SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

By Johannes B. Ullrich

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in iTunes


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 612
Reviews: 3


 Jan 10, 2019

Kir
 Sep 11, 2018
...

Harald Clark
 Aug 18, 2018
A nice, clear and concise, daily overview of computing security threats; links for more info and no irrelevant padding of podcast audio.

Description

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episode Date
ISC StormCast for Friday, August 23rd 2019
5:49
Steam Zero Days and Bug Bounty Controversy
https://www.theregister.co.uk/2019/08/22/valve_bug_bounty_steam_u_turn/
bb-builder malicious npm Package
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords
Phishers Customize Branded Outlook 365 Login Pages
https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/
Aug 23, 2019
ISC StormCast for Thursday, August 22nd 2019
5:38
KAPE vs. Commando VM: Red vs. Blue
https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/
Attacks against Exposed Sphinx Servers
https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-Sphinx-Server/open-Sphinx-server_node.html
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities
Newly Registered Domains Most Dangerous
https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/
Aug 22, 2019
ISC StormCast for Wednesday, August 21st 2019
5:39
Guildma Malware is Now Using Facebook and YouTube as Update Channel
https://isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/
Supply Chain Issues: rest-client ruby gem backdoored
https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
Aug 21, 2019
ISC StormCast for Tuesday, August 20th 2019
5:32
iOS 12.4 Jailbreak Released after Reindruced Vulnerability form 12.2
https://github.com/pwn20wndstuff/Undecimus/releases
SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection
https://support.symantec.com/us/en/article.tech255857.html
Attacking and Downgrading Bluetooth Key Negotiation
https://knobattack.com
Aug 20, 2019
ISC StormCast for Monday, August 19th 2019
5:04
Large Number of VoIP System Vulnerabilities Released
https://www.sit.fraunhofer.de/en/cve/
Confidential Company Documents Leaked in Public Sandboxes
https://blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/
https://www.sit.fraunhofer.de/en/news-events/latest/press-releases/details/news-article/show/gefahr-uebers-telefon/
Trend Micro Password Manager DLL Hijacking
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx
Firefox Password Manager May Leak Passwords
https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733
Aug 19, 2019
ISC StormCast for Friday, August 16th 2019
6:21
Analysis of a Spearphishing Maldoc
https://isc.sans.edu/forums/diary/Analysis+of+a+Spearphishing+Maldoc/25242/
IoT Security Stagnation
https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/
Kaspersky Insecurity
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
Aug 16, 2019
ISC StormCast for Thursday, August 15th 2019
6:04
MedusaHTTP Malware
https://isc.sans.edu/forums/diary/Recent+example+of+MedusaHTTP+malware/25234/
Cryptominer uses DuckDNS for C&C
https://www.varonis.com/blog/monero-cryptominer/
Intel NUC Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/default.html
HTTP/2 Vulnerabilities
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Aug 15, 2019
ISC StormCast for Wednesday, August 14th 2019
5:23
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/August+2019+Microsoft+Patch+Tuesday/25236/
Adobe Patches
https://helpx.adobe.com/security.html
Windows Text Services Vulnerabilities
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html#ftnt2
Aug 14, 2019
ISC StormCast for Tuesday, August 13th 2019
5:42
Malicious DAA Attachments
https://isc.sans.edu/forums/diary/Malicious+DAA+Attachments/25230/
SQLLite Exploits
https://research.checkpoint.com/select-code_execution-from-using-sqlite/
Printer Vulnerabilities
https://www.defcon.org/html/defcon-27/dc-27-speakers.html#Romero
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/?research=Technical+advisories

