Tech News

VBA Macro With Multiple Command and Control Channels https://isc.sans.edu/forums/diary/Powershell+Bot+with+Multiple+C2+Protocols/26420/ Boothole Patch Causes Unbootable Systems https://access.redhat.com/solutions/5272311 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass#Recovery Disabling MacOS TCC https://objective-see.com/blog/blog_0x4C.html CISA Publishes Details about Chinese Malware https://us-cert.cisa.gov/ncas/current-activity/2020/08/03/chinese-malicious-cyber-activity

Pages Hit By Bad Bots https://isc.sans.edu/forums/diary/What+pages+do+bad+bots+look+for/26414/ KeePassRPC Vulnerablity https://forum.kee.pm/t/a-critical-security-update-for-keepassrpc-is-available/3040 QNAP Updates Malware Remover https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/ Android Phone Updates https://www.theregister.com/2020/07/31/nearly_a_third_of_secondhand/

Python Developers: Prepare! https://isc.sans.edu/forums/diary/Python+Developers+Prepare/26408/ Office 365 Phishing Hiding in Google Ads https://cofense.com/threat-actors-bypass-gateways-google-ad-redirects/ Zoom Brute Forcing Vulnerability https://www.tomanthony.co.uk/blog/zoom-security-exploit-crack-private-meeting-passwords/ Netgear Vulnerabilities https://www.kb.cert.org/vuls/id/576779 https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders OPNSense Update https://opnsense.org/opnsense-20-7/ Microsoft Retiring SHA1 https://techcommunity.microsoft.com/t5/windows-it-pro-blog/sha-1-windows-content-to-be-retired-august-3-2020/ba-p/1544373

In Episode 188, Ben and Scott discuss some of the latest announcements from Microsoft Inspire, including NFS support of Azure Blob Storage, the GA of Microsoft Lists, and the announcement of Microsoft Dataflex and Microsoft Dataflex Pro. Transcript Email Download New Tab - [Ben] Welcome to episode 188 of the Read More

Consumer VPNs: You May Be Fine Without It https://isc.sans.edu/forums/diary/Consumer+VPNs+You+May+Be+Fine+Without/26404/ Tails Update https://tails.boum.org/news/version_4.9/index.en.html Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/ Chrome Update https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html GRUB2 Vulnerability https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ Facial Recognition With Masks https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf

New Datafeeds https://isc.sans.edu/forums/diary/All+I+want+this+Tuesday+More+Data/26400/ Emotet Stealing Email Attachments https://twitter.com/CofenseLabs/status/1288167724594671618 Magento Update https://helpx.adobe.com/security/products/magento/apsb20-47.html Explosed Docker Servers Infected with More Malware https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/

In Memory of Donald Smith https://isc.sans.edu/forums/diary/In+Memory+of+Donald+Smith/26396/ Analyzing Metasploit ASP .Net Payloads https://isc.sans.edu/forums/diary/Analyzing+Metasploit+ASP+NET+Payloads/26392/ Emotet Payloads Replaces with GIFs https://twitter.com/GossiTheDog/status/1286271503005290497 QNAP Devices Attacked https://us-cert.cisa.gov/ncas/alerts/aa20-209a

Compromized Desktop Applications By Web Technologies https://isc.sans.edu/forums/diary/Compromized+Desktop+Applications+by+Web+Technologies/26384/ Cracking Maldoc VBA Project Passwords https://isc.sans.edu/forums/diary/Cracking+Maldoc+VBA+Project+Passwords/26390/ Cisco Patching Treck IP Stack Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC Ubiquity Devices Breack Due to Malformed Feed https://community.ui.com/questions/Threat-Management-rules-silently-disabled-for-users-as-of-July-17-2020/35221bd2-843d-41a3-a957-33f57d9a8468

Simple Blocklisting with MISP and pfSense https://isc.sans.edu/forums/diary/Simple+Blocklisting+with+MISP+pfSense/26380/ ISC Intel Feed (Beta. DO NOT USE AS BLOCKLIST) https://isc.sans.edu/api/intelfeed?json (also see isc.sans.edu/api ) ASUS RT-AC1900P Router Vulnerability https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440 DLink Leaks Firmware Encryption Key https://nstarke.github.io/0036-decrypting-dlink-proprietary-firmware-images.html Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86

In Episode 187, Ben and Scott discuss the newly announced preview for alternate login IDs in Azure Active Directory, enabling "sensitive by default" labels with DLP in SharePoint Online, and the GA of the new Microsoft Secure Score. Transcript Email Download New Tab - Welcome to Episode 187 of the Read More

