Sextortion to the Next Level https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/ TMobile Outage Due to Configuration Error https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/ Vulnerability Analysis of 2500 Docker Hub Images https://arxiv.org/pdf/2006.02932.pdf Track IP Stack Contains Multiple Vulnerabilities https://www.kb.cert.org/vuls/id/257161
HTML Based Phishing Run https://isc.sans.edu/forums/diary/HTML+based+Phishing+Run/26242/ Major T-Mobile Outage (may affect other carriers as well) https://twitter.com/NevilleRay/status/1272650750665953280 https://status.duo.com/incidents/txv7kq6tr0h8 Vulnerabilities in LTE and 5G Networks https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf SANSFIRE Handler Talks Xavier Mertens: https://www.sans.org/webcasts/sansatmic-walk-logs-hell-115420 Bojan Zdrnja: https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerHTML Phishing
Anti-Debugging JavaScript Techniques https://isc.sans.edu/forums/diary/AntiDebugging+JavaScript+Techniques/26228/ Facebook Messenger Desktop App Vulnerability https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/ Outlook Massmailing Macros https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/ STI Student Research: Dennis Taggard; Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative? Paper: https://www.sans.org/reading-room/whitepapers/cloud/ebb-flow-network-flow-logging-staple-public-cloud-visibility-waning-imperative-39580 Video: https://youtu.be/faoFx7Q3_aM
In Episode 181, Ben and Scott go deeper into Azure Sentinel, discussing considerations for the design and segmentation of your Sentinel workspaces. Transcript Email Download New Tab - [Ben] Welcome to episode 181 of the Microsoft Cloud IT pro podcast recorded live on June 5, 2020. This is a show Read More
Microsoft Patch Day https://isc.sans.edu/forums/diary/Microsoft+June+2020+Patch+Tuesday/26220/ SMBleed https://github.com/ZecOps/CVE-2020-1206-POC Adobe Patches https://helpx.adobe.com/security.html Intel Patch Day https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/?linkId=100000012832617
Anti-Debugging Technique Based on Memory Protection https://isc.sans.edu/forums/diary/AntiDebugging+Technique+based+on+Memory+Protection/26200/ Suspending Suspicious Domain Feed/Update to Researcher IP Feed https://isc.sans.edu/forums/diary/Suspending+Suspicious+Domain+Feed+Update+to+Researcher+IP+Feed/26204/ Bank Transaction Comments Used for Abusive Messages https://www.theregister.com/2020/06/04/commonwealth_bank_bans_indecent_transaction_descriptions/ Android Security Bulletin https://source.android.com/security/bulletin/2020-06-01 Android Wallpaper Crash https://www.androidauthority.com/android-wallpaper-crash-1124577/ STI Research Paper: Janusz Pazgier; Efficacy of UNIX HIDS https://www.sans.org/reading-room/whitepapers/detection/efficacy-unix-hids-39565
In Episode 180, Ben and Scott talk through a recent experience Scott had when working with service principals in Azure AD for use with Azure Kubernetes Service. They also get into some of the fun that can be had with parsing JSON from the command line with jq and JMESPath. Read More
Type 2 Strackstrings https://isc.sans.edu/forums/diary/Stackstrings+type+2/26192/ More Details About AddTrust External CA Root Expiration https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration VMWare Cloud Director Vulnerability and Exploit https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/
Apple Patches Unc0ver https://support.apple.com/en-us/HT201222 Office 365 Adds Details About Malicious E-Mail Attachments https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=64570 Impact of Research on Our Data https://isc.sans.edu/forums/diary/The+Impact+of+Researchers+on+Our+Data/26182/
Sectigo AddTrust CA Expired https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 Critical Sign In With Apple Flaw https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/ DABANGG: Refined Flush Based Cache Attacks https://www.cse.iitk.ac.in/users/biswap/DABANGG.pdf New Website Explaining FIDO https://loginwithfido.com/
USBFuzz Finds Numerous USB Flaws https://www.nebelwelt.net/files/20SEC3.pdf Cisco Products Vulnerable to Saltstack Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG Another Nail in the Coffin for SHA-1 https://eprint.iacr.org/2020/014.pdf STI Student: Andy Piazza; Qualifying Threat Actor Assessments https://www.sans.org/reading-room/whitepapers/threatintelligence/paper/39585
In Episode 179, Ben and Scott discuss some of their favorite announcements from Microsoft Build 2020 including Azure Static Web Apps, Microsoft Lists, improvements to Teams, and more! Transcript Email Download New Tab - [Ben] Welcome to Episode 179 of the Microsoft Cloud IT Pro Podcast recorded live on May Read More
Phishing With Google Cloud https://isc.sans.edu/forums/diary/Frankensteins+phishing+using+Google+Cloud+Storage/26174/ Trend Micro AntiVirus Blocked by Microsoft https://billdemirkapi.me/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/ Netgear Nighthawk Firmware Update Vulnerability https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/
Where is SHA3 https://isc.sans.edu/forums/diary/Seriously+SHA3+where+art+thou/26170/ Apple Updates https://support.apple.com/en-us/HT201222 Google ZDI Releases Details Regarding Unpatched Windows Vulnerabilities https://www.zerodayinitiative.com/advisories/ZDI-20-666/ https://www.zerodayinitiative.com/advisories/ZDI-20-665/ https://www.zerodayinitiative.com/advisories/ZDI-20-663/ https://www.zerodayinitiative.com/advisories/ZDI-20-662/ https://www.zerodayinitiative.com/advisories/ZDI-20-664/ Research into Phish Detection https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c3986af5