Aug 13, 2019
ISC StormCast for Monday, August 12th 2019
5:28
100% JavaScript Phishing Page
https://isc.sans.edu/forums/diary/100+JavaScript+Phishing+Page/25220/
Vulnerabilities in DSLR Cameras
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
https://global.canon/en/support/security/d-camera.html
Turning Tesla into Surveilance Platform
https://github.com/tevora-threat/scout
Basic Electron Framework Exploitation
https://www.contextis.com/en/blog/basic-electron-framework-exploitation
Aug 12, 2019
ISC StormCast for Friday, August 9th 2019
6:27
Kubernetes Security Audit Published
https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf
https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubernetes-security-audit/
Apple Expands Bug Bounty
https://www.blackhat.com/us-19/briefings/schedule/index.html#behind-the-scenes-of-ios-and-mac-security-17220
https://www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/
0-Day Privilege Escalation in Steam Client
https://amonitoring.ru/article/steamclient-0day/
Actual Sextortion Trojan
https://www.welivesecurity.com/2019/08/08/varenyky-spambot-campaigns-france/
Aug 09, 2019
ISC StormCast for Thursday, August 8th 2019
6:31
AT&T Insiders Bribed to Obtain Unlock Codes
https://www.justice.gov/usao-wdwa/press-release/file/1191031/download
Older RDP Vulnerability Can be Used for HyperV VM Escape
https://www.microsoft.com/security/blog/2019/08/07/a-case-study-in-industry-collaboration-poisoned-rdp-vulnerability-disclosure-and-response/
Cisco Patches Smart Switch 220 Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
Firefox for Android Supporting WebAuthn
https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/
Aug 08, 2019
ISC StormCast for Wednesday, August 7th 2019
6:15
Corporate IoT Used in Intrusion
https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/
New Spectre Variant: SWAPGS
https://www.bitdefender.com/business/swapgs-attack.html
New WPA3 Weaknesses
https://wpa3.mathyvanhoef.com/#new
Aug 07, 2019
ISC StormCast for Tuesday, August 6th 2019
5:39
Sexploitation E-Mail: Where did the winnings go
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+The+Final+Chapter/25204/
VMWare Update
https://www.vmware.com/security/advisories/VMSA-2019-0012.html
Android Update Fixes Qualcom Bug
https://source.android.com/security/bulletin/2019-08-01.html
https://blade.tencent.com/en/advisories/qualpwn/
Aug 06, 2019
ISC StormCast for Monday, August 5th 2019
5:52
Misconfigured JIRA Leaks User Details
https://medium.com/@logicbomb_1/one-misconfig-jira-to-leak-them-all-including-nasa-and-hundreds-of-fortune-500-companies-a70957ef03c7
Google, Amazon, Apple modify policy on listening in on Assistant Recordings
https://datenschutz-hamburg.de/assets/pdf/2019-08-01_press-release-Google_Assistant.pdf
https://www.bloomberg.com/news/articles/2019-08-02/amazon-gives-option-to-disable-human-review-of-alexa-recordings
https://www.theverge.com/2019/8/2/20751270/apple-stops-contractors-siri-voice-recordings-privacy-opt-out
https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4841/kw/Security%20Bulletin
Detecting Incognito Mode in Google Chrome 76
https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/
Aug 05, 2019
ISC StormCast for Friday, August 2nd 2019
5:31
What Is Listening On Port 9527/TCP
https://isc.sans.edu/forums/diary/What+is+Listening+On+Port+9527TCP/25194/
PowerShell Empire Abandonded
https://github.com/EmpireProject/Empire
https://twitter.com/xorrior/status/1156626182978383874
Cryptomining via GitHub/PasteBin C&C
https://unit42.paloaltonetworks.com/rockein-the-netflow/
Aug 02, 2019
ISC StormCast for Thursday, August 1st 2019
6:27
Phishing Attack Targeting Financial Sector
https://isc.sans.edu/forums/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry+Fire3+Phishing+Kit/25188/
Enterprise Software Phoneing Home
https://www.extrahop.com/company/press-releases/2019/extrahop-issues-warning-about-phoning-home/
Google Stripping www and https again
https://bugs.chromium.org/p/chromium/issues/detail?id=883038#c114
Bypassing VISA Contactless Limits
https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/
Aug 01, 2019
ISC StormCast for Wednesday, July 31st 2019
5:49
Luno Phishing E-Mail and Badly Implemented 2FA
https://isc.sans.edu/forums/diary/Can+You+Spell+2FA+A+Luno+Phish+Example/25186/
Google Chrome Update
https://w3c.github.io/webappsec-fetch-metadata/
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
Apple Re-Releases 2019-004 Security Update for Sierra/High Sierra
https://support.apple.com/en-us/HT210348
Disabling Server Side Recording of Apple Siri Commands
https://github.com/jankais3r/Siri-NoLoggingPLS
Jul 31, 2019
ISC StormCast for Tuesday, July 30th 2019
6:34
11 Flaws in VxWorks IPNet TCP/IP Stack
https://go.armis.com/urgent11
iOS iMessage File Disclosure Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
Jul 30, 2019
ISC StormCast for Monday, July 29th 2019
7:13
DVRIP Port 34567 Uptick
https://isc.sans.edu/forums/diary/DVRIP+Port+34567+Uptick/25174/
LibreOffice LibreLogo Macro Python Code Injection
https://insinuator.net/2019/07/libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848/
Extracting Private Key From Amazon Music Application
https://koen.io/2019/07/26/underscoring-the-private-in-private-key/
Jul 29, 2019
ISC StormCast for Friday, July 26th 2019
6:22
When Users Attack: Users and Admins Thwarting Security Controls
https://isc.sans.edu/forums/diary/When+Users+Attack+Users+and+Admins+Thwarting+Security+Controls/25170/
Immunity's Canvas Now Includes BlueKeep Exploit
https://twitter.com/Immunityinc/status/1153752470130221057
Johannesburg Power Outages Due To Ransomware
https://twitter.com/CityofJoburgZA
https://www.theregister.co.uk/2019/07/25/johannesburg_ransomware_infection/
Darkmatter Intermediate Certificate Trust Removed From Google Chrome
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/7-oKhDBLetQ
Jul 26, 2019
ISC StormCast for Thursday, July 25th 2019
5:48
VLC not Vulnerable to libebml Vulnerablity
https://threader.app/thread/1153963312981389312
Cryptominer With BlueKeep Scanner
https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/
Elasticsearch Vulnerabilities used to install DDoS Bot
https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/
May People Be Considered As IOC?
https://isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/
Jul 25, 2019
ISC StormCast for Wednesday, July 24th 2019
6:01
TLS Configuration
https://isc.sans.edu/forums/diary/Verifying+SSLTLS+configuration+part+1/25162/
https://www.sans.org/webcasts/beast-poodle-celebrating-sweet32-111400
Apple Updates Everything
https://support.apple.com/en-us/HT201222
QNAP/Synology Update Security Advise
https://www.qnap.com/en-us/security-advisory/nas-201907-11
https://www.facebook.com/synologydeutschland/photos/a.1594837477441905/2417134061878905/
New Bluekeep Writeup
https://github.com/0xeb-bp/bluekeep
Jul 24, 2019
ISC StormCast for Tuesday, July 23rd 2019
5:22
Analyzing Compressed PowerShell Scripts
https://isc.sans.edu/forums/diary/Analyzing+Compressed+PowerShell+Scripts/25158/
PaloAlto GlobalProtect PreAuth RCE
http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
Fortinet Vulnerability
https://fortiguard.com/psirt/FG-IR-19-144
ProFTPd Permission Bypass Vulnerability
https://tbspace.de/cve201912815proftpd.html
Jul 23, 2019
ISC StormCast for Monday, July 22nd 2019
6:10
PHP Malware
https://isc.sans.edu/forums/diary/Malicious+PHP+Script+Back+on+Stage/25148/
Drupal Vulnerabilities
https://www.drupal.org/sa-core-2019-008
iNSYNQ Breach
https://www.insynq.com/support/#status
Jul 22, 2019
ISC StormCast for Friday, July 19th 2019
7:02
802.1x Tips
https://isc.sans.edu/forums/diary/The+Other+Side+of+Critical+Control+1+8021x+Wired+Network+Access+Controls/25146/
Kazachstan TLS Interception
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wnuKAhACo3E/cpsvHgcuDwAJ
BEC Trends
https://www.fincen.gov/sites/default/files/shared/FinCEN_Financial_Trend_Analysis_FINAL_508.pdf
Cyclance Weakness
https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
Jul 19, 2019
ISC StormCast for Thursday, July 18th 2019
6:16
Analysis of DNS TXT Records
https://isc.sans.edu/forums/diary/Analyzis+of+DNS+TXT+Records/25142/
Evil Gnome Linux Malware
https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/
New American Express Phishing Attacks
https://cofense.com/phishing-attacker-takes-american-express-victims-credentials/
Jul 18, 2019
ISC StormCast for Wednesday, July 17th 2019
5:40
Zoom/Apple Patches Additional Software
https://www.theverge.com/2019/7/16/20696529/apple-mac-silent-update-zoom-ringcentral-zhumu-vulnerabilty-patched
Lenovo/IOMega NAS API Vulnerability
https://www.theregister.co.uk/2019/07/16/iomega_nas_boxes/
Amadeus Vulnerability Allows Access to Boarding Passes
https://www.7elements.co.uk/resources/technical-advisories/insecure-direct-object-reference-within-amadeus-check-in-application/
FBI Releases GandGrab Master Keys
https://www.documentcloud.org/documents/6199678-GandCrab-Master-Decryption-Keys-FLASH.html
Android Media File Jacking
https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
Jul 17, 2019
ISC StormCast for Tuesday, July 16th 2019
6:30
isodump.py and malicious ISO files
https://isc.sans.edu/forums/diary/isodumppy+and+Malicious+ISO+Files/25134/
Atlassian Crowd Vulnerability Details
https://www.corben.io/atlassian-crowd-rce/
Scrapy Vulnerabilities
https://medium.com/alertot/web-scraping-considered-dangerous-leaking-files-from-the-spiders-host-bd508f81d498
iOS URL Scheme Susceptible to Hijacking
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
Jul 16, 2019
ISC StormCast for Monday, July 15th 2019
6:06
Magecart Targets S3 Buckets
https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/
Atlassian Jira Vulnerability
https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html
Microsoft to Detect Phishing in Forms
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=52927
Tracking Anonymized Bluetooth Devices
https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf
Jul 15, 2019
ISC StormCast for Friday, July 12th 2019
13:23
Analysis of a Recent AZORult Sample
https://isc.sans.edu/forums/diary/Recent+AZORult+activity/25120/
Apple Delete Zoom Web Server
https://www.macrumors.com/2019/07/10/apple-update-remove-zoom-server/
Apple Disables Walkie Talkie App
https://techcrunch.com/2019/07/10/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-eavesdropping/
Windows PXE Devices May Fail to Boot After Recent Update
https://support.microsoft.com/en-in/help/4512816/devices-that-start-up-using-preboot-execution-environment-pxe-images-f
Sean Goodwin: Attackers Inside the WAlls: Detecting Malicious Activity
https://www.sans.org/reading-room/whitepapers/detection/paper/39055
Jul 12, 2019
ISC StormCast for Thursday, July 11th 2019
5:03
Samba Project Disabling SMBv1 By Default
https://isc.sans.edu/forums/diary/Samba+Project+tells+us+Whats+New+SMBv1+Disabled+by+Default+finally/25116/
GnuPG Will No Longer Import Signatures From Keyservers
https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html
eChOraix Ransomware
https://www.anomali.com/blog/the-ech0raix-ransomware
Jul 11, 2019
ISC StormCast for Wednesday, July 10th 2019
6:26
MSFT Patch Tuesday
https://isc.sans.edu/forums/diary/MSFT+July+2019+Patch+Tuesday/25110/
Adobe Updates
https://helpx.adobe.com/security.html
Zoom Vulnerability
https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
Jul 10, 2019
ISC StormCast for Tuesday, July 9th 2019
5:27
Canonical Github Hack
https://news.ycombinator.com/item?id=20373009
New Wave of Magecart Attacks
https://gist.github.com/gwillem/5d936f5a84837d5c1dcb488ce256294a
Facebook's Libra Crpto Currency Already Impersonated
https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/
Jul 09, 2019
ISC StormCast for Monday, July 8th 2019
5:40
Does "Godlua" Use DNS over HTTPS or Not?
https://www.golem.de/news/verschluesseltes-dns-falschmeldung-in-propagandaschlacht-um-dns-ueber-https-1907-142358.html
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Exploit for Cisco Authentication Bypass and RCE
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt
Magento RCE Exploit
https://blog.ripstech.com/2019/magento-rce-via-xss/
Malicous XSL Files
https://isc.sans.edu/forums/diary/Malicious+XSL+Files/25098/
Jul 08, 2019
ISC StormCast for Wednesday, July 3rd 2019
6:09
Zipato SmartHub Vulnerabilities
https://blackmarble.sh/zipato-smart-hub/
Blocking DNS over HTTPS
https://github.com/bambenek/block-doh
Cloudflare Outage
https://www.cloudflarestatus.com/incidents/tx4pgxs6zxdr
Android Update
https://source.android.com/security/bulletin/2019-07-01
Powershell Kill Switch Commands
https://isc.sans.edu/forums/diary/Using+Powershell+in+Basic+Incident+Response+A+Domain+Wide+KillSwitch/25088/
Jul 03, 2019
ISC StormCast for Tuesday, July 2nd 2019
5:21
Maldoc Payloads in User Forms
https://isc.sans.edu/forums/diary/Maldoc+Payloads+in+User+Forms/25084/
Zyxel Vulnerabilities
https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
AMD SEV DH Key Recovery
https://seclists.org/fulldisclosure/2019/Jun/46
Card Enrollment Service Fraud
https://www.advanced-intel.com/post/card-enrollment-services-highly-effective-fraud-methodology-offered-in-russian-underground
Jul 02, 2019
ISC StormCast for Sunday, June 30th 2019
6:43
Collecting Hashes of Running Processes and verifying them with Virustotal Domain wide
https://isc.sans.edu/forums/diary/Verifying+Running+Processes+against+VirusTotal+DomainWide/25078/
Mozilla Server Side TLS Guide Updates
https://wiki.mozilla.org/Security/Server_Side_TLS
SKS Keyserver DoS Attack
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
QR Code Phishing
https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/
Jun 30, 2019
ISC StormCast for Friday, June 28th 2019
16:42
New Brickerbot (Silex) Sightings
https://twitter.com/_larry0/status/1143532888538984448
Supply Chain Attacks Against Telco Providers
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
GreenFlash Sundown Malwaretising Campaign
https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/
TrackThis Demonstrates How Advertisers Track You
https://trackthis.link
Geoff Parker: Automating Phsh Reporting Resposne
http://www.sans.org/reading-room/whitepapers/email/automating-response-phish-reporting-39000
Jun 27, 2019
ISC StormCast for Wednesday, June 26th 2019
5:46
Rig Exploit Kit Installs Pitou.B. Trojan
https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+sends+PitouB+Trojan/25068/
AWS VPC Traffic Mirroring
https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring
Elastic SIEM App
https://www.elastic.co/blog/introducing-elastic-siem
National Emergency Alerts Potentially Vulnerable to Attack
https://www.colorado.edu/today/2019/06/11/emergency-alerts
Jun 25, 2019
ISC StormCast for Tuesday, June 25th 2019
7:08
Cloudflare Outage
https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/
https://isc.sans.edu/forums/diary/Extensive+BGP+Issues+Affecting+Cloudflare+and+possibly+others/25064/
WeTransfer Misdirects Files
https://betanews.com/2019/06/21/wetransfer-fail/
Jenkins Pillage
https://dolosgroup.io/blog/2019/6/20/pillaging-the-jenkins-treasure-chest
Jun 24, 2019
ISC StormCast for Monday, June 24th 2019
5:33
SSH Will Start Encrypting Secret Keys in Memory
https://marc.info/?l=openbsd-cvs&m=156109087822676&w=2
Bluekeep Patchrate at 83.4%
https://twitter.com/RavivTamir/status/1141788586922119168
Android ADB/SSH Botnet
https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-create-android-cryptomining-army/
Jun 23, 2019
ISC StormCast for Friday, June 21st 2019
14:32
Updates for Dell Support Assistant
https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en
Critical Cisco Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
LoudMiner Comes with VM
https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/
STI Student Dave Todd: Overcoming the Comliance Challenges in Biometrics
https://www.sans.org/reading-room/whitepapers/legal/paper/38970
Jun 21, 2019
ISC StormCast for Thursday, June 20th 2019
5:35
Critical Patch For WebLogic
https://isc.sans.edu/forums/diary/Critical+Actively+Exploited+WebLogic+Flaw+Patched+CVE20192729/25050/
Exim Exploits Against Other Mail Servers
https://isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/
SANS Fire Presentations (to be published soon)
https://isc.sans.edu/presentations
Jun 20, 2019
ISC StormCast for Wednesday, June 19th 2019
5:07
Critical Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
Bitdefender Releases GandCrap Decryptor
https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/
Google Launches New Deceptive Site Protections in Chrome
https://blog.chromium.org/2019/06/new-chrome-protections-from-deception.html
Jun 19, 2019
ISC StormCast for Tuesday, June 18th 2019
5:45
TCP SACK Panic DoS in Linux
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://tools.ietf.org/html/rfc879
Logitech Pointer Recall
https://www.heise.de/security/meldung/Angreifbare-Logitech-Presenter-Hersteller-tauscht-gefaehrliche-USB-Empfaenger-aus-4423627.html
An Infection from the Rig Exploit Kit
https://isc.sans.edu/forums/diary/An+infection+from+Rig+exploit+kit/25040/
Jun 18, 2019
ISC StormCast for Monday, June 17th 2019
5:36
Whats App Phishing
https://www.heise.de/newsticker/meldung/Phishing-Mails-gaukeln-Ende-von-WhatsApp-Abonnement-vor-4447165.html
Encrypted EMail Phishing
https://www.bleepingcomputer.com/news/security/phishing-scam-asks-you-to-login-to-read-encrypted-message/
Android Apps Link to Fake Sites
https://news.drweb.com/show/?i=13313&lng=en&c=5
Precomputed Hash Tables
https://a.ndronic.us/pre-computed-hash-table-v-1-0/
Jun 17, 2019
ISC StormCast for Friday, June 14th 2019
15:15
Exim Flaw Exploited
https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability
Yubico Recalling FIPS Certified Yubikeys
https://www.yubico.com/support/security-advisories/ysa-2019-02/
Vulnerable Infusion Pumps
https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-unauthorized-firmware
Telegram DDoS Attack
https://twitter.com/telegram/status/1138768124914929664
Ghidra Tips for IDA Users: Function Call Graphs
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+4+function+call+graphs/25032/
Joel Chapman: Security Consideration for Voice over Wifi (VoWifi) Systems
https://www.sans.org/reading-room/whitepapers/telephone/paper/38945
Jun 14, 2019
ISC StormCast for Thursday, June 13th 2019
5:10
Sandbox Escaper Publishes Additional CVE-2019-0841 Bypass
http://archive.is/3toQY
http://sandboxescaper.blogspot.com/p/disclosures_8.html
Bypassing NTLM Message Signing (CVE-2019-1040)
https://blog.preempt.com/drop-the-mic
Details About macOS Keysteal Vulnerability
https://www.pinauten.de/resources/KeySteal_OBTS_2019.pdf
Jun 13, 2019
ISC StormCast for Wednesday, June 12th 2019
6:13
Microsoft Patches
https://isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/
Adobe Patches
https://helpx.adobe.com/security.html
SAP Security Notes
https://www.onapsis.com/blog/sap-patch-notes-june-2019
Intel Updates
https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products
Microsoft Certificate DoS
https://bugs.chromium.org/p/project-zero/issues/detail?id=1804
GPS Receiver Woes
https://www.flightglobal.com/news/articles/collins-gps-outage-grounds-regional-flights-458819/
RAMBleed Attack
https://www.documentcloud.org/documents/6150180-RamBleed-attack-CVE-2019-0174.html
Jun 12, 2019
ISC StormCast for Tuesday, June 11th 2019
6:09
Interesting JavaScript Obfuscation Example
https://isc.sans.edu/forums/diary/Interesting+JavaScript+Obfuscation+Example/25020/
Spam Taking Advantage of DNS over HTTPS
https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/
European Mobile Operator Traffic Leaked to China
https://arstechnica.com/information-technology/2019/06/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours/?comments=1
VLC Update Patches Various Security Flaws
http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
Jun 11, 2019
ISC StormCast for Monday, June 10th 2019
7:37
Keep An Eye On Your WMI Logs
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+WMI+Logs/25012/
Sysmon DNS Query Logging
https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/
Komodo Agama Vulnerability and Breach
https://komodoplatform.com/update-agama-vulnerability/
Lessons Learned From Microsoft SOC
https://www.microsoft.com/security/blog/2019/06/06/lessons-learned-from-the-microsoft-soc-part-2b-career-paths-and-readiness/
Jun 10, 2019
ISC StormCast for Friday, June 7th 2019
7:14
GoldBrute Botnet Brute Forcing RDP
https://isc.sans.edu/forums/diary/GoldBrute+Botnet+Brute+Forcing+15+Million+RDP+Servers/25002/
Exim Vulnerability
https://isc.sans.edu/forums/diary/Time+is+partially+on+our+side+the+new+Exim+vulnerability/25008/
iOS App Developers Disabling TLS
https://www.wandera.com/mobile-security/ios-app-developer-security-shortcuts/
Jun 06, 2019
ISC StormCast for Thursday, June 6th 2019
5:22
Android Monthly Update
https://source.android.com/security/bulletin/2019-06-01
Google Chrome Updates
https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
MacOS Malware Injects Bing Ads
https://www.airoav.com/mitm-proxy-a-new-search-hijack-method-on-mojave/
Kubernetes Vulnerability
https://github.com/kubernetes/kubernetes/issues/78308
Vulnerabilities in Phihsing Kits
https://blogs.akamai.com/sitr/2019/06/identifying-vulnerabilities-in-phishing-kits.html
Jun 06, 2019
ISC StormCast for Wednesday, June 5th 2019
5:33
Vulnerability in Notepad
https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/
Vulnerability in vim/neovim
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
RDP Session Hijack Vulnerability
https://kb.cert.org/vuls/id/576688/
Jun 05, 2019
ISC StormCast for Tuesday, June 4th 2019
5:27
Bypassing macOS Synthetic Click Protection
https://www.wired.com/story/apple-macos-bug-synthetic-clicks/
Intel Microcode Updates for Older Windows 10 Versions
https://support.microsoft.com/en-us/help/4494454/kb4494454-intel-microcode-updates
Fake AntiVirus Adds in Microsoft Games
https://answers.microsoft.com/en-us/windows/forum/all/malvertising-attack-on-microsoft-games/ced7ab87-7e0e-422b-97b7-fbfaed2b68a0
GandGrab Shutting Down
https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/
Jun 04, 2019
ISC StormCast for Monday, June 3rd 2019
5:57
Google Outage
https://status.cloud.google.com/incident/compute/19003
Major Vulnerability in Siemens LOGO Controllers
https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf
Exposing TOR Users Via Cache Poisoning
https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/
nginx njs Vulnerability
https://github.com/nginx/njs/issues/131
Jun 03, 2019
ISC StormCast for Friday, May 31st 2019
6:43
Analysing Shell Code with scdbg
https://isc.sans.edu/forums/diary/Analyzing+First+Stage+Shellcode/24984/
GitHub Automating Security Patches
https://help.github.com/en/articles/configuring-automated-security-fixes
Exposed Docker Containers Uses for Cryptocoin Mining
https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/
Mozilla Objecting To Web Packaging
https://docs.google.com/document/d/1ha00dSGKmjoEh2mRiG8FIA5sJ1KihTuZe-AXX1r8P-8/preview#
May 31, 2019
ISC StormCast for Thursday, May 30th 2019
6:07
Behavioural Malware Analysis With Microsoft Attack Surface Analyzer
https://isc.sans.edu/forums/diary/Behavioural+Malware+Analysis+with+Microsoft+ASA/24980/
Docker Symlink Race Attack
https://seclists.org/oss-sec/2019/q2/131
Nanshu Campaign Using Signed Rootkit
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
May 30, 2019
ISC StormCast for Wednesday, May 29th 2019
5:57
Office Document And Base64 Encoded PowerShell Script
https://isc.sans.edu/forums/diary/Office+Document+BASE64+PowerShell/24976/
https://0xdf.gitlab.io/2019/05/21/malware-analysis-unnamed-emotet-doc.html
Enumeration of BlueKeep Vulnerable Hosts
https://blog.erratasec.com/2019/05/almost-one-million-vulnerable-to.html
DHCP Client Vulnerablity Analysis
https://sensepost.com/blog/2019/analysis-of-a-1day-cve-2019-0547-and-discovery-of-a-forgotten-condition-in-the-patch-cve-2019-0726-part-1-of-2/
Office File Deleting Phishing Emails
https://www.bleepingcomputer.com/news/security/phishing-emails-pretend-to-be-office-365-file-deletion-alerts/
May 29, 2019
ISC StormCast for Tuesday, May 28th 2019
5:45
MacOS GateKeeper Bypass
https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass
Fortinet FortiOS SSL VPN Vulnerabilities
https://fortiguard.com/psirt
Customizing NMAP Service Detection
https://isc.sans.edu/forums/diary/Video+nmap+Service+Detection+Customization/24970/
May 28, 2019
ISC StormCast for Friday, May 24th 2019
6:05
Dangers of Custom URL Schemes
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
Update on Phyiscal Skimmer Market
https://www.advanced-intel.com/blog/skimming-threat-landscape-technology-advances-lower-barriers-of-entry-for-novice-skimming-operators
Apple Supplemental Update For masOS 10.14.5
https://support.apple.com/kb/DL2005?locale=en_US
Microsoft Releases Advanced Threat Protection for MacOS
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Microsoft-Defender-ATP-for-Mac-now-in-open-public-preview/ba-p/634603
May 24, 2019
ISC StormCast for Thursday, May 23rd 2019
6:18
An Update on the Microsoft Windows RDP BlueKeep Vulnerablity
https://isc.sans.edu/forums/diary/An+Update+on+the+Microsoft+Windows+RDP+Bluekeep+Vulnerability+CVE20190708+now+with+pcaps/24960/
New Zero Day Exploits by SandboxEscaper
https://github.com/SandboxEscaper/polarbearrepo
Signed Exploit Code
https://medium.com/@chroniclesec/abusing-code-signing-for-profit-ef80a37b50f4
May 22, 2019
ISC StormCast for Wednesday, May 22nd 2019
5:32
Setting Up Shodan Monitoring
https://isc.sans.edu/forums/diary/Using+Shodan+Monitoring/24956/
Fingerprinting Smartphones With Gyroscope Data
https://sensorid.cl.cam.ac.uk/
20% of Linux Docker Containers Without Password
https://www.kennasecurity.com/20-of-the-1000-most-popular-docker-containers-have-no-root-password/
RDP #bluekeep Signature For Snort/Suricata
https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt
May 21, 2019
ISC StormCast for Tuesday, May 21st 2019
5:19
MSFT RDP Vulnerability (#BlueKeep) Update
https://twitter.com/search?q=%23bluekeep
Sharepoint Exploited
https://isc.sans.edu/forums/diary/CVE20190604+Attack/24952/
Risks of JWT
https://snikt.net/blog/2019/05/16/jwt-signature-vs-mac-attacks/
MuddyWater Campaign Evolves
https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
May 20, 2019
ISC StormCast for Monday, May 20th 2019
5:38
Google Analyzes Vendor Response to 0-Day Exploits
https://googleprojectzero.blogspot.com/p/0day.html
ASUS WebStorage Abused For Malware Distribution
https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/
Vulnerabilities in Apple Air Drop
https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf
May 19, 2019
ISC StormCast for Friday, May 17th 2019
6:01
The Risk of Authenticated Vulnerability Scans
https://isc.sans.edu/forums/diary/The+Risk+of+Authenticated+Vulnerability+Scans/24942/
ARIN Revokes about 735,000 IP Addresses
https://www.arin.net/vault/about_us/media/releases/20190513.html
More Cisco Patches (Prime Infrastructure, EPN Manager)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
Instrument Landing Systems Spoofing
https://aanjhan.com/assets/ils_usenix2019.pdf
May 17, 2019
ISC StormCast for Thursday, May 16th 2019
5:12
Forbes Website Infected by Magecart
https://twitter.com/bad_packets/status/1128517905765683201
Malware Randomizes TLS Ciphers
https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html
Google Recalls Titan Security Keys
https://security.googleblog.com/2019/05/titan-keys-update.html
SAMBA Update
https://www.samba.org/samba/security/CVE-2018-16860.html
SAP Patches
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
May 16, 2019
ISC StormCast for Wednesday, May 15th 2019
6:14
New Intel CPU Vulnerabilities
https://cpu.fail/
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2019+Patch+Tuesday/24934/
Apple Updates
https://support.apple.com/en-us/HT201222
Broken Trustseal
https://twitter.com/gwillem/status/1127890329175244800
https://twitter.com/bestoftheweb/status/1128036593208524800
May 15, 2019
ISC StormCast for Tuesday, May 14th 2019
5:33
Linux Remote Code Execution When Closing TCP Sockets
https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63
WhatsApp Buffer Overflow Exploited to Install Spyware
https://www.facebook.com/security/advisories/cve-2019-3568
Cisco Vulnerabilities Lead to Trust Anchor Module Exploit
https://thrangrycat.com/
Linksys Unauthenticated Information Leak
https://badpackets.net/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw/
May 14, 2019
ISC StormCast for Monday, May 13th 2019
5:09
DSSuite - A Docker Container with Didier's Tools
https://isc.sans.edu/forums/diary/DSSuite+A+Docker+Container+with+Didiers+Tools/24926/
Sqlite3 Vulnerability
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4797
Windows 10 FIDO2 Certified
https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/
Google May Remove ADB Backup/Restore from Future Android Versions
https://www.xda-developers.com/adb-backup-and-restore-depreciated/
May 13, 2019
ISC StormCast for Friday, May 10th 2019
5:33
US DHS Warns of North Korean ELECTRICFISH Malware
https://www.us-cert.gov/ncas/analysis-reports/AR19-129A
Fake KeePass Site Spreading Malware
https://twitter.com/berkcgoksel/status/1125727590440931329
Google Android Security Bulletin
https://source.android.com/security/bulletin/2019-05-01
Three Anti-Virus Companies Breached
https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
May 10, 2019
ISC StormCast for Thursday, May 9th 2019
5:45
EMail Roulette May 2019
https://isc.sans.edu/forums/diary/Email+roulette+May+2019/24918/
Turla Lightneuron
https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf
Alpine Linux Docker Image root User Hard Coded Credentials
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782
Worpress 5.2 Adds Digitially Signed Updates
https://wordpress.org/support/wordpress-version/version-5-2/
May 09, 2019
ISC StormCast for Wednesday, May 8th 2019
4:59
Jenkins Exploit Mines Cryptocurrencies
https://isc.sans.edu/forums/diary/Vulnerable+Apache+Jenkins+exploited+in+the+wild/24916/
Confluence Vulnerablity Exploited to Delivery Cryptocurrency Miner with Rootkit
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit/
Cisco Elastic Services Controller REST API Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass
Google Chrome History Manipulation Prevention
https://groups.google.com/a/chromium.org/forum/?#!msg/blink-dev/T8d4_BRb2xQ/WSdOiOFcBAAJ
May 08, 2019
ISC StormCast for Tuesday, May 7th 2019
6:11
Decoding UTF-16 in UDF Files
https://isc.sans.edu/forums/diary/Text+and+TNULeNULxNULtNUL/24912/
VMWare Fusion 11 Guest VM RCE
https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/
Hackers Are Using Bad Passwords Too
https://www.ankitanubhav.info/post/c2bruting
Amazon S3 Discontinues Path Style Access
https://www.bleepingcomputer.com/news/security/amazon-to-disable-s3-path-style-access-used-to-bypass-censorship/
May 07, 2019
ISC StormCast for Monday, May 6th 2019
6:32
Git Ransomware
https://www.theregister.co.uk/2019/05/03/git_ransomware_bitcoin/
DLink Ransomware Patch
https://eu.dlink.com/de/de/support/support-news/2019/february/28/dns320_trojan_cr1pttor
Jenkins Plugin Vulnerabilities
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/may/story-of-a-hundred-vulnerable-jenkins-plugins/
Malicious WPAD Domains
https://blog.redteam.pl/2019/05/badwpad-and-wpad-pl-wpadblocking-com.html
May 05, 2019
ISC StormCast for Friday, May 3rd 2019
6:08
New SAP Exploits Used to Target Exposed
https://www.onapsis.com/10kblaze
Cisco Patches SSH Default Credential Vulnerability in Nexus 9000 Switches
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey
Current State of JavaScript Crypto Jacking
https://blog.malwarebytes.com/cybercrime/2019/05/cryptojacking-in-the-post-coinhive-era/
D-Link Camera Vulnerabilities
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
Securepairs Promotes "Right to Repair"
https://securepairs.org/
May 03, 2019
ISC StormCast for Thursday, May 2nd 2019
5:57
RCE Vulnerability in Dell Support Assist
https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
Creston Multiple Vulnerabilities
https://www.crestron.com/en-US/Security/Security_Advisories
Polymorphic Skimmer Targeting 57 different Payment Gateways
https://labs.sansec.io/2019/04/29/polymorphic-skimmer-57-payment-gateways/
More Attacks Against S/Mime and PGP Signed Email
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
May 02, 2019
ISC StormCast for Wednesday, May 1st 2019
5:37
Sodinokibi Ransomware Exploits WebLogic Server Vulnerability
https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
Facebook Leaking Sellers Exact Locations
https://www.7elements.co.uk/resources/blog/facebooks-burglary-shopping-list/
Revive Adserver Deserialization Vulnerability
https://www.revive-adserver.com/security/revive-sa-2019-001/
AutoMacTC: Automating Mac Forensics Triage
https://www.crowdstrike.com/blog/automating-mac-forensic-triage/
Kroll Artifact Parser And Extractor (KAPE)
https://learn.duffandphelps.com/kape
May 01, 2019
ISC StormCast for Tuesday, April 30th 2019
5:51
iLnkP2P Allows Access To Millions of Security Cameras
https://hacked.camera
Windows 10 Users Not Applying October Update
https://reports.adduplex.com/#/r/2019-04
iFrame "Ransom Support" Attacks
https://blog.trendmicro.com/trendlabs-security-intelligence/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers/
Apr 30, 2019
ISC StormCast for Monday, April 29th 2019
5:18
WebLogic Update
https://isc.sans.edu/diary.html?storyid=24890
Docker Hub Breach
https://success.docker.com/article/docker-hub-user-notification
Apr 29, 2019
ISC StormCast for Friday, April 26th 2019
5:25
Unpatched Vulnerablity in WebLogic Exploited
https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+Alert+WebLogic+Zero+Day/24880/
Collecting Windows Service Accounts
https://isc.sans.edu/forums/diary/Service+Accounts+Redux+Collecting+Service+Accounts+with+PowerShell/24882/
Confluence Vulnerablity Exploited by GandGrab
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
New Micrsoft Security Baseline for Windows 10 / Windows Server
https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/
Apr 26, 2019
ISC StormCast for Thursday, April 25th 2019
7:28
Rooting Out Unwanted Domain Admins With Powershell
https://isc.sans.edu/forums/diary/Where+have+all+the+Domain+Admins+gone+Rooting+out+Unwanted+Domain+Administrators/24874/
Mac OS X-Protect Now Covering Windows Malware
https://twitter.com/patrickwardle/status/1120771284286103552
Wifi Finder Leaks Hotspot Passwords
https://techcrunch.com/2019/04/22/hotspot-password-leak/
Github Hosting Phishing Pages
https://www.proofpoint.com/us/threat-insight/post/threat-actors-abuse-github-service-host-variety-phishing-kits
RSA Webinar: The Five Most Dangerous New Attack Techniques and How to Counter Them
https://www.rsaconference.com/videos/rsac-2019-the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them-continued
Apr 25, 2019
ISC StormCast for Wednesday, April 24th 2019
5:47
Decoding Malicious VBA Office Document Without Source Code
https://isc.sans.edu/forums/diary/Malicious+VBA+Office+Document+Without+Source+Code/24870/
More Updates on "ShadowHammer" Supply Chain Attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/
A Malicious Sight in Google Sites
https://www.netskope.com/blog/malicious-google-sites
Apr 24, 2019
ISC StormCast for Tuesday, April 23rd 2019
5:44
.rar Files Exploiting ACE Vulneraiblity CVE-2018-20250
https://isc.sans.edu/forums/diary/rar+Files+and+ACE+Exploit+CVE201820250/24864/
Malware Senders Become Younger and Less Sophisticated (in German)
https://www.heise.de/security/meldung/Malware-Verteiler-werden-immer-juenger-infizieren-sich-oft-selbst-4403823.html
McAfee Antivirus Affected by April Windows Update Crashes
http://kc.mcafee.com/corporate/index?page=content&id=KB91465
Rules to Protect Against Azure Blog Phishing in Outlook 365
https://malware-research.org/simple-rule-to-protect-against-spoofed-windows-net-phishing-attacks/
Windows 7 End of Support Messages
https://www.windowslatest.com/2019/04/20/windows-7-users-are-now-receiving-the-end-of-support-notifications/
Apr 22, 2019
ISC StormCast for Monday, April 22nd 2019
6:53
Analyzing UDF Files Using Python
https://isc.sans.edu/forums/diary/Analyzing+UDF+Files+with+Python/24860/
HTML Ping To Be Adopted By All Major Browsers
https://webkit.org/blog/8821/link-click-analytics-and-privacy/
Microsoft to Modify Edge User Agent for Some Sites
https://www.onmsft.com/news/new-edge-insider-browser-can-change-user-agent-strings-based-on-what-website-youre-visiting
French Government Chat System Used Weak User Management
https://m.heise.de/security/meldung/Tchap-Frankreichs-nicht-so-exklusiver-Regierungschat-4403961.html
Apr 22, 2019
ISC StormCast for Friday, April 19th 2019
6:50
Malware Delivered As a UDF .img file
https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/
Facebook Stored Passwords in Plain Text
https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/
Iranian Statesponsored Malware and Data Leaked
https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html
Windows 8 Live Tiles Domain Takeover
https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-ueber-windows-kacheln-1904-140709.html
Apr 19, 2019
ISC StormCast for Thursday, April 18th 2019
5:28
DNS Hijacking by Sea Turtle
https://blog.talosintelligence.com/2019/04/seaturtle.html
Broadcom Wifi Driver Vulnerabilities
https://www.kb.cert.org/vuls/id/166939/
NamPoHyu Virus Infects Samba Servers
https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/
Increased Attacks on Confluence
https://twitter.com/DFNCERT/status/1118468599230943233
Apr 18, 2019
ISC StormCast for Wednesday, April 17th 2019
5:34
PoC Exploit for Windows 10 DHCP Client Vulnerability CVE-2019-0726 (russian)
https://habr.com/ru/company/pt/blog/448378/
Oracle April 2019 Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
WiPro Breached Via Phishing Attacks
https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/
IDA and GHydra Part 2 (Strings And Parameters)
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+2+strings+and+parameters/24848/
Apr 17, 2019
ISC StormCast for Tuesday, April 16th 2019
7:04
Common "False Positives" in DNS Query Logs
https://isc.sans.edu/forums/diary/Odd+DNS+Requests+that+are+Normal/24844/