A Few IoCs Releated to the F5 Vulnerablity CVE-2020-5092 https://isc.sans.edu/forums/diary/A+few+IoCs+related+to+CVE20205092/26378/ PDF Signature Weaknesses https://pdf-insecurity.org/ Sharepoint Vulnerabliity PoC CVE-2020-1147 https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html Twilio Compromise https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/

Comparing Covid19 Remote Services in Different Countries https://isc.sans.edu/forums/diary/Couple+of+interesting+Covid19+related+stats/26374/ Adobe Patches Photoshop https://helpx.adobe.com/security/products/bridge/apsb20-44.html https://helpx.adobe.com/security/products/photoshop/apsb20-45.html Citrix Workspace App Vulnerability https://www.pentestpartners.com/security-blog/raining-system-shells-with-citrix-workspace-app/ Microsoft Publishes Sysinternals Procmon for Linux https://github.com/microsoft/ProcMon-for-Linux

Sextortion Follow the Money Wrapup https://isc.sans.edu/forums/diary/Sextortion+Update+The+Final+Final+Chapter/26334/ "BadPower" USB-C Charger Firmware Weakness (link in chinese) https://xlab.tencent.com/cn/2020/07/16/badpower/ Zoom Phishing https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/ Microsoft Office TLS 1.x Phaseout https://docs.microsoft.com/en-us/microsoft-365/compliance/prepare-tls-1.2-in-office-365?view=o365-worldwide

#SigRed Update https://isc.sans.edu/forums/diary/Hunting+for+SigRed+Exploitation/26362/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/ Exploitation of ZeroShell Routers https://isc.sans.edu/forums/diary/Scanning+Activity+for+ZeroShell+Unauthenticated+Access/26368/ Zone.Identifier: A Coupe of Observations https://isc.sans.edu/forums/diary/ZoneIdentifier+A+Coupe+Of+Observations/26366/ Forgotten tcpdump Options https://showmethepackets.com/index.php/2020/07/18/a-few-forgotten-tcpdump-options/

Twitter Compromise https://twitter.com/TwitterSupport/status/1283591846464233474?s=20 SIGRed PoC hxxps://github.com/maxpl0it/CVE-2020-1350-DoS Apple Updates https://support.apple.com/en-us/HT201222 SAP PoC Exploit Code Published https://github.com/chipik/SAP_RECON https://us-cert.cisa.gov/ncas/alerts/aa20-195a SANS.edu Student: Aaron Elyard: KITT https://www.sans.org/reading-room/whitepapers/OpenSource/improving-analyst-efficiency-office365-business-email-compromise-investigation-scenarios-implementation-open-source-tools-39655 KITT: https://github.com/intrepidtechie/KITT-O365-Tool

In Episode 186, Ben and Scott talk through several scenarios around the use of Azure Synapse, Forms Recognizer, and Azure Cognitive Search. Transcript Email Download New Tab - Welcome to Episode 186 of the "Microsoft Cloud IT Pro Podcast," recorded live on July 9th, 2020. This is a show about Read More

MSFT DNS Server Vulnerability https://isc.sans.edu/forums/diary/PATCH+NOW+SIGRed+CVE20201350+Microsoft+DNS+Server+Vulnerability/26356/ https://www.sans.org/webcasts/about-windows-dns-vulnerability-cve-2020-1350-116120 Outlook Crashes After Patch Tuesday Updates https://www.reddit.com/r/sysadmin/comments/hrq0mn/outlook_immediately_crashing_on_open_after/fy5nnx2/ Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpujul2020.html Cisco Backdoors https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities

MSFT Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+July+2020+Patch+Tuesday+Patch+Now/26350/ Adobe Patches https://helpx.adobe.com/security.html

Purged VBA Code https://isc.sans.edu/forums/diary/Maldoc+VBA+Purging+Example/26342/ Password protected VBA Code https://isc.sans.edu/forums/diary/VBA+Project+Passwords/26346/ MacOS mount_apfs TCC Bypass https://theevilbit.github.io/posts/cve_2020_9771/

Excel Spreadsheet Macro Kicks Off Formbook Infection https://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/ Zoom Update Fixing Zoom on Windows 7 Vulnerability https://support.zoom.us/hc/en-us/articles/360046081271-New-updates-for-July-10-2020 DigiCert Replaces 50,000 EV Certificates https://knowledge.digicert.com/alerts/DigiCert-ICA-Replacement Microsoft Warns of OAUTH consent Phishing https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/