Tech News

ISC StormCast for Thursday, August 27th 2020 August 26, 2020

Malicious Excel Sheet with a NULL VT Score https://isc.sans.edu/forums/diary/Malicious+Excel+Sheet+with+a+NULL+VT+Score/26506/ APT Attack Uses Autodesk Plugin https://www.bitdefender.com/files/News/CaseStudies/study/365/Bitdefender-PR-Whitepaper-APTHackers-creat4740-en-EN-GenericUse.pdf Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/ Arrest in Insider Attack https://www.justice.gov/opa/press-release/file/1308766/download

ISC StormCast for Wednesday, August 26th 2020 August 25, 2020

Keep an Eye on LOLBins https://isc.sans.edu/forums/diary/Keep+An+Eye+on+LOLBins/26502/ Malicious iOS Adnetwork SDK https://snyk.io/research/sour-mint-malicious-sdk/ Apache Update https://httpd.apache.org/security/vulnerabilities_24.html Google Chrome User-Agent Client Hints https://web.dev/user-agent-client-hints/

ISC StormCast for Tuesday, August 25th 2020 August 24, 2020

Tracking a Malware Campaign Through VT https://isc.sans.edu/forums/diary/Tracking+A+Malware+Campaign+Through+VT/26498/ Zoom Outage https://www.cnn.com/2020/08/24/us/zoom-outage-worldwide-trnd/index.html RDP Remains a Top Target https://www.group-ib.com/media/iran-cybercriminals/?utm_source=bleeping_computer&utm_medium=article&utm_campaign=referral Microsoft Introduces Application Guard https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide Safari File Sharing Bug https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html

ISC StormCast for Monday, August 24th 2020 August 23, 2020

A Word of Caution: Helping Cyber Stalking Victims https://isc.sans.edu/forums/diary/A+Word+of+Caution+Helping+Out+People+Being+Stalked+Online/26422/ RDP and Telnet Scans https://isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/ Thales Cinterion Input Validation Vulnerability https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/resources/security-updates-cinterion-iot-modules Google Drive File Extension Spoofing https://thehackernews.com/2020/08/google-drive-file-versions.html

ISC StormCast for Friday, August 21st 2020 August 20, 2020

Office 365 Mail Forwarding Rules (and other Mail Rules too) https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/ Spoofing GMail/GSuite Customers https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/ Microsoft Updates DisableAntiSpyware Registry Key https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware Acoustic Based Physical Key Inference https://www.comp.nus.edu.sg/~junhan/papers/SpiKey_HotMobile20_CamReady.pdf

Episode 191 – Fortnite, Foldables, and Azure AD, Oh My! August 20, 2020

In Episode 191, Ben and Scott get distracted and talk about how good Fortnite is when lawsuits are involved, new exciting world of foldables with the Surface Duo, and the preview of Azure AD role-assignments to cloud-based Azure AD groups. Transcript Email Download New Tab - Welcome to episode 191 Read More

ISC StormCast for Thursday, August 20th 2020 August 19, 2020

Example of a Word Document Delivering Qakbot https://isc.sans.edu/forums/diary/Example+of+Word+Document+Delivering+Qakbot/26482/ PGP/SMime Implementation Weaknesses https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf Windows 8.1 / 2012 Special Patch https://support.microsoft.com/en-us/help/4578013/security-update-for-windows-8-1-rt-8-1-and-server-2012-r2 Fileless Cryptomining Worm https://www.helpnetsecurity.com/2020/08/19/fileless-worm-p2p-botnet/

ISC StormCast for Wednesday, August 19th 2020 August 18, 2020

Using APIs to Track Attackers https://isc.sans.edu/forums/diary/Using+APIs+to+Track+Attackers/26472/ Jenkins Security Advisory https://www.jenkins.io/security/advisory/2020-08-17/ Chrome Will Warn of Insecure Forms https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html Reminder: September 1st Certificate Expiration Change https://www.ssl.com/blogs/398-day-browser-limit-for-ssl-tls-certificates-begins-september-1-2020/ Cryptojacking Worm Steals AWS Credentials https://www.helpnetsecurity.com/2020/08/18/worm-steals-aws-credentials/

ISC StormCast for Tuesday, August 18th 2020 August 17, 2020

Apache Struts Patch and PoC Exploit https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability https://cwiki.apache.org/confluence/display/WW/S2-059 Emotet Bug Used to Inoculate Systems https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/