Adblock Plus Allows Filter List Providers to Inject Code in Pages
https://armin.dev/blog/2019/04/adblock-plus-code-injection/
Executables in Polyglot DICOM Images
https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf
Malicious/Misleading VPN Ads
https://www.bleepingcomputer.com/news/security/mobile-vpns-promoted-by-you-are-infected-or-hacked-ads/
Apr 16, 2019
ISC StormCast for Monday, April 15th 2019
6:24
Configuring MTA-STS
https://isc.sans.edu/forums/diary/Configuring+MTASTS+and+TLS+Reporting+For+Your+Domain/24840/
How to Find Hidden Cameras in Your AirBNB
https://isc.sans.edu/forums/diary/How+to+Find+Hidden+Cameras+in+your+AirBNB/24834/
Insecure Storage of VPN Credentials
https://www.kb.cert.org/vuls/id/192371/
Microsoft Patch Problems
https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472
https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446
Internet Explorer XML External Entity Vulnerability
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
Apr 15, 2019
ISC StormCast for Friday, April 12th 2019
6:16
GMail Will Be Supporting MTA-STS and SMTP TLS Reporting
https://tools.ietf.org/html/rfc8461
https://tools.ietf.org/html/rfc8460
https://www.zdnet.com/article/gmail-becomes-first-major-email-provider-to-support-mta-sts-and-tls-reporting/
Juniper Patch Fixes Static Password in Junos OS
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10923&actp=METADATA
Uniden Commercial IP Camera Site Hosting Malware
https://twitter.com/JayTHL/status/1116200014630596609
Apr 12, 2019
ISC StormCast for Thursday, April 11th 2019
7:37
WPA3 Dragonblood Vulnerability
http://papers.mathyvanhoef.com/dragonblood.pdf
North Korean Trojan: HOPLIGHT
https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Gaza Cybergang Group1 "SneakyPastes"
https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/
Apr 11, 2019
ISC StormCast for Wednesday, April 10th 2019
6:41
Microsoft and Adobe Patches
https://isc.sans.edu/forums/diary/Microsoft+April+2019+Patch+Tuesday/24826/
https://helpx.adobe.com/security.html
Fake "Food Poisoning" emails in Germany (in german)
https://www.polizei-praevention.de/aktuelles/erneut-mails-mit-schadsoftware-gegen-gewerbetreibende-im-umlauf.html
Vulnerability in Apache Axis
https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/
Golang DLL Injection Vulnerability
https://www.openwall.com/lists/oss-security/2019/04/09/1
Apr 09, 2019
ISC StormCast for Tuesday, April 9th 2019
5:33
GHidra vs. IDA
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+1+the+decompilerunreachable+code/24822/
TrendMicro Patch
https://success.trendmicro.com/solution/1122250
Dovecot Patch
https://dovecot.org/list/dovecot-news/2019-March/000403.html
Apache CVE-2019-0211 Exploit
https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache
Using JavaScript in Exploits
https://www.youtube.com/watch?v=HfpnloZM61I
Apr 09, 2019
ISC StormCast for Monday, April 8th 2019
6:47
Fake Office 365 Invoices Spread Ransomware
https://isc.sans.edu/forums/diary/Fake+Office+365+Payment+Information+Update/24818/
Malware Hiding in .well-known directory
https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-https-sites
Altering CT Images to Manipulate Diagnosis
https://arxiv.org/pdf/1901.03597.pdf
QT Framework RCE Vulnerability
https://www.zerodayinitiative.com/blog/2019/4/3/loading-up-a-pair-of-qt-bugs-detailing-cve-2019-1636-and-cve-2019-6739
Apr 07, 2019
ISC StormCast for Friday, April 5th 2019
5:47
New Waves of Scans Detected By An Old Rule
https://isc.sans.edu/forums/diary/New+Waves+of+Scans+Detected+by+an+Old+Rule/24812/
Xiaomi GuardApp Vulnerable to Man in the Middle
https://blog.checkpoint.com/2019/04/04/xiaomi-vulnerability-when-security-is-not-what-it-seems/
Xwo Web Scanner Hunting for MongoDB
https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner
Vulnerable SmartWatches "Defaced"
https://api.heise.de/svc/embetty/tweet/1112326532939374593-images-0
https://www.heise.de/newsticker/meldung/Vidimensio-Smartwatches-Der-Sicherheits-Alptraum-geht-weiter-4359967.html
Apr 04, 2019
ISC StormCast for Thursday, April 4th 2019
5:47
Ghidra tips for IDA users: Automatic Comments for API Call Parameters
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+0+automatic+comments+for+API+call+parameters/24806/
Security Awareness Newsletter: Making Passwords Simple
https://www.sans.org/security-awareness-training/resources/making-passwords-simple
IRS Themed Phishing Emails
https://www.proofpoint.com/us/threat-insight/post/tax-themed-email-campaigns-target-2019-filers
Large Leak of Facebook User Data via 3rd Party App
https://www.upguard.com/breaches/facebook-user-data-leak
Arbitrary Command Execution in PostgreSQL
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
Apr 04, 2019
ISC StormCast for Wednesday, April 3rd 2019
5:21
Compromised LaCie Drive Spread Fake AntiVirus
https://isc.sans.edu/forums/diary/Fake+AV+is+Back+LaCie+Network+Drives+Used+to+Spread+Malware/24802/
Unpatched SOP Vulnerability in Internet Explorer/Edge
https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html
Apache Fixes Privilege Escalation Flaw
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
Verizon Users Phished for Credentials
https://blog.lookout.com/mobile-phishing-verizon
Apr 03, 2019
ISC StormCast for Tuesday, April 2nd 2019
4:38
Common "OpenAction" False Positive in PDFs Created by OpenOffice
https://isc.sans.edu/forums/diary/Analysis+of+PDFs+Created+with+OpenOfficeLibreOffice/24798/
Android Monthly Update
https://source.android.com/security/bulletin/2019-04-01#2019-04-01-details
Malicious Android App Forwards Banking Calls to Attacker
https://www.blackhat.com/asia-19/briefings/schedule/index.html#when-voice-phishing-met-malicious-android-app-13419
Google Allowing WebAuthn Login from Firefox/Edge
https://twitter.com/christiaanbrand/status/1111430192596025347
All Your Data Are Belong to Us: Defending Against Credential Stuffing Attacks
https://www.sans.org/webcasts/data-belong-us-defend-credential-stuffing-110340
Apr 02, 2019
ISC StormCast for Monday, April 1st 2019
5:36
Annotating Golang Binaries with Cutter and Jupyter
https://isc.sans.edu/forums/diary/Annotating+Golang+binaries+with+Cutter+and+Jupyter/24790/
ASUS Targeted MAC Addresses Available for Download
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/
Weaponized Version of New Zealand Attack Manifesto
https://bluehexagon.ai/blog/weaponized-version-of-new-zealand-terror-suspects-manifesto-discovered-in-the-wild/
Kubernetes Directory Traversal
https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/
VMWare Patches
https://www.vmware.com/security/advisories/VMSA-2019-0005.html
Mar 31, 2019
ISC StormCast for Friday, March 29th 2019
4:30
Creating Your Own Passive DNS Logs
https://isc.sans.edu/forums/diary/Running+your+Own+Passive+DNS+Service/24784/
Incomplete Patch for Cisco RV320 Routers
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-003/-cisco-rv320-unauthenticated-configuration-export
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-004/-cisco-rv320-unauthenticated-diagnostic-data-retrieval
TPLink Debug Port Vulnerability
https://twitter.com/mjg59/status/1111106885736787975
https://pastebin.com/GAzccR95
Mar 28, 2019
ISC StormCast for Thursday, March 28th 2019
5:05
Microsoft Releases Application Guard for Firefox and Chrome
https://blogs.windows.com/windowsexperience/2019/03/15/announcing-windows-10-insider-preview-build-18358/
New Set of LTE Vulnerabilities
https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf
NVidia Privilege Escalation
https://rhinosecuritylabs.com/application-security/nvidia-arbitrary-file-writes-to-command-execution-cve-2019-5674/
Mar 27, 2019
ISC StormCast for Wednesday, March 27th 2019
5:40
Apple Updates
https://support.apple.com/en-us/HT201222
ASUS Response to Kaspersky Report
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
Firefox Importing Windows Root Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1533397
UC Webbrowser MITM Vulnerability
https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/
Mar 26, 2019
ISC StormCast for Tuesday, March 26th 2019
5:19
ASUS Live Update "ShadowHammer" Backdoor
https://www.kaspersky.com/blog/shadow-hammer-teaser
https://shadowhammer.kaspersky.com/
Telegram Unsent Feature
https://techcrunch.com/2019/03/25/going-going-gone/
F5 Big IP Updates
https://support.f5.com/csp/article/K14812883

