Tech News

ISC StormCast for Monday, September 21st 2020 September 20, 2020

A Mix of Python and VBA in a Malicious Word Document https://isc.sans.edu/forums/diary/A+Mix+of+Python+VBA+in+a+Malicious+Word+Document/26578/ Salesforce Phish https://isc.sans.edu/forums/diary/Analysis+of+a+Salesforce+Phishing+Emails/26582/ Google App Engine Used in Phishing Attacks https://medium.com/@marcelx/attackers-are-abusing-googles-app-engine-to-circumvent-enterprise-security-solutions-again-eda8345d531d Sysmon Adds Clipboard Monitoring https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon Windows Defender No Longer Able to Download Files https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-defender-ability-after-security-concerns/

ISC StormCast for Friday, September 18th 2020 September 17, 2020

OSSEC Active Response https://isc.sans.edu/forums/diary/Suspicious+Endpoint+Containment+with+OSSEC/26576/ Microsoft Patch for Office for Mac https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac VMWare Fusion Vulnerablity https://www.vmware.com/security/advisories/VMSA-2020-0020.html NSA Secure Boot Configuration Guide https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF Microsoft Edge Warns Users of Adobe Flash End of Support https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/

Episode 195 – New Conversation Button in Microsoft Teams?!? September 17, 2020

In Episode 195, Ben and Scott talk about the "Conversation Button" that has (finally) come to Microsoft Teams and some things to think about in the lead up to Microsoft Ignite. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your email life easy even if you’re too busy to Read More

ISC StormCast for Thursday, September 17th 2020 September 16, 2020

Most Recent "Mirai" Bot Includes Code to Target Backups https://isc.sans.edu/forums/diary/Do+Vulnerabilities+Ever+Get+Old+Recent+Mirai+Variant+Scanning+for+20+Year+Old+Amanda+Version/26572/ Apple Security Updates https://support.apple.com/en-us/HT201222

ISC StormCast for Wednesday, September 16th 2020 September 15, 2020

Traffic Analysis Quiz: Oh No... Another Infection https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Oh+No+Another+Infection/26566/ Magento 1 Stores Targeted By Recent Attack https://sansec.io/research/largest-magento-hack-to-date Adobe Media Encoder Patch https://helpx.adobe.com/security/products/media-encoder/apsb20-57.html Zerologin Reminder https://www.secura.com/pathtoimg.php?id=2055 Windows "Finger" Utility Abused http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt

ISC StormCast for Tuesday, September 15th 2020 September 14, 2020

Not Everything About ".well-known" is Well Known https://isc.sans.edu/forums/diary/Not+Everything+About+wellknown+is+Well+Known/26564/ BLE Lock Vulnerable to Replay Attack https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/ Mobile Iron Exploit Released https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html

ISC StormCast for Monday, September 14th 2020 September 13, 2020

Pillaging and Protecting the Clipboard https://isc.sans.edu/forums/diary/Whats+in+Your+Clipboard+Pillaging+and+Protecting+the+Clipboard/26556/ Critical Vulnerability in PANOS https://security.paloaltonetworks.com/CVE-2020-2040 Linux VoIP Softswitch Malware https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/ CVE-2020-1472 Zerologon Privilege Escalation Vulnerability https://www.secura.com/blog/zero-logon

ISC StormCast for Friday, September 11th 2020 September 10, 2020

Recent Dridex Activity https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/ Zoom Bombings and Zoom 2FA https://arxiv.org/abs/2009.03822 https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication/ AMD Server CPUs May Be Locked to Particular Motherboard https://www.servethehome.com/amd-psb-vendor-locks-epyc-cpus-for-enhanced-security-at-a-cost/ BLURtooth Vulnerability https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/

Episode 194 – Microsoft Lists GAs in Microsoft Teams September 10, 2020

In Episode 194, Ben and Scott dive into the recent announcement of the GA of Microsoft Lists in Microsoft Teams. Transcript Email Download New Tab - Welcome to episode 194 of the Microsoft cloud It pro podcast, recorded live September 4th, 2020. This, is a show about Microsoft 365 and Read More

ISC StormCast for Thursday, September 10th 2020 September 09, 2020

MacOS 11 Network Traffic https://isc.sans.edu/forums/diary/A+First+Look+at+macOS+11+Big+Sur+Network+Traffic+New+Now+with+more+GREASE/26548/ Azure Offers Automatic Windows VM Patching https://azure.microsoft.com/en-us/updates/automatic-vm-guest-patching-now-in-preview/ WeaveScope Used to Attack Docker Infrastructure https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/

