Tech News

What Is Listening On Port 9527/TCP https://isc.sans.edu/forums/diary/What+is+Listening+On+Port+9527TCP/25194/ PowerShell Empire Abandonded https://github.com/EmpireProject/Empire https://twitter.com/xorrior/status/1156626182978383874 Cryptomining via GitHub/PasteBin C&C https://unit42.paloaltonetworks.com/rockein-the-netflow/

Ben and Scott go through some of the high-level features of Azure SQL Managed Instance.

Phishing Attack Targeting Financial Sector https://isc.sans.edu/forums/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry+Fire3+Phishing+Kit/25188/ Enterprise Software Phoneing Home https://www.extrahop.com/company/press-releases/2019/extrahop-issues-warning-about-phoning-home/ Google Stripping www and https again https://bugs.chromium.org/p/chromium/issues/detail?id=883038#c114 Bypassing VISA Contactless Limits https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/

Luno Phishing E-Mail and Badly Implemented 2FA https://isc.sans.edu/forums/diary/Can+You+Spell+2FA+A+Luno+Phish+Example/25186/ Google Chrome Update https://w3c.github.io/webappsec-fetch-metadata/ https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html Apple Re-Releases 2019-004 Security Update for Sierra/High Sierra https://support.apple.com/en-us/HT210348 Disabling Server Side Recording of Apple Siri Commands https://github.com/jankais3r/Siri-NoLoggingPLS

11 Flaws in VxWorks IPNet TCP/IP Stack https://go.armis.com/urgent11 iOS iMessage File Disclosure Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1858

DVRIP Port 34567 Uptick https://isc.sans.edu/forums/diary/DVRIP+Port+34567+Uptick/25174/ LibreOffice LibreLogo Macro Python Code Injection https://insinuator.net/2019/07/libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848/ Extracting Private Key From Amazon Music Application https://koen.io/2019/07/26/underscoring-the-private-in-private-key/

When Users Attack: Users and Admins Thwarting Security Controls https://isc.sans.edu/forums/diary/When+Users+Attack+Users+and+Admins+Thwarting+Security+Controls/25170/ Immunity's Canvas Now Includes BlueKeep Exploit https://twitter.com/Immunityinc/status/1153752470130221057 Johannesburg Power Outages Due To Ransomware https://twitter.com/CityofJoburgZA https://www.theregister.co.uk/2019/07/25/johannesburg_ransomware_infection/ Darkmatter Intermediate Certificate Trust Removed From Google Chrome https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/7-oKhDBLetQ

A chat with Anna Chu discussing what is involved with becoming a speaker at Microsoft Ignite 2019.

VLC not Vulnerable to libebml Vulnerablity https://threader.app/thread/1153963312981389312 Cryptominer With BlueKeep Scanner https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/ Elasticsearch Vulnerabilities used to install DDoS Bot https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/ May People Be Considered As IOC? https://isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/

TLS Configuration https://isc.sans.edu/forums/diary/Verifying+SSLTLS+configuration+part+1/25162/ https://www.sans.org/webcasts/beast-poodle-celebrating-sweet32-111400 Apple Updates Everything https://support.apple.com/en-us/HT201222 QNAP/Synology Update Security Advise https://www.qnap.com/en-us/security-advisory/nas-201907-11 https://www.facebook.com/synologydeutschland/photos/a.1594837477441905/2417134061878905/ New Bluekeep Writeup https://github.com/0xeb-bp/bluekeep

Analyzing Compressed PowerShell Scripts https://isc.sans.edu/forums/diary/Analyzing+Compressed+PowerShell+Scripts/25158/ PaloAlto GlobalProtect PreAuth RCE http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html Fortinet Vulnerability https://fortiguard.com/psirt/FG-IR-19-144 ProFTPd Permission Bypass Vulnerability https://tbspace.de/cve201912815proftpd.html

PHP Malware https://isc.sans.edu/forums/diary/Malicious+PHP+Script+Back+on+Stage/25148/ Drupal Vulnerabilities https://www.drupal.org/sa-core-2019-008 iNSYNQ Breach https://www.insynq.com/support/#status

802.1x Tips https://isc.sans.edu/forums/diary/The+Other+Side+of+Critical+Control+1+8021x+Wired+Network+Access+Controls/25146/ Kazachstan TLS Interception https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wnuKAhACo3E/cpsvHgcuDwAJ BEC Trends https://www.fincen.gov/sites/default/files/shared/FinCEN_Financial_Trend_Analysis_FINAL_508.pdf Cyclance Weakness https://skylightcyber.com/2019/07/18/cylance-i-kill-you/

Ben and Scott discuss some of the upcoming changes to the Microsoft Partner program.

Analysis of DNS TXT Records https://isc.sans.edu/forums/diary/Analyzis+of+DNS+TXT+Records/25142/ Evil Gnome Linux Malware https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/ New American Express Phishing Attacks https://cofense.com/phishing-attacker-takes-american-express-victims-credentials/

Zoom/Apple Patches Additional Software https://www.theverge.com/2019/7/16/20696529/apple-mac-silent-update-zoom-ringcentral-zhumu-vulnerabilty-patched Lenovo/IOMega NAS API Vulnerability https://www.theregister.co.uk/2019/07/16/iomega_nas_boxes/ Amadeus Vulnerability Allows Access to Boarding Passes https://www.7elements.co.uk/resources/technical-advisories/insecure-direct-object-reference-within-amadeus-check-in-application/ FBI Releases GandGrab Master Keys https://www.documentcloud.org/documents/6199678-GandCrab-Master-Decryption-Keys-FLASH.html Android Media File Jacking https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media

isodump.py and malicious ISO files https://isc.sans.edu/forums/diary/isodumppy+and+Malicious+ISO+Files/25134/ Atlassian Crowd Vulnerability Details https://www.corben.io/atlassian-crowd-rce/ Scrapy Vulnerabilities https://medium.com/alertot/web-scraping-considered-dangerous-leaking-files-from-the-spiders-host-bd508f81d498 iOS URL Scheme Susceptible to Hijacking https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/

Magecart Targets S3 Buckets https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/ Atlassian Jira Vulnerability https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html Microsoft to Detect Phishing in Forms https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=52927 Tracking Anonymized Bluetooth Devices https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf

Analysis of a Recent AZORult Sample https://isc.sans.edu/forums/diary/Recent+AZORult+activity/25120/ Apple Delete Zoom Web Server https://www.macrumors.com/2019/07/10/apple-update-remove-zoom-server/ Apple Disables Walkie Talkie App https://techcrunch.com/2019/07/10/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-eavesdropping/ Windows PXE Devices May Fail to Boot After Recent Update https://support.microsoft.com/en-in/help/4512816/devices-that-start-up-using-preboot-execution-environment-pxe-images-f Sean Goodwin: Attackers Inside the WAlls: Detecting Malicious Activity https://www.sans.org/reading-room/whitepapers/detection/paper/39055

Tips and tricks for Azure Active Directory Conditional Access, a new "jump box" service from Microsoft for Azure-hosted virtual machines called Azure Bastion, and improvements coming to OneDrive consumer accounts.