Mar 25, 2019
ISC StormCast for Monday, March 25th 2019
6:08
Reversing Malware Written In Golang
https://isc.sans.edu/forums/diary/Introduction+to+analysing+Go+binaries/24770/
More "VelvetSweatshop" Maldocs
https://isc.sans.edu/forums/diary/VelvetSweatshop+Maldocs/24772/
Reading QR Codes in Python
https://isc.sans.edu/forums/diary/Decoding+QR+Codes+with+Python/24774/
Pwn2Own Contest: Firefox, Safari, Edge and others fall
https://www.zdnet.com/article/tesla-car-hacked-at-pwn2own-contest/
Norwegian Nokia Phones Sent Data to China (Article in Norwegian)
https://nrkbeta.no/2019/03/21/norske-telefoner-sendte-personopplysninger-til-kina/
Java Card Vulnerabilities
https://seclists.org/fulldisclosure/2019/Mar/35
Mar 24, 2019
ISC StormCast for Thursday, March 21st 2019
5:29
Google Photo Cross-Site-Leak Exposes Picture Meta Data
https://www.imperva.com/blog/now-patched-google-photos-vulnerability-let-hackers-track-your-friends-and-location-history/
Fake CDC EMails Spread GandCrab Ransomware
https://myonlinesecurity.co.uk/fake-cdc-flu-pandemic-warning-delivers-gandcrab-5-2-ransomware/
Atlassian Sourcetree Vulnerability
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html
Microsoft Defender for MacOS
https://www.theregister.co.uk/2019/03/21/microsoft_defender_atp/
Mar 21, 2019
ISC StormCast for Wednesday, March 20th 2019
5:40
Using Active Directory (AD) To Find Hosts That Are Not in AD
https://isc.sans.edu/forums/diary/Using+AD+to+find+hosts+that+arent+in+AD+fun+with+the+IPAddress+construct/24762/
Microsoft Anti Malware Crashing Windows
https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance&prof=required
Reduction in DDoS Attacks
https://www.nexusguard.com/threat-report-q4-2018
Mar 20, 2019
ISC StormCast for Wednesday, March 20th 2019
6:07
Cloudflare Releases Proxy Detection Tools
https://blog.cloudflare.com/monsters-in-the-middleboxes/
Business Email Compromise Moving to SMS
https://www.agari.com/email-security-blog/bec-goes-mobile/
JavaScript Requests Without Same Origin Policy Limitations
https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy
Discovering IPv6 Hosts With UPNP
https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html#more
Mar 19, 2019
ISC StormCast for Monday, March 18th 2019
5:41
Putty Updates
https://www.chiark.greenend.org.uk/~sgtatham/putty/
Fujitsu Wireless Keyboard Vulnerabilities
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt
Signed Malware Goes Undetected
https://twitter.com/malwrhunterteam/status/1104082562216062978/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1104082562216062978&ref_url=https%3A%2F%2Fwww.theregister.co.uk%2F2019%2F03%2F18%2Fsecurity_roundup_150319%2F
Free Support for Ubuntu 14.04 LTS Ends in April
https://lists.ubuntu.com/archives/ubuntu-announce/2019-March/000241.html
Latest Mirai Version with Even More Exploits
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
Mar 18, 2019
ISC StormCast for Sunday, March 17th 2019
7:02
Binary Analysis With Jupyter and Radare2
https://isc.sans.edu/forums/diary/Binary+Analysis+with+Jupyter+and+Radare2/24748/
IMAP Brute Forcing against Cloud Accounts
https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols
Google Allows GSuite Users to Disable SMS/Voice Authentication
https://gsuiteupdates.googleblog.com/2019/03/more-control-over-2-step-verification-security-phone-sms.html
Sniffing Bitlocker Keys from TPM
https://pulsesecurity.co.nz/articles/TPM-sniffing
Mar 17, 2019
ISC StormCast for Friday, March 15th 2019
5:13
Analyzing ZIP Files in Ghydra
https://isc.sans.edu/forums/diary/Tip+Ghidra+ZIP+Files/24732/
64 Bit Certificate Serial Number Revocation
https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/
Cisco Default Account Problem
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv
Intel Patches
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Mar 15, 2019
ISC StormCast for Wednesday, March 13th 2019
6:10
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/
Adobe Updates
https://helpx.adobe.com/security.html
PSMiner
https://blog.360totalsecurity.com/en/new-mining-worm-psminer-uses-multiple-high-risk-vulnerabilities-to-spread/
Automatic Certificate Managment Environment
https://tools.ietf.org/html/rfc8555
Mar 13, 2019
ISC StormCast for Tuesday, March 12th 2019
5:05
DevOps Tool StackStorm Vulnerability
https://quitten.github.io/StackStorm/
Developers Will Not Code Secure By Default
https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf
Gaming Industry Supply Chain Attack
https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/
Mar 12, 2019
ISC StormCast for Monday, March 11th 2019
6:50
Reversing HTA Files
https://isc.sans.edu/forums/diary/Quick+and+Dirty+Malicious+HTA+Analysis/24728/
Apache SOLR Patch
https://issues.apache.org/jira/browse/SOLR-13301
Windows 7 + Google Chrome Exploit in the Wild
https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
Vulnerable Car Alarms
https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
Mar 10, 2019
ISC StormCast for Friday, March 8th 2019
6:23
RSA Panel Video
https://www.rsaconference.com/videos/the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them
Disposable E-Mail Addresses
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Disposable+Email+Addresses/24716/
NetApp Default Account Vulnerability
https://security.netapp.com/advisory/ntap-20190305-0001/
Cisco NS-OS NX-API Privilege Escalation
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj
Slub Backdoor Users GitHub and Slack
https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/
Mar 08, 2019
ISC StormCast for Thursday, March 7th 2019
6:25
More Resume Malspam. Now With Trickbot and EternalBlue
https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/
Cloudflare Deploys Rules to Protect Against Recent Drupal Exploit
https://www.bleepingcomputer.com/news/security/cloudflare-deploys-firewall-rule-to-block-new-drupal-exploits/
Cisco DoS Vulnerability Activity Exploited
https://www.pentestpartners.com/security-blog/cisco-rv130-its-2019-but-yet-strcpy/
MonitorKit uses macOS Game Engine to Analyze Security Events
https://github.com/objective-see
Mar 07, 2019
ISC StormCast for Wednesday, March 6th 2019
5:35
Comcast Uses same "0000" PIN For All Number Porting Requests
https://nakedsecurity.sophos.com/2019/03/05/comcast-security-nightmare-default-0000-pin-on-everybodys-account/
NSA Releases Ghidra Reverse Analysis Tool
https://ghidra-sre.org/
Recent Google Chrome Vulnerability Being Exploited
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html?m=1
Android Monthly Security Bulletin
https://source.android.com/security/bulletin/2019-03-01
Mar 06, 2019
ISC StormCast for Tuesday, March 5th 2019
5:50
MacOS Unpatched Privilge Escalation Vulnerability made Public
https://bugs.chromium.org/p/project-zero/issues/detail?id=1726
Windows Exploit Suggester Next Generation Released
https://github.com/bitsadmin/wesng
Docker Vulnerability used for Crypto Miners
https://www.imperva.com/blog/hundreds-of-vulnerable-docker-hosts-exploited-by-cryptocurrency-miners/
Russian GPS Jamming Exercises
https://thebarentsobserver.com/en/security/2019/03/russian-military-officials-arrive-oslo-norway-provides-facts-gps-jamming
Mar 05, 2019
ISC StormCast for Monday, March 4th 2019
5:39
Cisco Router Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
Coldfusion Patch and Exploit
https://www.carehart.org/blog/client/index.cfm/2019/3/1/urgent_CF_security_update_Part_1
Ransomware Impersonates Protonmail
https://twitter.com/demonslay335/status/1097866931762282498
eBay Site Used for eBay Phish (article in German)
https://www.heise.de/security/meldung/eBay-Phishing-auf-eBay-Seite-4324266.html
Mar 04, 2019
ISC StormCast for Friday, March 1st 2019
6:05
Emotet Backend Analysis
https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/
Kaspersky Vs. Chromecast
https://www.bleepingcomputer.com/news/security/kaspersky-av-having-certificate-conflicts-with-google-chromecast/
MageCart Updates
https://www.riskiq.com/research/inside-magecart/
Mar 01, 2019
ISC StormCast for Thursday, February 28th 2019
5:08
Coinhive Shutting Down
https://coinhive.com/blog/en/discontinuation-of-coinhive
Azure Blob Storage Phishing
https://www.edgewave.com/phishing/feeling-blue-about-phishing/
Old 2014 Elastic Search Vulnerability Exploited
https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html
Latest Drupal Vulnerability Exploited
https://www.imperva.com/blog/latest-drupal-rce-flaw-used-by-cryptocurrency-miners-and-other-attackers/
F5 Big IP Patches
https://support.f5.com/csp/article/K91026261
Feb 28, 2019
ISC StormCast for Wednesday, February 27th 2019
5:00
Thunderbolt "Thunderclap" Vulnerabilities
https://thunderclap.io/thunderclap-paper-ndss2019.pdf
Altering Signed PDF Documents
https://www.pdf-insecurity.org/
NVidia Patches
https://nvidia.custhelp.com/app/answers/detail/a_id/4772
Feb 27, 2019
ISC StormCast for Tuesday, February 26th 2019
7:09
WinRAR ACE Vulnerabilty used in Malspam
https://twitter.com/360TIC/status/1099987939818299392
Sextortion Email With QR Code
https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/
ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation
https://www.icann.org/news/announcement-2019-02-22-en
Android FIDO2 Certification
https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
Feb 26, 2019
ISC StormCast for Monday, February 25th 2019
5:29
B0ront0k Linux Server Ransomware
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
Cr1pt0r Ransomware Targets DLink NAS Devices
https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3
LinkedIn Messages Used to Push Fake Job Offers
https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
Feb 25, 2019
ISC StormCast for Friday, February 22nd 2019
6:34
Adobe Re-Patches Reader/Acrobat Data Leakage Bug
https://helpx.adobe.com/security/products/acrobat/apsb19-13.html
Microsoft Releases Fix for DoS Vulnerability in IIS
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005
Drupal Fixes Remote Code Execution Vulnerability
https://www.drupal.org/sa-core-2019-003
Linux Kernel Code Execution Vulnerablity
https://nvd.nist.gov/vuln/detail/CVE-2019-8912
MikroTik Unauthenticated Proxy
https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
Feb 22, 2019
ISC StormCast for Thursday, February 21st 2019
6:07
Microsoft Edge Whitelists Facebook to Run Flash
https://bugs.chromium.org/p/project-zero/issues/detail?id=1722
Chinese Android Banking App Stores Screenshots of Other Apps
https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html
Password Manager Vulnerabilities
https://www.securityevaluators.com/casestudies/password-manager-hacking/
Feb 21, 2019
ISC StormCast for Wednesday, February 20th 2019
6:08
Russian Malspam Pushing Shade/Troldesh Ransomware
https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/
Bitdefender Releases GandCrab Decrypter
https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/
Bank Infrastructure Used in Phishing Attacks (russian)
https://www.group-ib.ru/blog/incident
SHA-2 Patch For Windows 7 / 2008 R2 SP1
https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
Feb 20, 2019
ISC StormCast for Tuesday, February 19th 2019
5:29
Know What You Are Logging
https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/
Spectre Software Mitigation Insufficient
https://arxiv.org/pdf/1902.05178.pdf
VMWare Releases Update To Address runc Vulnerability
https://www.vmware.com/security/advisories/VMSA-2019-0001.html
Swedish Healthcare Breach Leaks Phone call Recordings
https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet
Feb 19, 2019
ISC StormCast for Monday, February 18th 2019
5:05
Snap Patches Available
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing
Finding Property Values in Office Documents
https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/
Bro-Sysmon
https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88
Cryptojacking Apps in Microsoft App Store
https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
Feb 18, 2019
ISC StormCast for Friday, February 15th 2019
5:47
PDF includes SMB Link
https://isc.sans.edu/forums/diary/Suspicious+PDF+Connecting+to+a+Remote+SMB+Share/24646/
QNAP Malware
https://www.qnap.com/en/security-advisory/nas-201902-13
Bomb Threat Spammers Arrested
https://www.justice.gov/usao-cdca/pr/members-hacker-collective-face-federal-charges-attacking-computer-systems-emailing-mass
Managed Service Providers Targeted By Ransomware
https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
Feb 15, 2019
ISC StormCast for Thursday, February 14th 2019
5:50
Fake Updates Campaign Still Active in 2019
https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/
macOS Malware (Shlayer) Disables Gatekeeper
https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/
Microsoft Exchange Server Patch (Errata for yesterday's podcast)
https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce
Cisco Network Assurance Engine Password Synchronization Issue
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos
VFEMail Backup Failure
https://www.vfemail.net/
Feb 14, 2019
ISC StormCast for Wednesday, February 13th 2019
5:24
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2019+Patch+Tuesday/24638/
Adobe Updates
https://helpx.adobe.com/security.html
Ubuntu Linux snapd "dirty_sock" exploit
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
Feb 13, 2019
ISC StormCast for Tuesday, February 12th 2019
4:54
Severe Docker runc Vulnerability
https://seclists.org/oss-sec/2019/q1/119
MacOS Mojave Privacy Flaw
https://lapcatsoftware.com/articles/mojave-privacy3.html
Android Malware Steals Crypto Addresses from Clipboard
https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/
Not An E-Mail Virus, Just Intersting Malware
https://isc.sans.edu/forums/diary/Have+You+Seen+an+Email+Virus+Recently/24634/
Feb 12, 2019
ISC StormCast for Monday, February 11th 2019
6:49
Phishing Kit with JavaScript Keylogger
https://isc.sans.edu/forums/diary/Phishing+Kit+with+JavaScript+Keylogger/24622/
Phishing Via Google Translate
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html
iPhone Apps Record Screens
https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/
Packet Challenge
https://johannes.homepc.org/packet10.txt
Feb 11, 2019
ISC StormCast for Friday, February 8th 2019
5:28
Value of UAC
https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/
Apple Releases Facetime Patch
https://support.apple.com/en-us/HT201222
Skype Video Now Allows For Blurred Background
https://blogs.skype.com/news/2019/02/06/introducing-background-blur-in-skype/
Microsoft Exchange Server Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190007
Feb 08, 2019
ISC StormCast for Thursday, February 7th 2019
6:26
Android Monthly Security Update
https://source.android.com/security/bulletin/2019-02-01.html
Skia Graphics Library Vulnerability
https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html
Google Chrome Password Check
https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno/related
Hancitor HelloFax Malspam
https://isc.sans.edu/forums/diary/Hancitor+malspam+and+infection+traffic+from+Tuesday+20190205/24616/
Feb 06, 2019
ISC StormCast for Wednesday, February 6th 2019
6:42
Mitigations against Mimikatz Style Attacks
https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks/24612/
LibreOffice Macro Vulnerability
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
Firefox 65 Breaks HTTPS AV Scanning
https://bugzilla.mozilla.org/show_bug.cgi?id=1523701
RDP Client Vulnerabilities
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
DNS "Lookingglass"
https://isc.sans.edu/tools/dnslookup.html
Feb 06, 2019
ISC StormCast for Tuesday, February 5th 2019
5:21
Exploiting Struts in vCenter
https://isc.sans.edu/forums/diary/Struts+Vulnerability+CVE20175638+on+VMware+vCenter+the+Gift+that+Keeps+on+Giving/24606/
Wikipedia Tech Support Scam
https://isc.sans.edu/forums/diary/Wikipedia+Articles+as+part+of+Tech+Support+Scamming+Campaigns/24608/
Stealing MacOS Keychain
https://www.youtube.com/watch?v=nYTBZ9iPqsU
Beauty Camera Ads for Android include Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
Feb 05, 2019
ISC StormCast for Monday, February 4th 2019
7:43
Sextortion EMail Update
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+cashout+begins/24592/
Ubiquity Devices Used in DDoS Attack
https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/?fbclid=IwAR0OUPQIfSV7YsBLvkjoC2WIbe_E4p9WGAM4LCTsL9TKr30I7aQ2Qwqoins
Google Chrome Experimenting with Typo Domain Detection
https://www.usenix.org/conference/enigma2019/presentation/stark
YouTube Copyright Extortion
https://www.youtube.com/watch?v=Q0i-sLESXqo
Feb 04, 2019
ISC StormCast for Friday, February 1st 2019
6:03
Tracking DNS Changes
https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/
SystemD/JournalD PoC Exploit
https://capsule8.com/blog/exploiting-systemd-journald-part-1/
Windows Defender Boot Issues
https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform
Mac Malware Steals Crytocurrency Exchange Cookies
https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
Feb 01, 2019
ISC StormCast for Thursday, January 31st 2019
5:50
Chrome Update
https://www.zdnet.com/article/google-chrome-72-removes-hpkp-deprecates-tls-1-0-and-tls-1-1/
Firefox Update
https://techdows.com/2019/01/firefox-to-disable-extensions-in-private-browsing-mode-by-default.html
Facebook (and Google) Research VPN
https://techcrunch.com/2019/01/29/facebook-project-atlas/
https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/
RCE In Samsung Store via "evilgrade"
https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
Jan 31, 2019
ISC StormCast for Wednesday, January 30th 2019
5:49
Phishing Not Ready for IPv6
https://isc.sans.edu/forums/diary/A+Not+So+Well+Done+Phish+Why+Attackers+need+to+Implement+IPv6+Now/24582/
Apple Disables Facetime Group Messages
https://www.apple.com/support/systemstatus/
Outlook 365 Safe Link Errors
https://twitter.com/Swiss_Jay/status/1090271197193940992
Jan 30, 2019
ISC StormCast for Tuesday, January 29th 2019
5:09
Relaying Exchange's NTLM Autentication to Become Domain Admin
https://isc.sans.edu/forums/diary/Relaying+Exchanges+NTLM+authentication+to+domain+admin+and+more/24578/
Facetime Bug Allows Users to Receive Audio before Call is Accepted
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/
AZORult Fake (signed) Google Update
https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
Jan 29, 2019
ISC StormCast for Monday, January 28th 2019
7:03
Cisco RV320/325 Router Vulnerability Exploited
https://github.com/0x27/CiscoRV320Dump
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
HTTP Signed Exchanges
https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html
BGP Experiments Disrupt Routers
https://mailman.nanog.org/pipermail/nanog/2019-January/098761.html
Packet Challenge
https://johannes.homepc.org/packet9.txt
Jan 28, 2019
ISC StormCast for Friday, January 25th 2019
5:37
Ghostscript Remote Code Execution Vulnerability
https://www.openwall.com/lists/oss-security/2019/01/23/5
Abusing Exchange to Obtain Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
IPC Voucher UaF Remote Jailbreak
http://blogs.360.cn/post/IPC%20Voucher%20UaF%20Remote%20Jailbreak%20Stage%202%20(EN).html
Cisco Security Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
Jan 25, 2019
ISC StormCast for Thursday, January 24th 2019
5:11
DHS Emergency Directive Regarding DNS Tampering
https://cyber.dhs.gov/ed/19-01/
Abuse of Trusted Microsoft Azure Domains
https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/issues/233
Tech Support Scammers Unmasked
https://www.fidusinfosec.com/turning-the-tables-on-virgin-media-twitter-scammers/
Jan 24, 2019
ISC StormCast for Wednesday, January 23rd 2019
7:08
Turning MISP Data into RPZs
https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/
Man in the Middle Vulnerablity in apt
https://justi.cz/security/2019/01/22/apt-rce.html
PHP PEAR Compromised Package
http://pear.php.net
Apple Security Updates
https://support.apple.com/en-us/HT201222
Jan 23, 2019
ISC StormCast for Tuesday, January 22nd 2019
5:31
Suspicious GET Request: Do you know what it is?
https://isc.sans.edu/forums/diary/Suspicious+GET+Request+Do+You+Know+What+This+Is/24552/
DNS Flag Day
https://dnsflagday.net/
Jan 22, 2019
ISC StormCast for Monday, January 21st 2019
6:13
Drupal Patches
https://www.drupal.org/sa-core-2019-002
https://www.drupal.org/sa-core-2019-001
WPML User Data Compromised and Used in EMail To Customers
https://wpml.org/2019/01/wpml-org-site-back-to-normal-after-an-attack-during-the-weekend/
Targeted Attack Uses Google Drive for Exfiltration
https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/
Packet Challenge Solution
https://johannes.homepc.org/packet8.txt
Jan 21, 2019
ISC StormCast for Friday, January 18th 2019
6:20
Android Malware Uses Motion Detection to Evade Analysis
https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/
Twitter for Android Bug
https://help.twitter.com/en/protected-tweets-android
Introduction to WebAuthn/FIDO2
https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285
Ransomware As a Service
https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/
Jan 18, 2019
ISC StormCast for Thursday, January 17th 2019
5:54
Emotet and Other Malspam Campaigns Resume After Holiday Break
https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
Magecart Delivered Via Compromised Advertising Sites
https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/
Premisys Identicard Vulnerabilities
https://www.tenable.com/security/research/tra-2019-01
ES File Explorer Open Port Vulnerability
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
Jan 17, 2019
ISC StormCast for Wednesday, January 16th 2019
6:06
MSFT Skype/Team Foundation Server Patches
https://isc.sans.edu/forums/diary/Microsoft+Publishes+Patches+for+Skype+for+Business+and+Team+Foundation+Server/24540/
SCP Client Vulnerabilities
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Server Hosting Companies Trivilally Hacked
https://www.websiteplanet.com/blog/report-popular-hosting-hacked/
Vulnerabilities in Industrial Remote Controls
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/attacks-against-industrial-machines-via-vulnerable-radio-remote-controllers-security-analysis-and-recommendations
Oracle Quarterly Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Jan 16, 2019
ISC StormCast for Tuesday, January 15th 2019
5:59
Microsoft LAPS - Blue Team / Red Team
https://isc.sans.edu/forums/diary/Microsoft+LAPS+Blue+Team+Red+Team/24528/
Intel SGX Platform Update
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html
Godaddy Injecting JavaScript
https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/
Play with Docker Vulnerability
https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
Jan 14, 2019
ISC StormCast for Monday, January 14th 2019
5:51
Government Website TLS Certificates Expire due to Partial Shutdown
https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html
Firefox EOL Plan for Flash
https://bugzilla.mozilla.org/show_bug.cgi?id=1519434
Fake Movie File Malware
https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/
Microsoft Windows Patch Breaks Access 97
https://borncity.com/win/2019/01/11/windows-january-2019-updates-breaks-access-to-access-dbs/
Snorpy Assists in Snort Rule Writing
https://isc.sans.edu/forums/diary/Snorpy+a+Web+Base+Tool+to+Build+SnortSuricata+Rules/24522/
Packet Challenge
http://sǝuuɐɥoɾ.com/packet7.txt
pcap: http://sǝuuɐɥoɾ.com/anon_anydns.pcap
Jan 14, 2019
ISC StormCast for Friday, January 11th 2019
5:41
Old Tricks still work: I love you Malspam
https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512/
Juniper Updates Released
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916&cat=SIRT_1&actp=LIST
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10918&cat=SIRT_1&actp=LIST
New Systemd/Journald Exploit Release
https://www.qualys.com/2019/01/09/system-down/system-down.txt
Global DNS Hijacking
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Jan 11, 2019
ISC StormCast for Thursday, January 10th 2019
5:54
Simple Mechanism for Creating Certificates
https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
Review of Smartphone Face Recognition
https://www.consumentenbond.nl/veilig-internetten/gezichtsherkenning-te-hacken
Google Public DNS now supports DNS-over-TLS
https://security.googleblog.com/2019/01/google-public-dns-now-supports-dns-over.html
Malwarebytes Freezes Windows 7
https://forums.malwarebytes.com/topic/241223-malwarebytes-for-windows-and-windows-7-freezelock-up/
German Police Looking for MAC Address
https://polizei.brandenburg.de/pressemeldung/f8-e0-79-af-57-eb-cyber-fahndung-nach-ma/1310909
Jan 10, 2019
ISC StormCast for Wednesday, January 9th 2019
5:48
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2019+Patch+Tuesday/24504/
https://patchtuesdaydashboard.com/
Adobe Updates
https://helpx.adobe.com/security.html
Google Play Store Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/
Ethereum Classic 51% Attack
https://blog.coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de
Jan 09, 2019
ISC StormCast for Tuesday, January 8th 2019
7:02
Malware of the Day: Encrypted Word Document
https://isc.sans.edu/forums/diary/Analyzing+Encrypted+Malicious+Office+Documents/24498/
Apple iOS Apps Reaching Out to Malware Server
https://www.wandera.com/risky-apps/
NCSC Offers Assistance Against Attacks from Foreign Governments
https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-awareness-materials
Hardware Agnostic Side Channel Attacks
https://arxiv.org/abs/1901.01161
Jan 08, 2019
ISC StormCast for Monday, January 7th 2019
6:42
Malware in TAR Files
https://isc.sans.edu/forums/diary/Malicious+tar+Attachments/24496/
ReiKey MacOS Keystoke Logger Detector
https://objective-see.com/products/reikey.html
Phishing Tool Kit uses Simple Substituion Fonts
https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection
Jan 07, 2019
ISC StormCast for Friday, January 4th 2019
6:07
Malware Leaks Victim Data via FTP
https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/24484/
Hijacking Dormant Twitter Accounts
https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/
Android Authentication Bypass via Skype
https://www.youtube.com/watch?v=EiEcwOfTFqI
Critical Adobe Updates
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
FilesLocker Ransomware Master Key Published
https://www.bleepingcomputer.com/news/security/master-decryption-key-released-for-fileslocker-ransomware/
Jan 04, 2019
ISC StormCast for Thursday, January 3rd 2019
5:51
Gift Card Scams
https://isc.sans.edu/forums/diary/Gift+Card+Scams+on+the+rise/24482/
WiFi Chipset Exploit
https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf?fbclid=IwAR07FmZGKLKdJAKI4g0o-Wm-dLGwclV8Hhi-L4_HRlklldY8UC6WY72AdAw
Jan 03, 2019
ISC StormCast for Wednesday, January 2nd 2019
7:15
Bypassing Vein Scanner Authentication (in german)
https://media.ccc.de/v/35c3-9545-venenerkennung_hacken
Hacking Smart Lightbulbs and Firmware Exploits
https://media.ccc.de/v/35c3-9723-smart_home_-_smart_hack
European Union Offers Bug Bounty for Open Source Software
https://juliareda.eu/fossa/
Bypassing Google ReCaptcha
https://github.com/ecthros/uncaptcha2
Jan 02, 2019
ISC StormCast for Friday, December 28th 2018
6:04
Phishing Attack Uses IP Counter
https://isc.sans.edu/forums/diary/Matryoshka+Phish/24460/
JungleSec Ransomware Attacks via IPMI
https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/
Microsoft Edge PoC RCE Exploit
https://github.com/phoenhex/files/blob/master/pocs/cve-2018-8629-chakra.js
Dec 28, 2018
ISC StormCast for Thursday, December 27th 2018
2:44
Problems with IE Emergency Patch
https://support.microsoft.com/en-us/help/4483229/december192018kb4483229osbuild143932670
Bitcoin Blacklists
https://isc.sans.edu/forums/diary/Bitcoin+Blacklists/24456/
D-Link DIR-816 A2 Stack Overflow
https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816
Dec 26, 2018
ISC StormCast for Friday, December 21st 2018
5:44
Windows 0-Day PoC Published: Arbitrary File Read as System
https://sandboxescaper.blogspot.com/2018/12/readfile-0day.html
Attacks Against 2FA in the Middle East
https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/
FBI Shuts Down Booter Services
http://www.documentcloud.org/documents/5648950-DOJ-indictments-in-booter-cases.html
Intel VISA Undocumented Debug Feature
https://www.blackhat.com/asia-19/briefings/schedule/index.html#intel-visa-through-the-rabbit-hole-13513
Dec 21, 2018
ISC StormCast for Thursday, December 20th 2018
4:16
Microsoft Publishes Emergency Patch for Internet Explorer
https://isc.sans.edu/forums/diary/Microsoft+OOB+Patch+for+Internet+Explorer+Scripting+Engine+Memory+Corruption+Vulnerability/24438/
Restricting PowerShell Capabilities with NetSh
https://isc.sans.edu/forums/diary/Restricting+PowerShell+Capabilities+with+NetSh/24434/
Remotely Bricking a Server
https://eclypsium.com/2018/12/19/remotely-bricking-a-server/
Dec 20, 2018
ISC StormCast for Wednesday, December 19th 2018
5:35
ASUS Vulnerabilities
https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
GIGABYTE Vulnerabilities
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Apple App Store Phishing
https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts
Kibana Vulnerability Exploited
https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/
Decrypter for InsaneCrypt and Everbe 1
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-insanecrypt-or-everbe-1-family-of-ransomware/
http://id-ransomware.malwarehunterteam.com/
SANS Holiday Hack Challenge
https://www.kringlecon.com
Dec 19, 2018
ISC StormCast for Tuesday, December 18th 2018
5:23
Password Protected ZIP with Maldoc
https://isc.sans.edu/forums/diary/Password+Protected+ZIP+with+Maldoc/24426/
Memes Used as Covert Command and Control Channel
https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/
Shamoon Disk Whipper Malware is Back
https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
Dec 18, 2018
ISC StormCast for Monday, December 17th 2018
4:57
Magellan Sqlite Vulnerability
https://blade.tencent.com/magellan/index_en.html
Logitech Options Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1663
Intel NUC BIOS Protection Flaw
https://embedi.org/blog/nuclear-explotion/
HiddenTear Ransomware Decrypter
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-hiddentear-ransomware-with-ht-brute-forcer/
Dec 17, 2018
ISC StormCast for Friday, December 14th 2018
6:39
Fake E-Mail Bomb Threats
https://www.cnn.com/2018/12/13/us/email-bomb-threats/index.html
Phishing Via Non-Delivery Notices
https://isc.sans.edu/forums/diary/Phishing+Attack+Through+NonDelivery+Notification/24412/
LamePyre MacOS Malware
https://blog.malwarebytes.com/detections/osx-lamepyre/
Dec 14, 2018
ISC StormCast for Thursday, December 13th 2018
4:55
Yet Another DOSfuscation Sample
https://isc.sans.edu/forums/diary/Yet+Another+DOSfuscation+Sample/24408/
OpenSSH Backdoors
https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
Android Malware Bypasses 2FA For Paypal
https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
Dec 13, 2018
ISC StormCast for Wednesday, December 12th 2018
5:31
Microsoft December 2018 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+December+2018+Patch+Tuesday/24404/
Adobe Patch Tuesday
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
Certificate Authority Weaknesses
https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf
Dec 12, 2018
ISC StormCast for Tuesday, December 11th 2018
5:45
Kubernetes Unauthenticated PoC Exploit for CVE-2018-1002105
https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc
WebAssembly Brings Buffer Overflows to Browsers
https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly
Increased Ethereum Miner Attacks
https://isc.sans.edu/port.html?port=8545
https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter
Android Click Fraud Apps are Emulating iPhones for Higher Revenue
https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/
Dec 11, 2018
ISC StormCast for Monday, December 10th 2018
5:45
Analyzing Malicious Docker Images
https://isc.sans.edu/forums/diary/A+Dive+into+malicious+Docker+Containers/24388/
Arrest of Huawei CFO Inspires Advance Fee Scam
https://isc.sans.edu/forums/diary/Arrest+of+Huawei+CFO+Inspires+Advance+Fee+Scam/24396/
Sextortion Messages Leading to Ransomware
https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware
WebKit Exploit Released
https://github.com/LinusHenze/WebKit-RegEx-Exploit
Implants Found in Russian Banks
https://securelist.com/darkvishnya/89169/
Dec 10, 2018
ISC StormCast for Friday, December 7th 2018
21:33
Adobe Vulnerability PoC Released
https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/
WatchOS Update
https://support.apple.com/en-us/HT209343
Data Exfiltration During Pentests
https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/
PoC Exploit for Kubernetes Vulnerability
https://github.com/evict/poc_CVE-2018-1002105
Preston Ackerman: Marketing 2FA
https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695
Dec 07, 2018
ISC StormCast for Thursday, December 6th 2018
5:06
Adobe Releases Emergency Flash Patch
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
Apple Updates Everything (but not WatchOS)
https://support.apple.com/en-us/HT201222
New Privacy Issues Affecting 3G-5G protocols
https://eprint.iacr.org/2018/1175
Dec 06, 2018
ISC StormCast for Wednesday, December 5th 2018
6:25
Fake Ransomware Decryption Service
https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/
Latest Lokibot Malspam
https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/
Chrome 71 Released
https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/
RSA Followup Webcast
https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come
Dec 05, 2018
ISC StormCast for Tuesday, December 4th 2018
4:54
Word Maldoc: Yet Another Place to Hide a Command
https://isc.sans.edu/forums/diary/Word+maldoc+yet+another+place+to+hide+a+command/24370/
US-Cert Releases SamSam Alerts
https://www.us-cert.gov/ncas/alerts/AA18-337A
