Tech News

ROSTELECOM Reroutes Traffic for Multiple Cloud Providers https://twitter.com/bgpmon/status/1246842916502302723 https://bgpstream.com/event/230837 Vuln Cost Security Scanner for VS Code https://snyk.io/security-scanner-vuln-cost/ Microsoft Exchange Server Vulnerability still not Patched https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/ Fake Zoom Installer https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/

New Bypass Technique or Corrupt Word Document https://isc.sans.edu/forums/diary/New+Bypass+Technique+or+Corrupt+Word+Document/25984/ CitizenLab Analyzes Zoom Encryption https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/ https://www.sans.org/webcasts/zomg-its-zoom-114670 Mozilla Patches Critical Firefox Flaws https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/ Malicious JavaScript injected into Discord https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/

Twitter Cache Bug in Firefox https://privacy.twitter.com/en/blog/2020/data-cache-firefox MS-SQL Server Attack https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/ More Zoom Vulnerabilities https://objective-see.com/blog/blog_0x56.html Covid-19 Economic Impact Payments Scams https://www.justice.gov/usao-edky/press-release/file/1265371/download Safari Camera Access Bug https://www.ryanpickren.com/webcam-hacking-overview

In Episode 171, Ben and Scott are joined by Sarah Lean, Microsoft Cloud Advocate, to talk about working from home and some ways to adapt to remote presentations. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your email life easy even if you’re too busy to manage your inbox Read More

Quakbot Malspam Sent From an Infected Windows Host https://isc.sans.edu/forums/diary/Qakbot+malspam+sent+from+an+infected+Windows+host/25972/ TPOT Cowrie to ISC Logs https://isc.sans.edu/forums/diary/TPOTs+Cowrie+to+ISC+Logs/25976/ SSH Issues After MacOS Update https://feed.tyler.io/so-uh-i-think-catalina-10154-broke-ssh/ Cloudflare DNS For Families https://blog.cloudflare.com/introducing-1-1-1-1-for-families/ Zoom Leaks Windows Password Hashes via UNC Links https://twitter.com/hackerfantastic/status/1245133371262619654

Kwampirs Update https://isc.sans.edu/forums/diary/Kwampirs+Targeted+Attacks+Involving+Healthcare+Sector/25968/ Exposed RDP https://blog.shodan.io/trends-in-internet-exposure/ D-Link DSL-2640B Vulnerability https://raelize.com/posts/d-link-dsl-2640b-security-advisories/ SMB 3.1.1 (CVE-2020-0796) Local Privilege Escalation Exploit https://github.com/danigargu/CVE-2020-0796

Crashing Windows Explorer Without a Click https://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/ Zoom Privacy Policy https://blogs.harvard.edu/doc/2020/03/27/zoom/ Zoom Bombing https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic Zoom Related Domains Used for Phishing https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/

Covid19 Domain Classifier https://isc.sans.edu/covidclassifier.html https://www.youtube.com/watch?v=yNIlyJ3gI-4 Attackers Mail Malicious USB Drives and Teddy Bears https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/ HongKong News Sites Used to Install Malware on iOS Devices https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/

Very Large Sample as an Obfuscation Technique https://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/ iOS VPN Bypass https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/ Free Covid19 Domain List https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats Linux Rubber Ducky Protection https://opensource.googleblog.com/2020/03/usb-keystroke-injection-protection.html

In Episode 170, Ben and Scott are joined by Alex Neihaus to talk about Azure Resource Manager Templates, PowerShell, and the Azure CLI. Sponsors ShareGate - ShareGate's industry-leading products help IT professionals worldwide migrate their business to the Office 365 or SharePoint, automate their Office 365 governance, and understand their Read More

Dridex Update https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/ Covid-19 Ransom https://twitter.com/johullrich/status/1242983197555789824 HP Enterprise SSD Firmware Bug https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00097382en_us Fake Google Chrome Update https://news.drweb.com/show/?i=13746&lng=en TrickBot Pushing a 2FA Bypass App in Germany https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/

Updated Microsoft Advisory 200006 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006 Memcached Denial of Service Vulnerability https://github.com/memcached/memcached/issues/629 Adobe Creative Cloud Desktop Application Patches https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html Microsoft Pausing Cumulative Updates Starting May https://docs.microsoft.com/en-us/windows/release-information/windows-message-center#405 Apple Security Patches https://support.apple.com/en-us/HT201222 OpenWRT Vulnerability Fixed https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html

Windows Font Parsing 0-Day https://isc.sans.edu/forums/diary/Windows+Zeroday+Actively+Exploited+Type+1+Font+Parsing+Remote+Code+Execution+Vulnerability/25936/ Covid-19 Malware Summary https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs Firefox Turns TLS 1.0/1.1 Back on https://www.mozilla.org/en-US/firefox/74.0/releasenotes/

More Covid19 Malware https://isc.sans.edu/forums/diary/More+COVID19+Themed+Malware/25930/ Working Exploit for the Kr00k Wifi Exploit https://hexway.io/research/r00kie-kr00kie/ ZDI Pwn2Own Results https://www.zerodayinitiative.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results

COVID-19 Themed Multistage Malware https://isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/ Cisco SD-WAN Patches https://tools.cisco.com/security/center/publicationListing.x oPatch Selling Patches for Windows 7 https://twitter.com/0patch/status/1240602635205586945 LDAPFragger: Bypassing network restrictions using LDAP attributes https://research.nccgroup.com/2020/03/19/ldapfragger-bypassing-network-restrictions-using-ldap-attributes/

In Episode 169, Ben and Scott take a break from the cloud and talk about the current situation with COVID-19 and how it's impacting many of us with work from home policies that have been put in place to maintain social distancing. Sponsors ShareGate - ShareGate's industry-leading products help IT Read More

TrendMicro Update https://success.trendmicro.com/solution/000245571 More VMWare Updates https://www.vmware.com/security/advisories/VMSA-2020-0005.html EnigmaSpark Malware https://securityintelligence.com/posts/EnigmaSpark-Politically-Themed-Cyber-Activity-Highlights-Regional-Opposition-to-Middle-East-Peace-Plan/ Recent Ransomware Trends https://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html

A Quick Summary of Current Reflective DNS DDoS Attacks https://isc.sans.edu/forums/diary/A+Quick+Summary+of+Current+Reflective+DNS+DDoS+Attacks/25916/ Trickbot gtag red5 distributed as DLL File https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/ Is Cryptojacking Dead after Coinhive Shutdown https://arxiv.org/pdf/2001.02975.pdf Adobe Patches https://helpx.adobe.com/security/products/acrobat/apsb20-13.html

Desktop.ini as a post-exploitation tool https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/ VMWAre Workstatation/Fusion Update https://www.vmware.com/security/advisories/VMSA-2020-0004.html Blackwater Malware Abuses Cloudflare Workers https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/ tcpdump Heap Based Buffer Over-Read https://nvd.nist.gov/vuln/detail/CVE-2018-19325 Slack Account Takevoer Bug https://hackerone.com/reports/737140

Phishing PDFs With Incremental Updates https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/ VPN Access and Active Monitoring https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/ Capturing Invalid Ethernet Frames https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/ Cookiethief Android Cookie Stealing Malware https://securelist.com/cookiethief/96332/ SANS Security Awareness Deployment Kit for Securing Your Workforce at Home https://www.sans.org/webcasts/113875