Tech News

Coronavirus Preparedness and Associated Scams https://isc.sans.edu/forums/diary/Network+Security+Perspective+on+Coronavirus+Preparedness/25750/ RD Gateway RCE Exploit Demoed https://twitter.com/layle_ctf/status/1221514332049113095?s=12 Mitsubishi Electric Compromised via Trend Micro Vulnerability http://www.mitsubishielectric.co.jp/news/2020/0120-b.pdf https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/

Citrix Releases ADC Updates For All Versions https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/ Temporary Windows 0-Day Fix Breaks Printers https://www.reddit.com/r/sysadmin/comments/etumy7/microsoft_ie_zeroday_fix_breaks_hp_printing/ Critical Vulnerabilitiesin GE Medical Devices https://www.us-cert.gov/ics/advisories/icsma-20-023-01

Simple vs. Complex Obfuscation https://isc.sans.edu/forums/diary/Complex+Obfuscation+VS+Simple+Trick/25738/ RD Gateway PoC Exploit Release https://github.com/ollypwn/BlueGate Citrix ADC Compromise Scanner https://github.com/citrix/ioc-scanner-CVE-2019-19781/ LastPass Accidentially Removes Extension from Chrome Web Store https://twitter.com/LastPassStatus/status/1220122561989640192

In Episode 161, Ben and Scott discuss the updated timeline for the migration from Office 365 to Microsoft Stream and some new functionality coming to Office 365 and Outlook on the web that will make it easier to import personal calendars from Outlook.com, Live.com, and Google. Sponsors ShareGate – ShareGate’s Read More

German Malspam Pushing Ursnif https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/ Tracking Users Using Safari's Intelligent Tracking Prevention https://arxiv.org/pdf/2001.07421.pdf Muhstik Botnet Targeting Tomato Routers https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/ Cisco Firepower Management Center LDAP Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth

DeepBlueCLI https://isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/ https://github.com/sans-blue-team/DeepBlueCLI EFS Ransomware https://safebreach.com/Post/EFS-Ransomware Fake Leak Compensation https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/ Criminals Use Fake Job Sites to Defraud Victims https://www.ic3.gov/media/2020/200121.aspx

Twist on Sextortion https://www.dailymail.co.uk/sciencetech/article-7886055/Sextortion-campaign-targets-users-Google-Nest-smart-camera.html Emotet Uses Extortion to Infect Systems https://www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/ Lastpass Outage https://www.theregister.co.uk/2020/01/20/lastpass_outage/ Netgear Signed TLS Cert Private Key Disclosure https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9

Microsoft Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001 CVE-2020-0601 Update https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/ Curveball Update https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/ https://isc.sans.edu/diary//25724

CVE-2020-0601 Update ("Curveball" , "Letsdecrypt") https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/ https://curveballtest.com Certain Netscaler Devices Do Not Support Mitigation (article in dutch) https://www.ncsc.nl/actueel/nieuws/2020/januari/16/door-citrix-geadviseerde-mitigerende-maatregelen-niet-altijd-effectief Cable Haunt Vulnerability https://cablehaunt.com/ STI Student Interview: Jon Michael Lacek https://www.sans.org/reading-room/whitepapers/securecode/changing-devops-culture-security-scan-time-39125

In Episode 160, Ben and Scott dive into the Office Cloud Policy Service, part of the Office Admin Center and talk through how to manage the user configuration for your Office clients all in the cloud without GPOs. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your email life Read More

CVE-2020-0601 Followup https://isc.sans.edu/forums/diary/CVE20200601+Followup/25714/ Oracle Patches https://www.oracle.com/security-alerts/cpujan2020.html

Microsoft January 2020 Patch Tuesday and #CryptoAPI Flaw Webcast: https://sans.org/cryptoapi-isc Diary: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/ NSA Release: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

Upcoming Critical MSFT Patch https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ SIM Swapping is Easy https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf Google Open Sources wombat dressing room npm publication proxy https://opensource.googleblog.com/2020/01/wombat-dressing-room-npm-publication_10.html

Citrix ADC Vulnerability Actively Exploited. Assume vulnerable systems are compromised. Updated Citrix Advisory: https://support.citrix.com/article/CTX267027 Exploit Activity Summary: https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/ Vulnerablity Scanner: https://github.com/trustedsec/cve-2019-19781/ Special Webcast: https://i5c.us/citrix YouTube Walk Through of the vulnerability: https://youtu.be/msslpqyf98c

Another Malicious Word Document https://isc.sans.edu/forums/diary/Quick+Analyzis+of+another+Maldoc/25694/ SHA1 Update https://sha-mbles.github.io/ Cisco Updates https://tools.cisco.com/security/center/publicationListing.x Mandy Galante: Girls Go Cyberstart (register now. Play Jan 13th-31st) https://www.girlsgocyberstart.org/

In Episode 159, Ben and Scott kick off 2020 with a discussion about the deprecation of Low Priority VMs in Azure and the introduction of Spot VMs and then they talk about a new feature available in Azure AD that can help you synchronize users and groups from disconnected domains. Read More

Critical Firefox Update Fixing Exploited Bug https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ 3 Google Play Store Apps Exploit Android Zero-Day https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/ Tails 4.2 https://tails.boum.org/news/version_4.2/index.en.html TikTok Vulnerablities https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/

Citrix ADC Update https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/ Pulse Secure SSLVPN Exploited https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/ https://www.darkreading.com/attacks-breaches/widely-known-flaw-in-pulse-secure-vpn-being-used-in-ransomware-attacks/d/d-id/1336729 Google Project Zero Changing Disclosure Policy https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html Google Updates Android https://source.android.com/security/bulletin/2020-01-01

Spoofed Scans from 103/8 https://isc.sans.edu/forums/diary/Increase+in+Number+of+Sources+January+3rd+and+4th+spoofed/25678/ Iran Terror Threat https://www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf BusKill Laptop Kill Cord https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/

Quick Summary of the California Conumser Privacy Act https://isc.sans.edu/forums/diary/CCPA+Quick+Overview/25668/ Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x XiaoMi Camera Cache Bug https://www.reddit.com/r/googlehome/comments/eine1m/when_i_load_the_xiaomi_camera_in_my_google_home/