Kubernetes Patches
https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
Malicious iOS App Tricks User in Payment
https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead/
Dec 04, 2018
ISC StormCast for Monday, December 3rd 2018
6:46
KingMiner Improved Cryptomining
https://research.checkpoint.com/kingminer-the-new-and-improved-cryptojacker/
Siglent Technologies Oscilloscope Vulnerabilities
https://seclists.org/fulldisclosure/2018/Nov/68
Autocad Malware
https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft
ISC Stickers (login required. first 10 requests each day)
https://isc.sans.edu/sticker.html
Dec 03, 2018
ISC StormCast for Friday, November 30th 2018
13:59
Russian Language Malspam Pushing Shade (Troldesh) Ransomware
https://isc.sans.edu/forums/diary/Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24358/
Scamclub Malvertising Against iOS Users
https://blog.confiant.com/malvertising-attack-hijacks-300-million-sessions-over-48-hours-9d0218fe02cd
Andre Shori: To Block Or Not To Block? Impact and Analysis of Actively Blocking Shodan Scans
http://www.sans.org/reading-room/whitepapers/networksecurity/block-block-impact-analysis-actively-blocking-shodan-scans-38645
Nov 30, 2018
ISC StormCast for Thursday, November 29th 2018
6:19
Obfuscated Shell Scripts: Fake MacOS Flash Updates
https://isc.sans.edu/forums/diary/More+obfuscated+shell+scripts+Fake+MacOS+Flash+update/24352/
Sennheiser HeadSetup Certificate Authority Install
https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf
Microsoft Fixes Shared Folder Permission Deletion Problem
https://support.microsoft.com/en-us/help/4467684/windows-10-update-kb4467684
3ve Botnet Dismanteled
https://services.google.com/fh/files/blogs/3ve_google_whiteops_whitepaper_final_nov_2018.pdf
Nov 29, 2018
ISC StormCast for Wednesday, November 28th 2018
5:24
Obfuscated QNAP bash Malware;
https://isc.sans.edu/forums/diary/Obfuscated+bash+script+targeting+QNap+boxes/24348/
Half of All Phishing Sites Use HTTPS
https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/
Chrome and Firefox to Remove FTP Support
https://www.bleepingcomputer.com/news/google/chrome-and-firefox-developers-aim-to-remove-support-for-ftp/
California Wildfire Used in BEC Scams
https://www.agari.com/identity-intelligence-blog/california-wildfire-email-scams/
Nov 28, 2018
ISC StormCast for Tuesday, November 27th 2018
6:07
ViperMonkey: VBA Maldoc Deobfuscation
https://isc.sans.edu/forums/diary/ViperMonkey+VBA+maldoc+deobfuscation/24346/
Malicious NPM Libraries
https://medium.com/@cnorthwood/todays-javascript-trash-fire-and-pile-on-f3efcf8ac8c7
Turning Your BMC Into A Revolving Door
https://www.synacktiv.com/ressources/zeronights_2018_turning_your_bmc_into_a_revolving_door.pdf
Nov 27, 2018
ISC StormCast for Monday, November 26th 2018
5:53
Attacks Against Docker API
https://isc.sans.edu/forums/diary/Moby+the+Shark/24340/
Mirai Like Attack Hitting Hadoop
https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/
New Rowhammer Variant Effects ECC Memory
https://www.vusec.net/projects/eccploit/
Nov 26, 2018
ISC StormCast for Wednesday, November 21st 2018
3:12
Critical Flash Update
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
Thanksgiving Lure for Emotet
https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet
Nov 21, 2018
ISC StormCast for Tuesday, November 20th 2018
4:43
Google Play Malware
https://twitter.com/LukasStefanko
ATM Vulnerabilities
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf
Nagios XI Update
https://www.tenable.com/security/research/tra-2018-37
Nov 20, 2018
ISC StormCast for Monday, November 19th 2018
5:29
Multipurpose PCAP Analysis Tool
https://isc.sans.edu/forums/diary/Multipurpose+PCAP+Analysis+Tool/24322/
Quickly Investigating Websites with Lookyloo
https://isc.sans.edu/forums/diary/Quickly+Investigating+Websites+with+Lookyloo/24320/
From Field Spoofing in GMail
https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f?gi=ce61de4cb006
Nov 18, 2018
ISC StormCast for Friday, November 16th 2018
14:59
Emotet Spreading IcedID Banking Malware
https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
Crypto Miners Abusing Insecure Docker Installs
https://forums.juniper.net/t5/Threat-Research/Container-Malware-Miners-Go-Docker-Hunting-In-The-Cloud/ba-p/400587
GPS Watches Can Be Used To Track Kids
https://www.pentestpartners.com/security-blog/tracking-and-snooping-on-a-million-kids/
Firefox Will Notify Users of Breached Sites
https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/
David Kennel: All-Seeing Eye or Blind Man? Understanding the Linux Kernel Auditing System
https://www.sans.org/reading-room/whitepapers/linux/all-seeing-eye-blind-man-understanding-linux-kernel-auditing-system-38605
Nov 16, 2018
ISC StormCast for Thursday, November 15th 2018
5:48
Details about Zero Day Exploit Taking Advantage of Win32k Vuln.
https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/
PacSec Pwn2Own Results
https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results
https://www.zerodayinitiative.com/blog/2018/11/14/pwn2own-tokyo-2018-day-two-results-and-master-of-pwn
More Spectre/Meltdown Flaws
https://arxiv.org/pdf/1811.05441.pdf
Nov 15, 2018
ISC StormCast for Wednesday, November 14th 2018
5:06
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
Nov 14, 2018
ISC StormCast for Tuesday, November 13th 2018
5:17
Google BGP Hijack via Russia
https://twitter.com/thousandeyes/status/1062102171506765825
https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392
Microcode Bootloader USB
https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/
Wordpress GDPR Tool Vulnerable
https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/
Nov 13, 2018
ISC StormCast for Monday, November 12th 2018
6:28
Cloudflare Releases Mobile Apps To Use 1.1.1.1
https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/
Crypto Coin Miners Now With Rootkits
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth
Google Play Protect Reduces Malware
https://security.googleblog.com/2018/11/introducing-android-ecosystem-security.html
Nov 12, 2018
ISC StormCast for Friday, November 9th 2018
17:10
Cisco Security Bulletins
https://tools.cisco.com/security/center/publicationListing.x
Ruby Deserialization
https://www.elttam.com.au/blog/ruby-deserialization/
Ouch Newsletter: Am I Hacked?
https://www.sans.org/security-awareness-training/resources/am-i-hacked
Jonathan Sweeny: Smart Contract Botnets
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
https://www.sans.org/reading-room/whitepapers/warfare/tearing-smart-contract-botnets-38650
Nov 09, 2018
ISC StormCast for Thursday, November 8th 2018
6:41
VirtualBox 0 Day Guest Escape Exploit Released
https://github.com/MorteNoir1/virtualbox_e1000_0day
WooCommerce / Wordpress Bug Leads to RCE
https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/
Bing Advertises Fake Version of Notepad2
https://www.bleepingcomputer.com/news/security/beware-of-unofficial-sites-pushing-notepad2-adware-bundles/
Jacksonville BSides
https://bsidesjax.org
Nov 08, 2018
ISC StormCast for Wednesday, November 7th 2018
5:50
China Telecom's Internet Traffic Misdirection
https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection
Android Security Updates; Last for Nexus
https://source.android.com/security/bulletin/2018-11-01#framework
PoC Facetime Exploit
https://bugs.chromium.org/p/project-zero/issues/detail?id=1641
Vulnerability in U-Boot Bootloader
https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR2018-0001.txt
Nov 07, 2018
ISC StormCast for Tuesday, November 6th 2018
5:48
Struts 2.3 Uses Outdated commons-fileupload library
https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File+Upload+Flaw/24278/
Fake Elon Musk Tweet used to steal Bitcoin
https://www.bleepingcomputer.com/news/security/fake-elon-musk-twitter-bitcoin-scam-earned-180k-in-one-day/
Bypassing SSD Drive Hardware Encryption
https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
Nov 06, 2018
ISC StormCast for Monday, November 5th 2018
5:18
Beyond good ol' LaunchAgents
https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+1/24274/
Dissecting a CVE-2017-11882 Exploit
https://isc.sans.edu/forums/diary/Dissecting+a+CVE201711882+Exploit/24272/
Microsoft Edge Exploit About to Be Released
https://twitter.com/Yux1xi
Portsmash Vulnerability
https://github.com/bbbrumley/portsmash
RC4 (Arcfour) Depreciation in SSH
https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-12
Nov 05, 2018
ISC StormCast for Friday, November 2nd 2018
5:29
Windows Defender Sandboxing Bug
https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/
Bleedingbit Bluetooth Low Energy Vulnerability
https://armis.com/bleedingbit/
Cisco ASA/Firepower DoS Vulnerability Actively Exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos
Nov 01, 2018
ISC StormCast for Thursday, November 1st 2018
5:19
Encrypted Word Maldocs
https://isc.sans.edu/forums/diary/More+malspam+using+passwordprotected+Word+docs/24262/
iOS / MacOS ICMP Error Remote Code Execution
https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407
iOS Lock Screen Bypass
https://www.youtube.com/watch?v=ojigFgwrtKs
Nov 01, 2018
ISC StormCast for Wednesday, October 31st 2018
4:36
Change in Strategy for Hancitor Malware
https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/
Apple Updates
https://support.apple.com/en-us/HT201222
Telegram Stores Conversations Locally
https://twitter.com/nathanielrsuchy
Oct 31, 2018
ISC StormCast for Tuesday, October 30th 2018
6:03
Maldoc Duplicating PowerShell
https://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/
New File Types Emerge in Malware Spam Attachments
https://blog.trendmicro.com/trendlabs-security-intelligence/same-old-yet-brand-new-new-file-types-emerge-in-malware-spam-attachments/
Malicious Mac Crypto Currency Tracker Installs Backdoor
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/
Sandbox For Windows Defender
https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/
Oct 30, 2018
ISC StormCast for Monday, October 29th 2018
4:55
Dissecting Malicious Office Documents in Linux
https://isc.sans.edu/forums/diary/Dissecting+Malicious+Office+Documents+with+Linux/24248/
Analyzing Compressed RTF Documents
https://isc.sans.edu/forums/diary/Detecting+Compressed+RTF/24250/
SystemD DHCPv6 Remote Code Executing Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-15688
Cryptominers Scan for Docker Engine
https://blog.trendmicro.com/trendlabs-security-intelligence/misconfigured-container-abused-to-deliver-cryptocurrency-mining-malware
DemonBot Targeting Hadoop
https://blog.radware.com/security/2018/10/new-demonbot-discovered/
Oct 29, 2018
ISC StormCast for Friday, October 26th 2018
5:13
Scam Calls Targeting Chinese Living in the US
https://isc.sans.edu/forums/diary/Fake+BankPost+Office+Phone+Calls+Targeting+Chinese+Immigrants/24244/
X.org Privilege Elevation Flaw
https://lists.x.org/archives/xorg-announce/2018-October/002927.html
Remote Videos in Office Documents
https://blog.cymulate.com/abusing-microsoft-office-online-video
Mac Malware Injects Ads
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/
Oct 26, 2018
ISC StormCast for Thursday, October 25th 2018
5:24
Reversing AutoIT
https://isc.sans.edu/forums/diary/Diving+into+Malicious+AutoIT+Code/24238/
Arcserve Vulnerabilities
https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/
WebExec Vulnerability
https://webexec.org/
More ALPC Flaws from Sandbox Escaper
https://twitter.com/SandboxEscaper/status/1054744201244692485
https://twitter.com/mkolsek/status/1054794984908562432
Oct 25, 2018
ISC StormCast for Wednesday, October 24th 2018
5:56
Malware Uses Decoy Picture
https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Picture/24234/
DNS over HTTPS Pushback
https://twitter.com/paulvixie/status/1053765281917661184
Signal Desktop Leaves Encryption Key Exposed
https://twitter.com/nathanielrsuchy
Firefox 63 Allows Less Tracking
https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/
Oct 24, 2018
ISC StormCast for Tuesday, October 23rd 2018
5:18
MSG Files: Compressed RTF
https://isc.sans.edu/forums/diary/MSG+Files+Compressed+RTF/24228/
FreeRTOS TCP/IP Stack Vulnerabilities
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/
VLC/Live555 RTSP Server Vulnerability
https://www.talosintelligence.com/reports/TALOS-2018-0684
Microsoft Yammer Update
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8569#ID0EGB
Oct 23, 2018
ISC StormCast for Monday, October 22nd 2018
5:02
MacOS LaunchAgent
https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+0/24230/
TLS Session Tracking
https://arxiv.org/pdf/1810.07304.pdf
jQuery File Upload Plugin
https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html
Drupal Update
https://www.drupal.org/sa-core-2018-006
Oct 22, 2018
ISC StormCast for Friday, October 19th 2018
4:27
Cisco Patches
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2018%2F10%2F17&firstPublishedEndDate=2018%2F10%2F17&lastPublishedStartDate=2018%2F10%2F17&lastPublishedEndDate=2018%2F10%2F17
51% Attack Against Crypto Currencies
https://old.reddit.com/r/CryptoCurrency/comments/9m1uuj/if_i_livestreamed_the_setup_and_execution_of/
VMWare Patch
https://www.vmware.com/au/security/advisories/VMSA-2018-0026.html
Oct 19, 2018
ISC StormCast for Thursday, October 18th 2018
5:22
Abandoned "NewShareCount" Twitter Counter abused
https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html
Multiple D-Link Vulnerabilities
https://seclists.org/fulldisclosure/2018/Oct/36
RID Hacking in Windows
https://www.romhack.io/slides/RomHack%202018%20-%20Sebastian%20Castro%20-%20Windows%20RID%20Hijacking:%20Maintaining%20Access%20on%20Windows%20Machines.pdf
Oct 18, 2018
ISC StormCast for Wednesday, October 17th 2018
5:42
Oracle CPU
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
libssh vulnerability
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Vending Machine Mobile App Compromise
https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec
Browsers Announce Timeline to Discontinue TLS1.0/1.1 support
https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
Oct 17, 2018
ISC StormCast for Tuesday, October 16th 2018
5:34
Proof Of Concept Exploit for Microsoft Edge Vulnerability CVE-2018-8495
https://leucosite.com/Microsoft-Edge-RCE/
Fake Mining Apps
https://www.fortinet.com/blog/threat-research/fortinet-discovers-new-android-apps-that-mine-the-unminable.html
Fake Google Photo App Turns out to be Ad-Clicker
https://www.geeklatest.com/developer-tricks-microsoft-publishes-app-under-google-llc-name-in-windows-store/
Oct 16, 2018
ISC StormCast for Monday, October 15th 2018
6:17
Many Large Websites Affected by Branch.io XSS Flaw
https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Medtronics Pacemakers Disable Remote Update
https://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/REV-Medtronic-2090-Security-Bulletin_FNL.pdf
IBM Updates WebSphere Update
https://www-01.ibm.com/support/docview.wss?uid=swg22016254
Incomplete JET Database Patch
https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html
Oct 15, 2018
ISC StormCast for Friday, October 12th 2018
5:51
New Campaign Using Old Equation Editor Vulnerability
https://isc.sans.edu/forums/diary/New+Campaign+Using+Old+Equation+Editor+Vulnerability/24196/
Root Access Vulnerability in SONY Smart TVs
https://www.fortinet.com/blog/threat-research/sony-smart-tv-exploit-inside-view-hijacking-your-living-room.html
MicroTik RouterOS Vulnerablities
https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf
Reverse Analysis of WebAssembly
https://www.forcepoint.com/blog/security-labs/manual-reverse-engineering-webassembly-static-code-analysis
Firefox Delays Symantec Certificate Distrust
https://www.theregister.co.uk/2018/10/11/firefox_symantec_certs_delay/
Oct 11, 2018
ISC StormCast for Thursday, October 11th 2018
6:24
Remote Code Execution Vulnerability in WhatsApp
https://bugs.chromium.org/p/project-zero/issues/detail?id=1654
Salesforce Releases hashh Library
https://github.com/salesforce/hassh
CVE-2018-8453 Details from Kaspersky
https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
Juniper Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Experian Vulnerability Could Have Leaked Credit Freeze PINs
https://www.nerdwallet.com/blog/finance/security-flaw-at-experian-allows-easy-access-to-pin-to-unlock-credit-freeze/
Oct 11, 2018
ISC StormCast for Wednesday, October 10th 2018
5:31
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/October+2018+Microsoft+Patch+Tuesday/24186/
Adobe Updates
https://helpx.adobe.com/security.html
Magecart Infects "Shopper Approved" Plugin
https://www.riskiq.com/blog/labs/magecart-shopper-approved/
Oct 10, 2018
ISC StormCast for Tuesday, October 9th 2018
4:44
Apple Updates iOS and iCloud for Windows
https://support.apple.com/en-ca/HT209162
https://support.apple.com/en-ca/HT209141
Intel Adds Spectre/Meltdown Mitigation to 9th Generation CPUs
https://www.bleepingcomputer.com/news/security/spectre-and-meltdown-hardware-protection-added-to-intels-9th-gen-cpus/
Windows October Update File Deleting Issues
https://support.microsoft.com/en-us/help/4464619/windows-10-update-history
https://blogs.technet.microsoft.com/filecab/2018/08/30/9205/
macOS Code Signing Vulnerabilities
https://www.virusbulletin.com/conference/vb2018/abstracts/code-signing-flaw-macos
Oct 09, 2018
ISC StormCast for Monday, October 8th 2018
6:53
WPA2 Karck Attack Update
https://www.krackattacks.com/followup.html#overview
Cisco Updates
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities
Seattle Police Tries to Stop SWATing
https://www.seattle.gov/police/need-help/swatting
git Vulnerability Fixed
https://github.com/timwr/CVE-2017-1000117
Oct 08, 2018
ISC StormCast for Friday, October 5th 2018
7:18
Does the Chinese Military Manipulate Supermicro Motherboards?
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
Cloudflare IPFS Gateway Used For Phishing
https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/
DNSSEC Root Key Signing Key Rollover
https://www.icann.org/resources/pages/ksk-rollover
https://www.icann.org/news/blog/2018-ksk-rollover-operator-preparedness-survey
Oct 05, 2018
ISC StormCast for Thursday, October 4th 2018
6:00
Identifying a Phisher
https://isc.sans.edu/forums/diary/Identifying+a+phisher/24164/
Phishing via Azure Blob Storage
https://www.netskope.com/blog/phishing-in-the-public-cloud
Zoho Domains Used for Phishing and Keyloggers
https://cofense.com/staggering-amount-stolen-data-heading-zoho-domains/
Dell iDRAC Exploit
https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/
Oct 04, 2018
ISC StormCast for Wednesday, October 3rd 2018
5:11
How to Write Yara Rules
https://isc.sans.edu/forums/diary/Developing+YARA+Rules+a+Practical+Example/24158/
GhostDNS DNS Changer Malware
https://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/
Foxit PDF Reader Vulnerabilities
https://www.foxitsoftware.com/support/security-bulletins.php
Apple Laptops Shipped With CPU in Manufacturing Mode
http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
Oct 03, 2018
ISC StormCast for Tuesday, October 2nd 2018
6:10
Update About Facebook Breach
https://newsroom.fb.com/news/2018/09/security-update/
Adobe Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb18-30.html
SMTP MTA Strict Transport Security (MTA-STS)
https://www.rfc-editor.org/rfc/rfc8461.txt
Oct 02, 2018
ISC StormCast for Monday, October 1st 2018
6:11
Facebook Leaks more than 50 Million Accounts
https://newsroom.fb.com/news/2018/09/security-update/
Telegram Leaks Local IP Address By Default
https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html
Site Tricks Users Into Subscribing to Browser Notifications
https://www.bleepingcomputer.com/news/security/sites-trick-users-into-subscribing-to-browser-notification-spam/
DDE Code Injection
https://isc.sans.edu/forums/diary/More+Excel+DDE+Code+Injection/24150/
Oct 01, 2018
ISC StormCast for Friday, September 28th 2018
5:34
Enriching Radare2 and x64dbg malware analysis with statically decoded strings
https://isc.sans.edu/forums/diary/Enriching+Radare2+and+x64dbg+malware+analysis+with+statically+decoded+strings/24146/
Weaknesses in Apple's Mobile Device Management
https://duo.com/labs/research/mdm-me-maybe
LoJax UEFI Rootkit
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
Sep 28, 2018
ISC StormCast for Thursday, September 27th 2018
5:02
Emotet Malware Delivery Service Update
https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
Fedora Crypto Policy Update Causes SSH Issues
https://bugzilla.redhat.com/show_bug.cgi?id=1631970
Android Banking Trojan Impersonates QRecorder
https://lukasstefanko.com/2018/09/banking-trojan-found-on-google-play-stole-10000-euros-from-victims.html
Google Reverts Changes to Chrome
https://www.blog.google/products/chrome/product-updates-based-your-feedback/amp/
Sep 27, 2018
ISC StormCast for Wednesday, September 26th 2018
5:04
Firefox Haveibeenpwned Monitor
https://blog.mozilla.org/blog/2018/09/25/introducing-firefox-monitor-helping-people-take-control-after-a-data-breach/
Chrome 69 Privacy Issues
https://www.bleepingcomputer.com/news/google/chrome-69-keeps-googles-cookies-after-you-clear-browser-data/
Cisco FragmentSmack Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment
Micorsoft Bitlocker Turns itself Off During Updates
https://social.technet.microsoft.com/Forums/en-US/0e48536f-40ff-4046-bd08-ed4a39b4840f/bitlocker-automatically-suspending-during-updates?forum=win10itprosecurity
Sep 26, 2018
ISC StormCast for Tuesday, September 25th 2018
5:56
More Sextortion Emails
https://isc.sans.edu/forums/diary/Sextortion+Spam+and+the+Infinite+Monkey+Theorem/24136/
MacOS 10.14 (Mojahve) Security Fixes
https://support.apple.com/en-us/HT209139
Mojave Privacy Protection Bypass
https://vimeo.com/291491984
Cloudflare Supporting Encrypted SNI
https://blog.cloudflare.com/esni/
Sep 25, 2018
ISC StormCast for Monday, September 24th 2018
4:30
Odd DNS Requests from Firewalls
https://isc.sans.edu/forums/diary/Suspicious+DNS+Requests+Issued+by+a+Firewall/24128/
Securing API Connections
https://isc.sans.edu/forums/diary/The+danger+of+sending+information+for+API+consumption+without+adequate+security+measures/24130/
Microsoft JET Database 0day
https://www.zerodayinitiative.com/advisories/ZDI-18-1075/
Western Digital Releases Patch for MyCloud Drives
https://support.wdc.com/knowledgebase/answer.aspx?ID=25952&s
Job Offers With Malware Attachment
https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/
Sep 24, 2018
ISC StormCast for Friday, September 21st 2018
12:33
Hunting for Suspicious Processes with OSSEC
https://isc.sans.edu/forums/diary/Hunting+for+Suspicious+Processes+with+OSSEC/24122/
NSSLabs Sues Crowdstrike, Symantec, ESET
https://www.nsslabs.com/blog/company/advancing-transparency-and-accountability-in-the-cybersecurity-industry/
Bitcoin Core Vulnerability
https://motherboard.vice.com/amp/en_us/article/qvakp3/a-major-bug-in-bitcoin-software-could-have-crashed-the-currency?__twitter_impression=true
WebAuthn Standard
https://paragonie.com/blog/2018/08/security-concerns-surrounding-webauthn-don-t-implement-ecdaa-yet
https://fidoalliance.org/
Sep 21, 2018
ISC StormCast for Thursday, September 20th 2018
5:24
Adobe Releases Special Patch for Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html
Akamai State of the Internet Report
https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp
Peekabo DVR Vulnerability
https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder
Sep 20, 2018
ISC StormCast for Wednesday, September 19th 2018
5:27
Certificate Transparency Tools
https://isc.sans.edu/forums/diary/Using+Certificate+Transparency+as+an+Attack+Defense+Tool/24114/
Kodi Malicious Add-Ons
https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/
Cloudflare Making DNSSEC Adoption Easier
https://blog.cloudflare.com/automatically-provision-and-maintain-dnssec/
Western Digital MyCloud Unauthenticated Admin Access
https://www.securify.nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html
Sep 19, 2018
ISC StormCast for Tuesday, September 18th 2018
5:26
Analyzing Office Docs
https://isc.sans.edu/forums/diary/Dissecting+Malicious+MS+Office+Docs/24108/
Apple Updates Everything but macOS
https://support.apple.com/en-us/HT201220
FBot Botnet
https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/
Related STI Paper: Botnet Reciliency via Private Blockchain (Jonathan Sweeny)
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
Sep 18, 2018
ISC StormCast for Monday, September 17th 2018
5:26
Reversing Visual Basic Shortcuts
https://isc.sans.edu/forums/diary/2020+malware+vision/24104/
Not So Random User Agent
https://isc.sans.edu/forums/diary/User+Agent+String+uatoolsrandom/24102/
Safari DoS
https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea
Webroot SecureAnywhere macOS Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-SecureAnywhere-macOS-Kernel-Level-Memory-Corruption/
Intel Patches Management Engine Encryption Vulnerability
http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html
Sep 17, 2018
ISC StormCast for Friday, September 14th 2018
5:37
Malicious MHT Files
https://isc.sans.edu/forums/diary/Malware+Delivered+Through+MHT+Files/24096/
Improved Coldboot Attack
https://blog.f-secure.com/cold-boot-attacks/
SAP Patches
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993
Sep 14, 2018
ISC StormCast for Thursday, September 13th 2018
6:47
So What is Going on With IPv4 Fragments these Days?
https://isc.sans.edu/forums/diary/So+What+is+Going+on+With+IPv4+Fragments+these+Days/24092/
Magacart Javascript Injection Attacks
https://www.bleepingcomputer.com/news/security/feedify-service-compromised-with-magecart-information-stealing-script/
Bypassing CSP using Polyglot JPEGs
https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs
Sep 13, 2018
ISC StormCast for Wednesday, September 12th 2018
4:44
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/
Adobe Patches
https://helpx.adobe.com/security.html
Safari/Edge URL Bar Spoofing
https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html
Exploit Search Engine
https://sploitus.com
Sep 12, 2018
ISC StormCast for Tuesday, September 11th 2018
4:46
"findstr" used to extract malware from LNK files
https://isc.sans.edu/forums/diary/What+is+dikona+or+glirote3/24084/
Tor Browser Javascript Vulnerability
https://www.bleepingcomputer.com/news/security/exploit-affecting-tor-browser-burned-in-a-tweet/
Trend Micro App Leaks Data / Removed from Appstore
https://forums.malwarebytes.com/topic/217353-get-rid-of-open-any-files-rar-support/?tab=comments#comment-1194838
Chrome removes Subdomains from URL Bar
https://bugs.chromium.org/p/chromium/issues/detail?id=881410
Sep 10, 2018
ISC StormCast for Sunday, September 9th 2018
6:33
Crypto Mining in a Windows Headless Browser
https://isc.sans.edu/forums/diary/Crypto+Mining+in+a+Windows+Headless+Browser/24078/
MacOS Adware Doctor Stealing Browser History
https://twitter.com/privacyis1st/status/1031428304543395840
https://objective-see.com/blog/blog_0x37.html
VPN Applications with Privilege Escalation Vulnerabilities
https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html
Keybase Extension Allws Access By Scripts from Any Site
https://palant.de/2018/09/06/keybase-our-browser-extension-subverts-our-encryption-but-why-should-we-care
Sep 09, 2018
ISC StormCast for Friday, September 7th 2018
4:43
Malware Uses Powershell to Comple C# Code on the Fly
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/
Stealing WiFi Credentials in Google Chrome
https://www.surecloud.com/sc-blog/wifi-hijacking
DNS Spoofing and Certificate Authority Domain Validation
https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validation/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=30#~Vulnerabilities
Sep 06, 2018
ISC StormCast for Thursday, September 6th 2018
5:06
MEGA Chrome Extension Replaced with Password Stealer
https://serhack.me/articles/mega-chrome-extension-hacked
Python Package Installer May Execute Code
https://github.com/mschwager/0wned
Windows Scheduler Exploit Used in the Wild
https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/
Where Have All My Certificates Gone?
https://isc.sans.edu/forums/diary/Where+have+all+my+Certificates+gone+And+when+do+they+expire/24066/
Sep 05, 2018
ISC StormCast for Wednesday, September 5th 2018
5:32
Some More Interesting MicroTik Router Exploits
https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/
Exposed .git Directories
https://lynt.cz/blog/global-scan-exposed-git
SSL Certificates Expose Tor Servers
https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/
Sep 04, 2018
ISC StormCast for Tuesday, September 4th 2018
4:42
Reversing and Modifying the Medium Mobile App
https://hackernoon.com/dont-publish-yet-reverse-engineering-the-medium-app-and-making-all-stories-in-it-free-48c8f2695687
Active Directory Leaks via Azure
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/
Google Restricts Tech Support Ads
https://www.blog.google/products/ads/restricting-ads-third-party-tech-support-services/?mod=article_inline
Sep 04, 2018
ISC StormCast for Sunday, September 2nd 2018
4:45
OSX/MacOS and Dangerous of Custom URL Schemes
https://objective-see.com/blog/blog_0x38.html
Philips e-Alert Vulnerability
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
Sep 02, 2018
ISC StormCast for Friday, August 31st 2018
5:59
Cryptocoin Miners are More Popular Than Ever and Dominate in Attacks
https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050/
Cryptocoin Miners Deployed via Struts Vulnerability
https://www.volexity.com/blog/2018/08/27/active-exploitation-of-new-apache-struts-vulnerability-cve-2018-11776-deploys-cryptocurrency-miner/
Mimecast Identifies Weaknesses in Existing EMail Filters
https://www.mimecast.com/resources/ebooks/dates/2018/7/the-state-of-email-security-2018-report/
Android Leaks Information to Processes
https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/
Aug 30, 2018
ISC StormCast for Thursday, August 30th 2018
6:12
More Octoprint Details
https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/
Packagist Remote Code Injection Vulnerability
https://justi.cz/security/2018/08/28/packagist-org-rce.html
More OpenSSH User Enumeration Issues
http://seclists.org/oss-sec/2018/q3/180
Two new TPM Vulnerabilities
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-han.pdf
Aug 29, 2018
ISC StormCast for Wednesday, August 29th 2018
5:21
Microsoft Windows Task Scheduler Local Privilege Escalation Vulnerability
https://www.kb.cert.org/vuls/id/906424
3D Printers Exposed to Internet
https://isc.sans.edu/forums/diary/OctoPrint+3D+Web+Interfaces+EXPOSED+Port+5000+default/24038/
Firefox Nightly Built Removes Trust From Symantec Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1460062
https://bugzilla.mozilla.org/show_bug.cgi?id=1484006
Aug 28, 2018
ISC StormCast for Tuesday, August 28th 2018
4:27
H-Worm Variant Notes Infection Date in Registry
https://isc.sans.edu/forums/diary/When+was+this+machine+infected/24032/
CentOS / Ubuntu Turn Off Gnome "Bubblewrap" Sandbox
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
Fortnite Android Arbitrary Code Install Vulnerability
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
Aug 27, 2018
ISC StormCast for Monday, August 27th 2018
6:02
Struts Exploits for CVE-2018-11776 on Github (there are more. just a sample)
https://github.com/mazen160/struts-pwn_CVE-2018-11776
https://github.com/jiguang7/CVE-2018-11776
Publisher Malware
https://isc.sans.edu/forums/diary/Microsoft+Publisher+Files+Delivering+Malware/24024/
https://isc.sans.edu/forums/diary/Microsoft+Publisher+malware+static+analysis/24026/
AT Commands
https://atcommands.org/atdb/vendors
Using a Microphone to Read Screen Content
https://www.cs.tau.ac.il/~tromer/synesthesia/synesthesia.pdf
Aug 26, 2018
ISC StormCast for Friday, August 24th 2018
6:09
Simple Phishing Through formcrafts.com
https://isc.sans.edu/forums/diary/Simple+Phishing+Through+formcraftscom/24020/
Facebook's Onavo VPN removed from Apple AppStore
https://www.wsj.com/articles/facebook-to-remove-data-security-app-from-apple-store-1534975340?mod=e2tw (paywall)
https://medium.com/@chronic_9612/notes-on-analytics-and-tracking-in-onavo-protect-for-ios-904bdff346c0
Phishing False Alarm
https://www.cnn.com/2018/08/23/politics/dnc-hack-false-alarm/index.html
Fake Crypto Trading App Stealing Crypot Currency From Mac Users
https://www.businesswire.com/news/home/20180823005093/en/AppleJeus-Lazarus-Group-Hunts-Cryptocurrency-Exchanges-macOS
Intel Simplifies Microcode License
https://twitter.com/imadsousou/status/1032680311753072640
Aug 23, 2018
ISC StormCast for Thursday, August 23rd 2018
5:18
New Critical Apache Struts Vulnerability (CVE-2018-11776)
https://semmle.com/news/apache-struts-CVE-2018-11776
https://cwiki.apache.org/confluence/display/WW/S2-057
Hardening Apache Struts With SELinux
https://doublepulsar.com/hardening-apache-struts-with-selinux-db3a9cd1a10c?gi=f23fc884264a
Ghostscript Code Execution Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1640
Photoshop CC Patch
https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
Aug 22, 2018
ISC StormCast for Wednesday, August 22nd 2018
5:19
Malicious DDL Loaded Through AutoIT
https://isc.sans.edu/forums/diary/Malicious+DLL+Loaded+Through+AutoIT/24008/
Traefik Fixes TLS Private Key Exposure
https://github.com/containous/traefik/issues/3651
TLS Certificates Survive Domain Ownership
https://insecure.design
Intel Microcode License Update Causes Problems for Debian Linux
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158#14
Aug 21, 2018
ISC StormCast for Tuesday, August 21st 2018
5:17
Regular Expression DDoS in Javascript
http://mp.binaervarianz.de/ReDoS_TR_Dec2017.pdf
OpenSSH User Enumeration Update
https://isc.sans.edu/forums/diary/OpenSSH+user+enumeration+CVE201815473/24004
Turning (Page) Tables Exploit Technique
https://cdn2.hubspot.net/hubfs/487909/Turning%20(Page)%20Tables_Slides.pdf
Aug 20, 2018
ISC StormCast for Monday, August 20th 2018
5:53

