Tech News

Samba Project Disabling SMBv1 By Default https://isc.sans.edu/forums/diary/Samba+Project+tells+us+Whats+New+SMBv1+Disabled+by+Default+finally/25116/ GnuPG Will No Longer Import Signatures From Keyservers https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html eChOraix Ransomware https://www.anomali.com/blog/the-ech0raix-ransomware

MSFT Patch Tuesday https://isc.sans.edu/forums/diary/MSFT+July+2019+Patch+Tuesday/25110/ Adobe Updates https://helpx.adobe.com/security.html Zoom Vulnerability https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

Canonical Github Hack https://news.ycombinator.com/item?id=20373009 New Wave of Magecart Attacks https://gist.github.com/gwillem/5d936f5a84837d5c1dcb488ce256294a Facebook's Libra Crpto Currency Already Impersonated https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/

Does "Godlua" Use DNS over HTTPS or Not? https://www.golem.de/news/verschluesseltes-dns-falschmeldung-in-propagandaschlacht-um-dns-ueber-https-1907-142358.html https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/ Exploit for Cisco Authentication Bypass and RCE https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt Magento RCE Exploit https://blog.ripstech.com/2019/magento-rce-via-xss/ Malicous XSL Files https://isc.sans.edu/forums/diary/Malicious+XSL+Files/25098/

Why friends shouldn't let friends buy Office 365 Business plans by comparing Office 365 Business Premium to Office 365 Enterprise E3.

Zipato SmartHub Vulnerabilities https://blackmarble.sh/zipato-smart-hub/ Blocking DNS over HTTPS https://github.com/bambenek/block-doh Cloudflare Outage https://www.cloudflarestatus.com/incidents/tx4pgxs6zxdr Android Update https://source.android.com/security/bulletin/2019-07-01 Powershell Kill Switch Commands https://isc.sans.edu/forums/diary/Using+Powershell+in+Basic+Incident+Response+A+Domain+Wide+KillSwitch/25088/

Maldoc Payloads in User Forms https://isc.sans.edu/forums/diary/Maldoc+Payloads+in+User+Forms/25084/ Zyxel Vulnerabilities https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml AMD SEV DH Key Recovery https://seclists.org/fulldisclosure/2019/Jun/46 Card Enrollment Service Fraud https://www.advanced-intel.com/post/card-enrollment-services-highly-effective-fraud-methodology-offered-in-russian-underground

Collecting Hashes of Running Processes and verifying them with Virustotal Domain wide https://isc.sans.edu/forums/diary/Verifying+Running+Processes+against+VirusTotal+DomainWide/25078/ Mozilla Server Side TLS Guide Updates https://wiki.mozilla.org/Security/Server_Side_TLS SKS Keyserver DoS Attack https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f QR Code Phishing https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/

New Brickerbot (Silex) Sightings https://twitter.com/_larry0/status/1143532888538984448 Supply Chain Attacks Against Telco Providers https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers GreenFlash Sundown Malwaretising Campaign https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/ TrackThis Demonstrates How Advertisers Track You https://trackthis.link Geoff Parker: Automating Phsh Reporting Resposne http://www.sans.org/reading-room/whitepapers/email/automating-response-phish-reporting-39000

Episode 131 is part 2 of their conversation from last week on Microsoft Teams governance.

Rig Exploit Kit Installs Pitou.B. Trojan https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+sends+PitouB+Trojan/25068/ AWS VPC Traffic Mirroring https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring Elastic SIEM App https://www.elastic.co/blog/introducing-elastic-siem National Emergency Alerts Potentially Vulnerable to Attack https://www.colorado.edu/today/2019/06/11/emergency-alerts

Cloudflare Outage https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/ https://isc.sans.edu/forums/diary/Extensive+BGP+Issues+Affecting+Cloudflare+and+possibly+others/25064/ WeTransfer Misdirects Files https://betanews.com/2019/06/21/wetransfer-fail/ Jenkins Pillage https://dolosgroup.io/blog/2019/6/20/pillaging-the-jenkins-treasure-chest

SSH Will Start Encrypting Secret Keys in Memory https://marc.info/?l=openbsd-cvs&m=156109087822676&w=2 Bluekeep Patchrate at 83.4% https://twitter.com/RavivTamir/status/1141788586922119168 Android ADB/SSH Botnet https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-create-android-cryptomining-army/

Updates for Dell Support Assistant https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en Critical Cisco Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex LoudMiner Comes with VM https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/ STI Student Dave Todd: Overcoming the Comliance Challenges in Biometrics https://www.sans.org/reading-room/whitepapers/legal/paper/38970

A session Ben Stegink delivered at the Microsoft Teams Virtual Summit on Microsoft Teams governance.

Critical Patch For WebLogic https://isc.sans.edu/forums/diary/Critical+Actively+Exploited+WebLogic+Flaw+Patched+CVE20192729/25050/ Exim Exploits Against Other Mail Servers https://isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/ SANS Fire Presentations (to be published soon) https://isc.sans.edu/presentations

Critical Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707 Bitdefender Releases GandCrap Decryptor https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/ Google Launches New Deceptive Site Protections in Chrome https://blog.chromium.org/2019/06/new-chrome-protections-from-deception.html

TCP SACK Panic DoS in Linux https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md https://tools.ietf.org/html/rfc879 Logitech Pointer Recall https://www.heise.de/security/meldung/Angreifbare-Logitech-Presenter-Hersteller-tauscht-gefaehrliche-USB-Empfaenger-aus-4423627.html An Infection from the Rig Exploit Kit https://isc.sans.edu/forums/diary/An+infection+from+Rig+exploit+kit/25040/

Whats App Phishing https://www.heise.de/newsticker/meldung/Phishing-Mails-gaukeln-Ende-von-WhatsApp-Abonnement-vor-4447165.html Encrypted EMail Phishing https://www.bleepingcomputer.com/news/security/phishing-scam-asks-you-to-login-to-read-encrypted-message/ Android Apps Link to Fake Sites https://news.drweb.com/show/?i=13313&lng=en&c=5 Precomputed Hash Tables https://a.ndronic.us/pre-computed-hash-table-v-1-0/

Exim Flaw Exploited https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability Yubico Recalling FIPS Certified Yubikeys https://www.yubico.com/support/security-advisories/ysa-2019-02/ Vulnerable Infusion Pumps https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-unauthorized-firmware Telegram DDoS Attack https://twitter.com/telegram/status/1138768124914929664 Ghidra Tips for IDA Users: Function Call Graphs https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+4+function+call+graphs/25032/ Joel Chapman: Security Consideration for Voice over Wifi (VoWifi) Systems https://www.sans.org/reading-room/whitepapers/telephone/paper/38945