ISC StormCast for Wednesday, September 9th 2020 September 08, 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2020+Patch+Tuesday/26544/ Adobe Security Bulletins https://helpx.adobe.com/security.html Intel Patches https://www.intel.com/content/www/us/en/security-center/default.html

ISC StormCast for Tuesday, September 8th 2020 September 07, 2020

A Blast From The Past: XXEncoded VB 6.0 Trojan https://isc.sans.edu/forums/diary/A+blast+from+the+past+XXEncoded+VB60+Trojan/26538/ Office: About OLE and ZIP Files https://isc.sans.edu/forums/diary/Office+About+OLE+and+ZIP+Files/26540/ Go XSS Vulnerability https://seclists.org/fulldisclosure/2020/Sep/5 "Baka" JavaScript Skimmer https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf

ISC StormCast for Friday, September 4th 2020 September 03, 2020

Sandbox Evasion Using NTP https://isc.sans.edu/forums/diary/Sandbox+Evasion+Using+NTP/26534/ Android DNS over HTTPS https://blog.chromium.org/2020/09/a-safer-and-more-private-browsing.html Cisco Jabber Vulnerability Fullowup https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/

Episode 193 – Organize All The Things With Project Moca September 03, 2020

In Episode 193, Ben and Scott talk about how to protect your organization with Exchange Online transport rules and prevent the forwarding of messages from other applications like Power Automate. They also talk about Project Moca and how it can be used to organize your personal information through Outlook on Read More

ISC StormCast for Thursday, September 3rd 2020 September 02, 2020

Python and Risky Windows API Calls https://isc.sans.edu/forums/diary/Python+and+Risky+Windows+API+Calls/26530/ QNAP Updates https://www.qnap.com/en/release-notes/qts/4.3.6.1411/20200825 https://www.qnap.com/en/release-notes/qts/4.4.3.1400/20200817 iOS 13.7 Update https://support.apple.com/en-us/HT201222 Cisco Jabber Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg MoFi Router Vulnerabilities https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/

ISC StormCast for Wednesday, September 2nd 2020 September 01, 2020

Exposed Domain Controllers Used in DDoS Attacks https://isc.sans.edu/forums/diary/Exposed+Windows+Domain+Controllers+Used+in+CLDAP+DDoS+Attacks/26526/ Microsoft Reviving SHA-1 https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-85/ba-p/1618585 Trend Micro Updating Anti Malware Products https://success.trendmicro.com/solution/000263632 Public Voter Data Sold as "Breach" https://www.cyberscoop.com/russia-hack-michigan-voter-data-kommersant/

ISC StormCast for Tuesday, September 1st 2020 August 31, 2020

Finding The Original Maldoc https://isc.sans.edu/forums/diary/Finding+The+Original+Maldoc/26520/ Slack Remote Code Execution https://hackerone.com/reports/783877 Apple Approved Malware https://objective-see.com/blog/blog_0x4E.html Cisco IOS XR Bug Exploited https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz

ISC StormCast for Monday, August 31st 2020 August 30, 2020

CenturyLink Outage https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/ New Zealand Stock Market Denial of Service Attack https://www.theregister.com/2020/08/27/nzx_ddos_third_day/ Pulse Connect Secure RCE Patch https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/

ISC StormCast for Friday, August 28th 2020 August 27, 2020

A Reminder about Security.txt https://isc.sans.edu/forums/diary/Securitytxt+one+small+file+for+an+admin+one+giant+help+to+a+security+researcher/26510/ DNS Queries to Root Name Servers https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/ https://www.zdnet.com/article/chromium-dns-hijacking-detection-accused-of-being-around-half-of-all-root-queries/ Microsoft Extends Windows 10 1803 Deadline https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet LemonDuck Adding New Tricks https://news.sophos.com/en-us/2020/08/25/lemon_duck-cryptominer-targets-cloud-apps-linux/

Episode 192 – SkyNet Is Real August 27, 2020

In Episode 192, Ben and Scott talk about the deprecation of Internet Explorer, the impacts of Cloud Shell being open-sourced, and a new button Microsoft Teams for starting new conversations. Transcript Email Download New Tab - Welcome to episode 192 of the Microsoft Cloud IT Pro Podcast, recorded live, August Read More

Older Entries Newer Entries