Fragmentsmack Summary
https://isc.sans.edu/forums/diary/Back+to+the+90s+FragmentSmack/23998/
HP Does Not Release Patches for Non-Windows Users
https://www.intego.com/mac-security-blog/exclusive-hp-leaves-mac-users-vulnerable-to-fax-hacks/
More about VB Script 0-Day Vulnerability and "Dark Hotel" (chinese only)
https://ti.360.net/blog/articles/analyzing-attack-of-cve-2018-8373-and-darkhotel/
https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/
PHP Deserialization Vulnerability Code Execution
https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf?
Aug 19, 2018
ISC StormCast for Friday, August 17th 2018
6:34
Anonymize PCAPS
https://isc.sans.edu/forums/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990/
OpenSSH User Enumeration Vulnerability
http://seclists.org/oss-sec/2018/q3/124
VoiceXML XML External Entity Vulnerability
https://hackerone.com/reports/395296
Skimreaper Credit Card Skimmer Detector
http://skimreaper.com
Aug 17, 2018
ISC StormCast for Thursday, August 16th 2018
5:45

Password Protected Word Documents Push AZORult and Hermes Ransomware
https://isc.sans.edu/forums/diary/More+malspam+pushing+passwordprotected+Word+docs+for+AZORult+and+Hermes+Ransomware/23992/
Linux IP Fragmentation DoS
https://www.kb.cert.org/vuls/id/641765
Scripting Mouse Clicks to Bypass macOS Security
https://speakerdeck.com/patrickwardle/the-mouse-is-mightier-than-the-sword
Concentration of Coinhive Miners
https://arxiv.org/pdf/1808.00811.pdf
Aug 16, 2018
ISC StormCast for Wednesday, August 15th 2018
6:11
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Microsoft+August+2018+Patch+Tuesday/23986/
Oracle Database Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
Intel Fixes Three More CPU Flaws
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
Aug 15, 2018
ISC StormCast for Tuesday, August 14th 2018
5:03
New Sextorition Wave Using Partial Phone Numbers
New Extortion Tricks: Now Including Your (Partial) Phone Number!
Intel Releases Patch for Puma Modem Chips
https://www.dslreports.com/forum/r32071020-Internet-Rogers-modem-router-rebooting-on-wan-scans-by-design
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-000097.html
Bluetooth Low Energy Attack Tool
https://github.com/virtualabs/btlejack
Tesla Will Fix Cars if Researcher Breaks it While Hacking
https://twitter.com/bitquark/status/1028373178421309440
Aug 14, 2018
ISC StormCast for Monday, August 13th 2018
6:07
VIA C3 "God Mode"
https://github.com/xoreaxeaxeax/rosenbridge
Apple MDM Vulnerablity
https://www.wired.com/story/mac-remote-hack-wifi-enterprise/
Peeking into MSG Files
https://isc.sans.edu/forums/diary/Peeking+into+msg+files+revisited/23974/
Hunting SSL/TLS Clients Using JA3
https://isc.sans.edu/forums/diary/Hunting+SSLTLS+clients+using+JA3/23972/
Mobile Payment Terminal Vulnerabilities
https://www.blackhat.com/us-18/briefings.html#for-the-love-of-money-finding-and-exploiting-vulnerabilities-in-mobile-point-of-sales-systems
Aug 13, 2018
ISC StormCast for Friday, August 10th 2018
5:13
Vulnerabilities in Pacemaker Programmer and Insulin Pumps
https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/
"Panic Attacks" Against City Infrastructure
https://www.bbc.com/news/technology-45128053
Kaspersky VPN Leaks DNS Traffic
https://www.inputzero.io/2018/08/kaspersky-vpn-leaks-dns-address.html
Osiris Dropper Uses Process Dopplegaenging
https://blog.malwarebytes.com/threat-analysis/2018/08/osiris-using-process-doppelganging/
Aug 10, 2018
ISC StormCast for Thursday, August 9th 2018
5:07
Homebrew Exposed Github Credentials
https://brew.sh/2018/08/05/security-incident-disclosure/
WhatsApp Vulnerability
https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/
Netflix Releases Tool To Detected Cloud Credential Compromise
https://medium.com/netflix-techblog/netflix-cloud-security-detecting-credential-compromise-in-aws-9493d6fd373a
Aug 09, 2018
ISC StormCast for Wednesday, August 8th 2018
5:34
Linux TCP DoS Vulnerability
https://www.kb.cert.org/vuls/id/962459
Let's Encrypt Now Trusted By All Major Root CA Programs
https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html
Android Updates
https://source.android.com/security/bulletin/2018-08-01
OpenEMR Vulnerabilities
https://insecurity.sh/assets/reports/openemr.pdf
Aug 08, 2018
ISC StormCast for Tuesday, August 7th 2018
5:00
Numeric Obfuscation
https://isc.sans.edu/forums/diary/Numeric+obfuscation+another+example/23960/
Crestron Touchscreen Vulnerability
https://blog.securitycompass.com/security-advisory-regarding-crestron-tsw-xx60-touch-panel-devices-9f1a71a926a5
Facebook Releases "Fizz" TLS 1.3 Library
https://github.com/facebookincubator/fizz
Aug 07, 2018
ISC StormCast for Monday, August 6th 2018
5:30
New WPA Attack
https://hashcat.net/forum/thread-7717.html
Fake Techsupport Uses More Intelligent Call Routing
https://www.symantec.com/blogs/threat-intelligence/tech-support-scam-call-optimization
HP Printer Updates
https://support.hp.com/us-en/document/c06097712
Aug 06, 2018
ISC StormCast for Friday, August 3rd 2018
6:30
Malware in Animated GIF Files
https://isc.sans.edu/forums/diary/DHLthemed+malspam+reveals+embedded+malware+in+animated+gif/23944/
MikroTik Miner Botnet
https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-%E2%80%93-First-we-cryptojack-Brazil,-then-we-take-the-World-/
Microsoft Edge Vulnerability
https://www.netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file/
Aug 03, 2018
ISC StormCast for Thursday, August 2nd 2018
6:26
Facebook Smishing Attack
https://isc.sans.edu/forums/diary/Facebook+Phishing+via+SMS/23940/
Port 52869 UPNP Attacks
https://isc.sans.edu/forums/diary/When+Cameras+and+Routers+attack+Phones+Spike+in+CVE20148361+Exploits+Against+Port+52869/23942/
Microsoft Improves Account Security for Midterm Elections
https://www.bleepingcomputer.com/news/microsoft/microsoft-accountguard-service-offers-protection-for-political-and-election-orgs/
Google Improves "Government Sponsored Attacks" Alert for GSuite
https://9to5google.com/2018/08/01/g-suite-admins-government-based-attackers/
Aug 02, 2018
ISC StormCast for Wednesday, August 1st 2018
6:24
Powershell Inside Certificates
https://blog.nviso.be/2018/07/31/powershell-inside-a-certificate-part-1/
TEMPEST is Back
http://youtu.be/BpNP9b3aIfY?a
Big Star Labs Spyware
https://adguard.com/en/blog/big-star-labs-spyware/
Aug 01, 2018
ISC StormCast for Tuesday, July 31st 2018
6:56
DOSFuscation Campaign
https://isc.sans.edu/forums/diary/Malicious+Word+documents+using+DOSfuscation/23932/
Let's Encrypt Outage
https://letsencrypt.status.io
Malvertising Campaign Insides
https://research.checkpoint.com/malvertising-campaign-based-secrets-lies/
Jul 31, 2018
ISC StormCast for Monday, July 30th 2018
7:10
Summary of Earchings in Recent Sextortion Attack
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money/23922/
Adware Distributed with Legitimate Applications
https://www.bleepingcomputer.com/news/security/fake-websites-for-keepass-7zip-audacity-others-found-pushing-adware/
https://twitter.com/JusticeRage
PDF Editor Supply Chain Exploit
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/
Jul 30, 2018
ISC StormCast for Friday, July 27th 2018
15:52
NetSpectre: Read Arbitrary Memory over the Network
https://misc0110.net/web/files/netspectre.pdf
Google Play Store Bans Crypto Miners
https://play.google.com/about/developer-content-policy-print/
Japanese Calendar Issues
https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/
Multiple Vulnerabilities in Samsung SmartThings Hub
https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html?m=1
Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers. Ryan O'Grady
https://www.sans.org/reading-room/whitepapers/artificialintelligence/times-change-training-data-too-effect-training-data-recency-twitter-classifiers-38500
Jul 27, 2018
ISC StormCast for Thursday, July 26th 2018
5:19
Etherscan.io XSS Vulnerability
https://scotthelme.co.uk/xss-on-etherscan-io/
Tomcat Vulnerabilities Patched
https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat
DNS over HTTPS Standard Finalized
https://datatracker.ietf.org/wg/doh/about/
ERP Systems Targeted in Recent Attacks
https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
Jul 26, 2018
ISC StormCast for Wednesday, July 25th 2018
5:13
Emotet Update
https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/
Clear Text Phone Tracking
https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/
Bluetooth Bug
https://www.kb.cert.org/vuls/id/304725
Apache OpenWhisk Vulnerability
https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702
Jul 25, 2018
ISC StormCast for Tuesday, July 24th 2018
6:21
More Spectre
https://arxiv.org/pdf/1807.07940.pdf
July IE Patch Fixed older Remote Code Exec. Bug
http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/
Google Chrome 68 Released Today. HTTP sites marked as "insecure"
https://support.google.com/chrome/a/answer/7679408?hl=en
DNS Rebinding Vulnerablity Common in IoT
https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/
Jul 24, 2018
ISC StormCast for Monday, July 23rd 2018
5:15
New WebLogic Vulnerability Already Exploited
https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/
Microsoft Edge Turns off XSS Protection
https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge
Intel Management Engine Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
User Tracking With TLS 1.2 Certificates
http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf
Jul 23, 2018
ISC StormCast for Friday, July 20th 2018
5:14
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
Diqee Smart Vacuum Vulnerabilities
http://en.diqee.com/goods/1994.html
Instagram About To Release 2FA Update
https://techcrunch.com/2018/07/17/instagram-2-factor/
Reporting Malicious Websites
https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/
Jul 20, 2018
ISC StormCast for Thursday, July 19th 2018
5:20
Increase in scans for port 15454
https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Venmo Public Transaction API
https://publicbydefault.fyi
Credential Stuffing Responsible for Majority of Login Attempts
http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security
Jul 19, 2018
ISC StormCast for Wednesday, July 18th 2018
5:25
Searching for Geographically Improbably Login Attempts
https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/
Typo3 CMS Update
https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/
GitHub Expands Security Scanner to Python
https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/
Money Laundry Scheme Exposed by Open Mongo database.
https://kromtech.com/blog/security-center/digital-laundry
Jul 18, 2018
ISC StormCast for Tuesday, July 17th 2018
7:54
Encrypted SNI in TLS 1.3
https://tools.ietf.org/html/draft-rescorla-tls-esni-00
Microsoft to Retire "Delta Updates"
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426