ISC StormCast for Monday, August 17th 2020 August 16, 2020

SANS Data Incident 2020 - Indicators of Compromise https://www.sans.org/blog/sans-data-incident-2020-indicators-of-compromise/ Large File Used to Obfuscate Malware https://isc.sans.edu/forums/diary/Definition+of+overkill+using+130+MB+executable+to+hide+24+kB+malware/26464/ Mac Malware Spreading via XCode https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf Citrix Broker Service Detected as Trojan by Windows Defender https://support.citrix.com/article/CTX279897

ISC StormCast for Friday, August 14th 2020 August 13, 2020

Decrypting Voice over LTE Calls https://revolte-attack.net/ Vulnerabilities found on Amazon's Alexa https://research.checkpoint.com/2020/amazons-alexa-hacked/ DROVORUB Russian GRU Linux Malware https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF

Episode 190 – Sometimes The Waveforms Lie August 13, 2020

In Episode 190, Ben and Scott talk about the difficulties of naming human genes when Excel gets in the way, improvements coming to the automatic cleanup of deployment history within Azure Resource Manager, and the automatic enablement of App Lock in the Microsoft Authenticator app. Transcript Email Download New Tab Read More

ISC StormCast for Thursday, August 13th 2020 August 12, 2020

To the Brim at the Gates of Mordor https://isc.sans.edu/forums/diary/To+the+Brim+at+the+Gates+of+Mordor+Pt+1/26456/ Large Group of Malicious Tor Exit Nodes https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 Intel Updates https://www.intel.com/content/www/us/en/security-center/default.html SANS Data Incident https://www.sans.org/dataincident2020

ISC StormCast for Wednesday, August 12th 2020 August 11, 2020

vBulletin 0-Day Exploit https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/ Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2020+Patch+Tuesday/26452/ Adobe Patches https://helpx.adobe.com/security.html Citrix End Point Management Updates https://www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/

ISC StormCast for Tuesday, August 11th 2020 August 10, 2020

Small Challenge: A Simple Word Maldoc (Solution) https://isc.sans.edu/forums/diary/Small+Challenge+A+Simple+Word+Maldoc+Part+2/26444/ Scoping Web Application Pentests https://isc.sans.edu/forums/diary/Scoping+web+application+and+web+service+penetration+tests/26448/ Problems With Chrome Extensions https://adguard.com/en/blog/fake-ad-blockers-part-3.html PDF Test Suite https://github.com/RUB-NDS/PDF101 https://raw.githubusercontent.com/RUB-NDS/PDF101/master/eval.png Teamviewer Update https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/m-p/99129

ISC StormCast for Monday, August 10th 2020 August 09, 2020

Scanning Activity Against WIFICAM Using Netcat https://isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/ Qualcom Snapdragon Vulnerabilities https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/ China Blocking TLS 1.3 and ESNI https://gfw.report/blog/gfw_esni_blocking/en/

ISC StormCast for Friday, August 7th 2020 August 06, 2020

FTCode Ransomware Resurfaces https://isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434/ Microsoft Anti-Malware Flaging Host File Manipulation https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/ Reviving older printer vulnerablity https://www.blackhat.com/us-20/briefings/schedule/#a-decade-after-stuxnets-printer-vulnerability-printing-is-still-the-stairway-to-heaven-19685

Episode 189 – Teams Client Updates August 06, 2020

In Episode 189, Ben and Scott discuss some of the enhancements to the Microsoft Teams client on desktop and mobile with the public rollout of pop out meetings and chats as well as the Tasks app in Teams for task management across Planner, To Do, and Outlook/Exchange Online mailboxes. Transcript Read More

ISC StormCast for Thursday, August 6th 2020 August 05, 2020

Malware Analysis Quiz https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Whats+the+Malware+From+This+Infection/26430/ Exploiting CVE-2020-9854 on MacOS https://objective-see.com/blog/blog_0x4D.html iOS OAuth2 Vulnerablity https://www.computest.nl/en/knowledge-platform/blog/vulnerability-new-touchid-feature-iCloud-accounts-at-risk-breached/ Limiting Location Data Exposure https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF

ISC StormCast for Wednesday, August 5th 2020 August 04, 2020

A Reminder to Patch CVE-2020-3452. Active Exploitation Seen https://isc.sans.edu/forums/diary/Reminder+Patch+Cisco+ASA+FTD+Devices+CVE20203452+Exploitation+Continues/26426/ Internet Choke Points: Concentration of Authoritative Name Servers https://isc.sans.edu/forums/diary/Internet+Choke+Points+Concentration+of+Authoritative+Name+Servers/26428/ August Android Patches Released https://source.android.com/security/bulletin/2020-08-01 Possible New iOS Jailbreak Affecting Secure Enclave https://twitter.com/SparkZheng/status/1286599007834271744

Older Entries Newer Entries