft.com/en-us/help/4577194/cumulative-update-8-for-sql-server-2019 Telstra Accidentially Reroutes Proton Mail Traffic https://protonmail.com/blog/bgp-hijacking-september-2020/ "Raccine" Ransomware Vaccine https://github.com/Neo23x0/Raccine

Making Sensor of Azure AD Activity Logs https://isc.sans.edu/forums/diary/Making+sense+of+Azure+AD+AAD+activity+logs/26626/ IOCs Turning into IOOIs https://isc.sans.edu/forums/diary/IOCs+turning+into+IOOIs/26624/ Apple Security Patch Pulled https://mrmacintosh.com/mojave-2020-005-security-update-causing-major-problems-updated Have I Been EMOTET Service https://www.haveibeenemotet.com/

In Episode 197, Ben and Scott hop on a call with Dan Patrick (@deltadan) from Solliance to discuss the Surface Duo and where it sits in the Microsoft 365 ecosystem as a productivity device. YouTube Link - https://youtu.be/IoqID5L2aP0 Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your email life Read More

Scans for FPURL.xml: Reconnaissance or Not? https://isc.sans.edu/forums/diary/Scans+for+FPURLxml+Reconnaissance+or+Not/26622/ HP Device Manager Backdoor https://support.hp.com/us-en/document/c06921908 https://www.theregister.com/2020/09/30/hp_device_manager_backdoor_database_account/ KensingtonWorks RCE https://robertheaton.com/another-rce-in-kensingtonworks/

Managing Remote Access for Contractors and Partners https://isc.sans.edu/forums/diary/Managing+Remote+Access+for+Partners+Contractors/26614/#comments Updated Windows ZeroLogon Advisory https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc Cisco Patching Exploited DoS Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz FoxIT PDF Reader Update https://www.foxitsoftware.com/support/security-bulletins.html

Some Tyler Technologies Customers Targeted after Breach https://isc.sans.edu/forums/diary/Some+Tyler+Technologies+Customers+Targeted+with+The+Installation+of+a+Bomgar+Client/26610/ Obfuscated PowerShell Backdoor https://isc.sans.edu/forums/diary/PowerShell+Backdoor+Launched+from+a+ShellCode/26602/ QNAP Fixes AgeLocker Vulnerability in Photo Station https://www.qnap.com/de-de/security-advisory/qsa-20-06 TrendMicro Apex One Vulnerablity https://success.trendmicro.com/product-support/apex-one

Securing Exchange Online https://isc.sans.edu/forums/diary/Securing+Exchange+Online+Guest+Diary/26600/ Decoding Corrupt BASE64 https://isc.sans.edu/forums/diary/Decoding+Corrupt+BASE64+Strings/26606/ Fortinet VPN Default Setting Problem https://securingsam.com/breaching-the-fort/ Single Use Credit Cards Numbers https://www.helpnetsecurity.com/2020/09/25/privacy-cards/

Party in Ibiza with PowerShell https://isc.sans.edu/forums/diary/Party+in+Ibiza+with+PowerShell/26594/ Microsoft Tracking Zerologon Exploits https://twitter.com/MsftSecIntel/status/1308941504707063808 Apple Patches https://support.apple.com/en-us/HT201222 Instagram for Android Vulnerability https://blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/

In Episode 196, Ben and Scott talk about the announcements from Microsoft Ignite 2020 that impact Microsoft 365, Microsoft Teams, Microsoft Stream, Microsoft Seach, and Azure. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your email life easy even if you’re too busy to manage your inbox ShareGate - Read More

Dynamic Malicious Word Document https://isc.sans.edu/forums/diary/Malicious+Word+Document+with+Dynamic+Content/26590/ Old Versions of SAMBA Affected by ZeroLogon Vulnerability https://www.samba.org/samba/security/CVE-2020-1472.html Google Chrome Update https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html QNAP Devices hit by AgeLocker Ransomware https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/

Citrix ADC Udpates https://support.citrix.com/article/CTX281474 Firefox Version 81 Released https://www.mozilla.org/en-US/firefox/81.0/releasenotes/ Simple Scan Drops Ransomware Risk https://www.accesswire.com/607018/Corvus-Updates-Scan-Technology-with-RDP-Detection-Slashes-Ransomware-Claims-by-65 iOS 14 Jailbreak https://checkra.in/news/2020/09/iOS-14-announcement

Slightly Broken Overlay Phishing https://isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/ MacOS Code Injection via Third Party Frameworks https://www.trustedsec.com/blog/macos-injection-via-third-party-frameworks Snort/ClamAV Cobalt Strike Detection https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html#more