Practical GPS Spoofing of Navigation Devices
https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf
Jul 17, 2018
ISC StormCast for Monday, July 16th 2018
7:12
Processing JSON
https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/
Cryptocoin Mining Javascript (yet again)
https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/
Dahua Passwords Leaked/Cached by Search Engine
https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/
MDM Used in Targeted Attack Against iPhone Users
https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html
Jul 16, 2018
ISC StormCast for Friday, July 13th 2018
5:54
Extortion Claims Include Leaked Passwords to Appear more Plausiable
https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/
npm Package Compromised and Used To Steal Credentials
https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026
CIRCL IMAP Proxy
https://github.com/CIRCL/IMAP-Proxy
Checkpoint Names "Dorkbot" As A Top Threat (Signup required)
https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/
Jul 13, 2018
ISC StormCast for Thursday, July 12th 2018
5:46
Hello Peppa Followup
https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/
Spectre 1.1 and 1.2
https://people.csail.mit.edu/vlk/spectre11.pdf
Internet Exchanges Band Together against BGP Hijacking
https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/
Google Enabled Site Isolation in Chrome
https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/
Jul 12, 2018
ISC StormCast for Wednesday, July 11th 2018
6:04
MSFT Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+July+2018+now+with+Dashboard/23858/
https://patchtuesdaydashboard.com/
SettingContent-ms Files Blacklisted
https://support.office.com/en-us/article/packager-activation-in-office-365-desktop-applications-52808039-4a7c-4550-be3a-869dd338d834?ui=en-US&rs=en-US&ad=US
Adobe Patches
https://helpx.adobe.com/security.html
Stolen DLINK Certificate
https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/
Jul 11, 2018
ISC StormCast for Tuesday, July 10th 2018
5:43
Reverse Shell via Weblogic Flaw
https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/
Apple Patches Everything Again
https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/
Microsoft Offers Better Azure AD Password Protection
http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/
Jul 10, 2018
ISC StormCast for Monday, July 9th 2018
4:22
Trivial Exploit For HP iLO 4 (patched last August)
https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf
Flexible Miner/Ransomware
https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/
Hacker Steals Gas From Gas Station
https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411
Jul 09, 2018
ISC StormCast for Friday, July 6th 2018
5:06
Gentoo GitHub Breach Post Morten
https://wiki.gentoo.org/wiki/Github/2018-06-28
Hamas Sets World Cup Trap for Israeli Soldiers
https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX
Jul 06, 2018
ISC StormCast for Thursday, July 5th 2018
3:13
Progress Indication For Scripts in Windows
https://isc.sans.edu/forums/diary/Progress+indication+for+scripts+on+Windows/23830/
Stylish Extension Steals History
https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/
Data Leaks From Android Apps
https://recon.meddle.mobi/panoptispy/
Jul 05, 2018
ISC StormCast for Tuesday, July 3rd 2018
5:22
Odd PHP Exploit Attempt
https://isc.sans.edu/forums/diary/Hello+Peppa+PHP+Scans/23826/
Diameter Security Report
https://www.ptsecurity.com/ww-en/premium/diameter-2018/
Attack Against Trezor via DNS or BGP
https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced
Symantec Offers VPNFilter Check
http://www.symantec.com/filtercheck/
Jul 02, 2018
ISC StormCast for Monday, July 2nd 2018
6:29
MacOS Malware Targeting Slack/Dicord Crypto Comunities
https://isc.sans.edu/forums/diary/Crypto+community+target+of+MacOS+malware/23816/
New LTE Attacks Made Public
https://alter-attack.net
Rowhammer Attacks Against Android
https://rampageattack.com
Jul 02, 2018
ISC StormCast for Friday, June 29th 2018
6:01
Less Greedy Cryptominers
https://isc.sans.edu/forums/diary/New+and+Improved+Cryptominers+Now+with+50+less+Greed/23812/
Disassemling Webassembly
https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries
Spectre Browser Mitigation Bypass
https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/
Gentoo Github Repository Compromise
https://archives.gentoo.org/gentoo-announce/message/dc23d48d2258e1ed91599a8091167002
Jun 29, 2018
ISC StormCast for Thursday, June 28th 2018
7:25
Secret Office 365 Activity Log API Unveiled (plus tool to extract logs)
http://lmgsecurity.com/exposing-the-secret-office-365-forensics-tool/
Anonymizing Printers
https://tu-dresden.de/ing/informatik/sya/ps/die-professur/news/geheime-daten-auf-dem-druckpapier-diplominformatiker-der-tu-dresden-entwickeln-verfahren-gegen-druckerueberwachung
Silently Profiling Unknown Malware Samples
https://isc.sans.edu/forums/diary/Silently+Profiling+Unknown+Malware+Samples/23808/
Cisco CVE-2018-0296 Exploited
https://www.bleepingcomputer.com/news/security/cisco-asa-flaw-exploited-in-the-wild-after-publication-of-two-pocs/
Jun 27, 2018
ISC StormCast for Wednesday, June 27th 2018
7:14
Analyzing XPS Files
https://isc.sans.edu/forums/diary/Analyzing+XPS+files/23804/
WPA3 Standard Finalized
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security
Executing Code with SettingContent-ms Files
https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39
EFF Analysis of STARTTLS
https://www.eff.org/deeplinks/2018/06/technical-deep-dive-starttls-everywhere
Jun 27, 2018
ISC StormCast for Tuesday, June 26th 2018
7:19
Guilty By Association
https://isc.sans.edu/forums/diary/Guilty+by+association/23800/
Filezila and Adware
https://forum.filezilla-project.org/viewtopic.php?t=48441
iOS Pin Brute Forcing Confusion
https://twitter.com/hackerfantastic/status/1010631766087032832
https://twitter.com/hackerfantastic/status/1010240042990596096
Azure Baseline Security Policy
https://cloudblogs.microsoft.com/enterprisemobility/2018/06/22/baseline-security-policy-for-azure-ad-admin-accounts-in-public-preview/
Phone Battery Usage as Keystroke Logger
https://sites.google.com/site/silbersteinmark/Home/popets18power.pdf?attredirects=1
Jun 26, 2018
ISC StormCast for Monday, June 25th 2018
5:40
XPS Documents Used for Spam
https://isc.sans.edu/forums/diary/XPS+Attachment+Used+for+Phishing/23794/
New Exploit Kit Trends
https://researchcenter.paloaltonetworks.com/2018/06/unit42-the-old-and-new-current-trends-in-web-based-threats/
https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-review/
Deprecating TLSv1.0 and TLSv1.1
https://datatracker.ietf.org/doc/draft-moriarty-tls-oldversions-diediedie/
Leaky Firebase Installs
http://info.appthority.com/-q2-2018-mtr-download-Firebase-vulnerability
Jun 25, 2018
ISC StormCast for Friday, June 22nd 2018
5:50
Fake Fortnite
https://blog.malwarebytes.com/cybercrime/2018/06/fake-fortnite-android-links-found-youtube/
Fake Wannacry E-Mails
https://twitter.com/actionfrauduk/status/1009803967705092096
Ransomware Installs In Internet Cafes
http://hznews.hangzhou.com.cn/shehui/content/2018-06/16/content_7020998.htm
OpenVPN Malicious Configuration Files
https://medium.com/tenable-techblog/reverse-shell-from-an-openvpn-configuration-file-73fd8b1d38da

