Tech News

Ransomware written in JavaScript using Node.js https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/ Landry Restaurant PoS Breach https://www.landrysinc.com/CreditNotice/CANotice.asp Holiday Hack Challenge https://www.holidayhackchallenge.com Citrix/NetScaler Vulnerability Special Webcast Recording https://i5c.us/citrix

In Episode 158, Ben and Scott dive into a change that is going to impact all Microsoft Partners and their security posture in Azure Active Directory. Sponsors ShareGate – ShareGate’s industry-leading products help IT professionals worldwide migrate their business to the Office 365 or SharePoint, automate their Office 365 governance, Read More

ISC API Update https://isc.sans.edu/api https://isc.sans.edu/forums/diary/Miscellaneous+Updates+to+our+Threatfeed+API/25654/ CCC Conference https://fahrplan.events.ccc.de/congress/2019/Fahrplan/ https://events.ccc.de/congress/2019/wiki/index.php/Main_Page

Breaking 2FA Soft Tokens https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf PiHole Dashboard https://isc.sans.edu/forums/diary/ELK+Dashboard+for+Pihole+Logs/25652/ Corrupt Office Documents https://isc.sans.edu/forums/diary/Corrupt+Office+Documents/25650/ Enumerating Office 365 Users https://isc.sans.edu/forums/diary/Enumerating+office365+users/25648/

Citrix Application Delivery Controller (Netscaler ADC) Critical Vulnerability https://www.ptsecurity.com/ww-en/about/news/citrix-vulnerability-allows-criminals-to-hack-networks-of-80000-companies/ https://support.citrix.com/article/CTX267027

In Episode 157, Ben and Scott go sideways and talk about Microsoft's approach to documenting not only the How but the Why of services and products that they release and how customers can obtain operational guidance today. Sponsors Opsgility - Your Cloud enablement partner to help guide your organization through Read More

Extracting VBA Macros From .DWG Files https://isc.sans.edu/forums/diary/Extracting+VBA+Macros+From+DWG+Files/25634/ Cisco PKI Self-Signed Certificate Expiration https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html AFRINIC IP Address Space Misappropriated By Insider https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html

More DNS over HTTPS Details https://isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/ Ransomware Outing Victims https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/ Google Chrome Update https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html

Ben and Scott go down a deep, dark hole and discuss some issues with Microsoft Teams screen sharing on MacOS Catalina. After that, they discuss the newly announced Microsoft Team Exploratory license and some impacts to your tenant if you allow trials.

An Emotet Update https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/ Emotet Used to Spread Malware From German Federal Agency Accounts (german) https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html Joomla Patches SQL Injection https://developer.joomla.org/security-centre.html Unicode Mapping Problems https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/

Discovering DNS over HTTPS https://isc.sans.edu/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616/ Ring Camera Weaknesses https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security WhatsApp DoS Bug https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/

Slack "Unshare" Not Working As Expected https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/ Google Making OAUTH Mandatory for GSuite https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html TPLink Authentication Bypass https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/ Factoring IoT RSA Keys https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era

VBA Macros in Autocad https://isc.sans.edu/forums/diary/Malicious+DWG+Files/25612/ OpenBSD Privilege Escalation Vulnerability https://www.qualys.com/2019/12/11/cve-2019-19726/local-privilege-escalation-openbsd-dynamic-loader.txt NPM Fixes Critical Security Vulnerability https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli

Malware Information Sharing https://isc.sans.edu/forums/diary/Code+Data+Reuse+in+the+Malware+Ecosystem/25598/ Apple Improves Tracking Prevention Tracking in WebKit https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/ Google Verified SMS Messages https://www.blog.google/products/messages/safer-conversations-messages-verified-sms-and-spam-protection/ Echobot Keeps Adding More Exploits https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/ STI Research Paper: Caleb Baker DNS Monitoring https://www.sans.org/reading-room/whitepapers/dns/challenges-effective-dns-query-monitoring-39215

In Episode 155, Ben and Scott dive into a discussion around tenant-level services in Microsoft 365 and Office 365 and what you need to think about as you license users and potentially scope deployments within your tenancy to ensure your compliance with your Microsoft 365 licensing.

German Malspam Installs Trickbot https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/ Vulnerable KeyWe Smart Lock https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception Google Chrome Update https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html iOS Spam Feature https://support.apple.com/en-us/HT210756 https://kishanbagaria.com/airdos/

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+December+2019+Patch+Tuesday/25592/ https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Apple Security Updates https://support.apple.com/en-us/HT201222 Intel Plundervolt Update https://blogs.intel.com/technology/2019/12/ipas-security-advisories-for-december-2019/

Another Word Maldoc https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/ Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/ Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/ Extending Windows 7 Security Updates https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/ Swift on Security Updates Sysmon Rules https://github.com/SwiftOnSecurity/sysmon-config RSA Webcast https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving

E-Mail Includes Entire HTML/Javascript Phishing Kit https://isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/ Great Canon / Red Canon Activated to Silence Pro Hongkong Forum https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again

OpenBSD Authentication Bypass and Privilege Escalation Vulnerability https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt?_ga=2.58244398.587934852.1575530822-682141427.1570559125 Hijacking Linux (and BSD) VPN Connections https://seclists.org/oss-sec/2019/q4/122 RASP vs. WAF: Alexander Fry Research Paper https://www.sans.org/reading-room/whitepapers/application/runtime-application-self-protection-rasp-investigation-effectiveness-rasp-solution-protecting-vulnerable-target-applications-38950