Cisco Advisories
https://tools.cisco.com/security/center/publicationListing.x
Jun 22, 2018
ISC StormCast for Thursday, June 21st 2018
6:50
Netflix Phishing Sites Using TLS
https://isc.sans.edu/forums/diary/Secure+Phishing+Netflix+Phishing+Goes+TLS/23786/
OpenBSD Disables Hyperthreading By Default
https://www.mail-archive.com/source-changes@openbsd.org/msg99141.html
Bithumb Cyrpto Currency Exchnage Breached Again
https://www.bleepingcomputer.com/news/security/bithumb-hacked-second-time-in-a-year-hackers-steal-31-million/
Microsoft Edge CORS Bypass via Audio Files
https://jakearchibald.com/2018/i-discovered-a-browser-bug/
Microsoft Releases a Special Patch for Oracle Outside-In Libraries
https://support.microsoft.com/en-us/help/4092041/description-of-the-security-update-for-microsoft-exchange-server-2013
Jun 21, 2018
ISC StormCast for Wednesday, June 20th 2018
5:31
PowerShell ScriptBlock Loggin Bypass in the Wild
https://isc.sans.edu/forums/diary/PowerShell+ScriptBlock+Logging+Or+Not/23782/
Virustotal "False Positive" Alert
http://blog.virustotal.com/2018/06/vtmonitor-to-mitigate-false-positives.html
Cloud Environments Explosed to the Internet
https://info.lacework.com/hubfs/Containers%20At-Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf
Google Home DNS Rebinding Attack Reveals Geolocation
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
Jun 19, 2018
ISC StormCast for Tuesday, June 19th 2018
5:53
Obfuscated JavaScript Targeting Mobile Devices
https://isc.sans.edu/forums/diary/Malicious+JavaScript+Targeting+Mobile+Browsers/23778/
Axis Camera Vulnerabilities
https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/
Apple Caches Confidential Data on Unencrypted Drives
https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/
Andy Emulator Infected With CryptoMiner
https://www.reddit.com/r/emulators/comments/8rj8g5/warning_andy_android_emulator_andyos_andyroid/
Jun 19, 2018
ISC StormCast for Monday, June 18th 2018
6:32
SMTP Strangeness - Possible C2
https://isc.sans.edu/forums/diary/SMTP+Strangeness+Possible+C2/23770/
Encrypted Office Documents
https://isc.sans.edu/forums/diary/Encrypted+Office+Documents/23774/
Recent Port 8000 Scans
https://www.bleepingcomputer.com/news/security/all-that-port-8000-traffic-this-week-yeah-thats-satori-looking-for-new-bots/
New Clipboard Cryptocoin Stealing Bot
https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/
WebUSB Weakness
https://pwnaccelerator.github.io/2018/webusb-yubico-disclosure.html
Jun 18, 2018
ISC StormCast for Friday, June 15th 2018
12:14
Analyzing a Compromised Wordpress Site
https://isc.sans.edu/forums/diary/A+Bunch+of+Compromized+Wordpress+Sites/23764/
Breacking Bluetooth Low Energy Smart Padlock
https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-smart-lock/
WIM Disk Image Vulnerability
https://blog.talosintelligence.com/2018/06/vulnerability-spotlight-talos-2018-0545.html
Extracting Timely Sign-In Data from Office 365 Logs
https://www.sans.org/reading-room/whitepapers/logging/extracting-timely-sign-in-data-office-365-logs-38435
Jun 15, 2018
ISC StormCast for Thursday, June 14th 2018
5:53
From MicroTik With Love: Yet Another Router Botnet?
https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/
Using Cortana To Compromise Windows 10
https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140/
Compromised Docker Images
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers
Lazy FPU Save/Restore Allows Malware Access to FPU
https://access.redhat.com/solutions/3485131
Jun 14, 2018
ISC StormCast for Wednesday, June 13th 2018
5:50
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+June+2018+Patch+Tuesday/23758/
Apple Code Signing Verification Vulnerability
https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/
Google Chrome Restricting Inline Extension Install
https://blog.chromium.org/2018/06/improving-extension-transparency-for.html
Jun 13, 2018
ISC StormCast for Tuesday, June 12th 2018
4:46
More Malspam Pushing Lokibot
https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/
Ethereum JSON RPC Theft
https://twitter.com/360Netlab/status/1006065566728085504
CryptoCurrency Miner Plays hide-and-seek
https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/
Apple Outlaws Crypto Currency Miners in App Store
https://developer.apple.com/app-store/review/guidelines/#hardware-compatibility
FBI Arrests Suspect in BEC Investigation
https://www.fbi.gov/news/stories/international-bec-takedown-061118
Jun 12, 2018
ISC StormCast for Monday, June 11th 2018
5:30
The Seven Properties of Highly Secure Devices
https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
Finding Deserialisation Issues With Burp
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/finding-deserialisation-issues-has-never-been-easier-freddy-the-serialisation-killer/
FTC Starts Looking Into Cryptojacking
https://www.consumer.ftc.gov/blog/2018/06/protecting-your-devices-cryptojacking
Drupal Disputes Number of Vulnerable Sites
https://groups.drupal.org/node/520149
Jun 11, 2018
ISC StormCast for Friday, June 8th 2018
5:36
Critical Adobe Flash Update
https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
SuperMicro Firmware Vulnerability
https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/
FOSCAM Video Camera Vulnerabilities
https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/
Sofacy Update
https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/
Automated Twitter Loot Collection
https://isc.sans.edu/forums/diary/Automated+twitter+loot+collection/23743/
Jun 08, 2018
ISC StormCast for Thursday, June 7th 2018
5:05
VPNFilter Update
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
Prowli Botnet
https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining/
Cisco Security Bulletins
https://tools.cisco.com/security/center/publicationListing.x
F-Secure RAR Vulnerability
https://www.f-secure.com/en/web/labs_global/fsc-2018-2
PCAP to Weblogs
https://isc.sans.edu/forums/diary/Converting+PCAP+Web+Traffic+to+Apache+Log/23739/
Jun 07, 2018
ISC StormCast for Wednesday, June 6th 2018
5:41
Analysis of a Post Exploit Script
Malicious Post-Exploitation Batch File
Zip Slip Vulnerability
https://snyk.io/research/zip-slip-vulnerability
Redis Exploits
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html
Drupalgeddon 2 Update
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
Jun 06, 2018
ISC StormCast for Tuesday, June 5th 2018
6:02
Running Only Signed Code. Does it work in Windows 10?
https://isc.sans.edu/forums/diary/Digging+into+Authenticode+Certificates/23731/
Misconfigured G-Suite Mailing Lists
https://www.kennasecurity.com/widespread-google-groups-misconfiguration-exposes-sensitive-information/
Microsoft Releases Open Source Post Quantum VPN
https://github.com/Microsoft/PQCrypto-VPN
Jun 05, 2018
ISC StormCast for Monday, June 4th 2018
5:29
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple+Security+Updates/23727/
VPNFilter Makes a Comeback
https://jask.com/from-russia-with-love/
Reverse Analysis with Radare2
https://isc.sans.edu/forums/diary/Binary+analysis+with+Radare2/23723/
Pet Location Tracker Vulnerabilities
https://threatpost.com/pet-trackers-open-to-mitm-attacks-interception/132291/
Jun 04, 2018
ISC StormCast for Friday, June 1st 2018
5:45
Safely Resetting Routers
https://isc.sans.edu/forums/diary/Resetting+Your+Router+the+Paranoid+Right+Way/23719/
CSS mix-blend-mode Side Channel Attack
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/
New ActiveX Exploit Seen in the Wild
https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27263
Apple iMessage Security
https://support.apple.com/en-us/HT202303
10 Year Old Vulnerability in Steam Discovered
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
Jun 01, 2018
ISC StormCast for Thursday, May 31st 2018
4:45
Windows JScript Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-18-534/
Two Git Vulnerabilities Patched
https://marc.info/?l=git&m=152761328506724&w=2
https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/
SpamCannibal Blacklist Temporarily Marks All IPs as "Spam"
https://twitter.com/GossiTheDog/status/1001778042400854016
QRadar Remote Code Execution
https://blogs.securiteam.com/index.php/archives/3689
May 31, 2018
ISC StormCast for Wednesday, May 30th 2018
6:06
New DNS Features
https://isc.sans.edu/forums/diary/DNS+is+Changing+Are+you+Ready/23711/
Apple Updates
https://support.apple.com/en-us/HT201222
Scans For Misconfigured EOS Blockchain Nodes
https://www.bleepingcomputer.com/news/security/misconfigured-eos-blockchain-nodes-under-attack/
NPM Bug Causes Update Failures / Application Crashes
https://github.com/npm/npm/issues/20791#issuecomment-392648459
MnuBot Exfiltrates Data Via MSSQL
https://securityintelligence.com/new-banking-trojan-mnubot-discovered-by-ibm-x-force-research/
May 29, 2018
ISC StormCast for Tuesday, May 29th 2018
5:56
Ultrasound Mobile Location Tracking
https://isc.sans.edu/forums/diary/Do+you+hear+Laurel+or+Yanny+or+is+it+OnOff+Keying/23707/
Analyzing Malware Created with NSIS
https://isc.sans.edu/forums/diary/Quick+analysis+of+malware+created+with+NSIS/23703/
Obfuscated Word Macro
https://isc.sans.edu/forums/diary/Antivirus+Evasion+Easy+as+123/23701/
Z-Wave Attacks
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/
https://www.silabs.com/community/blog.entry.html/2018/05/23/tl_dr_your_door_is-g1zC
Electron Framework Protocol Handler Patch Bypass
https://blog.doyensec.com/2018/05/24/electron-win-protocol-handler-bug-bypass.html
May 29, 2018
ISC StormCast for Friday, May 25th 2018
4:39
GDPR Going Into Effect May 25th
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Bitcoin Gold Double Spent Attack
https://forum.bitcoingold.org/t/double-spend-attack-on-exchanges/1362
Amazon Alexa Forwards Random Conversations
https://www.kiro7.com/news/local/woman-says-her-amazon-device-recorded-private-conversation-sent-it-out-to-random-contact/755507974
Verge Crypto Coin Attacked Again
https://www.bleepingcomputer.com/news/security/verge-cryptocurrency-network-falls-victim-to-same-attack-even-after-hard-fork/
May 25, 2018
ISC StormCast for Thursday, May 24th 2018
5:35
VPNFilter Malware Affecting Cisco Routers
https://blog.talosintelligence.com/2018/05/VPNFilter.html
DLink Vulnerabilities
https://securelist.com/backdoors-in-d-links-backyard/85530/
Firefox Disabling "Spy APIs" and enabling 2FA
https://www.fxsitecompat.com/en-CA/docs/2018/ambient-light-and-proximity-sensor-apis-have-been-disabled/
May 24, 2018
ISC StormCast for Wednesday, May 23rd 2018
4:50
Malicious SYLK Files Used to Execute Code in Excel
https://isc.sans.edu/forums/diary/Malware+Distributed+via+slk+Files/23687/
BMW Releases Patches for Several Cars
https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf
Mac Crypto Miners
https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2018/05/new-mac-cryptominer-uses-xmrig/
VMWare Spectre Updates
https://www.vmware.com/security/advisories/VMSA-2018-0012.html
May 23, 2018
ISC StormCast for Tuesday, May 22nd 2018
5:27
Spectre NG Patches
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
New "Moon" Variant
http://blog.netlab.360.com/gpon-exploit-in-the-wild-iv-themoon-botnet-join-in-with-a-0day/
https://isc.sans.edu/forums/diary/Something+Wicked+this+way+comes/23681/
Extracting Keys From Windows ssh-agent
https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/
May 22, 2018
ISC StormCast for Monday, May 21st 2018
5:46
Redis Cryptocoin Mining Worm
https://isc.sans.edu/forums/diary/Anatomy+of+a+Redis+mining+worm/23673/
Evolving Chrome's Security Indicator
https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html
DrayTek CSRF 0-Day Exploited to Change DNS Servers
https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks
Rowhammer Remote Exploit
https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf
https://arxiv.org/abs/1805.04956
May 21, 2018
ISC StormCast for Friday, May 18th 2018
5:42
Claymore Miner Attack
https://isc.sans.edu/diary/Insecure+Claymore+Miner+Management+API+Exploited+in+the+Wild/23665/
PCI DSS Version 3.2.1. Released
https://isc.sans.edu/forums/diary/PCI+DSS+version+321+is+out/23667/
Keeper Releases Update
https://keepersecurity.com/blog/2018/05/15/response-may-15-seclists-report/
Cisco Security Update
https://tools.cisco.com/security/center/publicationListing.x
May 18, 2018
ISC StormCast for Thursday, May 17th 2018
6:27
Critical DHCP Client Vulnerability in RedHat Enterprise Server 6/7
https://access.redhat.com/security/vulnerabilities/3442151
UPnP Misconfiguration DDoS Attack
https://www.theregister.co.uk/2018/05/16/upnp_amplifies_ddos_attacks/
Ubuntu Snap Store Miner Incident Followup
https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store
iOS / Android "Zipper Down" Vulnerability
https://zipperdown.org/
May 16, 2018
ISC StormCast for Wednesday, May 16th 2018
6:56
PDF Exploit (and Windows Priv. Escalation) Leaked
https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/
Possible Vulnerability in Keeper Password Manager
http://seclists.org/fulldisclosure/2018/May/41
MyEtherWallet Phishing
https://isc.sans.edu/forums/diary/Phishing+emails+for+fake+MyEtherWallet+login+page/23655/
May 16, 2018
ISC StormCast for Tuesday, May 15th 2018
6:31
PGP/SMIME efail Vulnerability
https://efail.de
Adobe PDF Reader / Acrobat Bulletins
https://helpx.adobe.com/security/products/acrobat/apsb18-09.html
May 15, 2018
ISC StormCast for Monday, May 14th 2018
5:53
Odd njRat Like Scans
Reversed C2 traffic from China
Signal Vulnerability (Possibly in Electron, which affects Skype/Slack/others)
https://twitter.com/ortegaalfredo/status/995017143002509313
Electron Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/
Cryptocoin Miner Found in Ubuntu Snap Store
https://github.com/canonical-websites/snapcraft.io/issues/651
May 14, 2018
ISC StormCast for Friday, May 11th 2018
5:14
DNS Exfiltration in Windows
https://isc.sans.edu/forums/diary/Exfiltrating+data+from+very+isolated+environments/23645/
Fake Electrun Wallet
https://github.com/spesmilo/electrum-docs/blob/master/decompiling_guide.md
Treasure Hunter PoS Malware Source Code Leaked
https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/
More Malicious Chrome Extensions Spreading via Facebook
https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/
May 11, 2018
ISC StormCast for Thursday, May 10th 2018
4:01
Loyds Bank Phish Leads to Trickbot
https://isc.sans.edu/forums/diary/Nice+Phishing+Sample+Delivering+Trickbot/23641/
Firefox Group Policy Engine
https://www.bleepingcomputer.com/news/software/group-policy-support-coming-to-firefox-60/
OS Vendors Fix Intel Debug Flaw
https://www.kb.cert.org/vuls/id/631579
Cryptocoin Miner in Excel
https://charles.dardaman.com/js_coinhive_in_excel
May 10, 2018
ISC StormCast for Wednesday, May 9th 2018
6:21

Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2018+Patch+Tuesday/23637/
Basestriker Vulnerability Hitting Office 365
https://www.avanan.com/resources/basestriker-vulnerability-office-365
wget Cookie Injection Vulnerability
http://seclists.org/fulldisclosure/2018/May/20
May 09, 2018
ISC StormCast for Tuesday, May 8th 2018
4:51
Parsing Windows Job Files
https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/
SYN-ACK Ransomware Uses Dobbleganging Technique
https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/
More Drupal Compromises
https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/
Russia vs. Telegram
https://twitter.com/instasegv/status/993521755192020992
https://www.bleepingcomputer.com/news/government/russia-blocks-50-vpns-and-proxy-services-providing-access-to-telegram/
May 08, 2018
ISC StormCast for Monday, May 7th 2018
5:20
Malicious NPM Library Stopped
https://blog.npmjs.org/post/173526807575/reported-malicious-module-getcookies
Popular GDPR Shield
http://gdpr-shield.io (currently down)
More Spectre Flaws
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
May 07, 2018
ISC StormCast for Friday, May 4th 2018
14:48
More WebLogic Exploits
https://isc.sans.edu/forums/diary/WebLogic+Exploited+in+the+Wild+Again/23617/
Ouch! GDPR Newsletter
https://www.sans.org/security-awareness-training/ouch-newsletter
GitHub / Twitter Password Storage Issues
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
https://www.zdnet.com/article/github-says-bug-exposed-account-passwords/
Facebook adds Homegraph Alert to Certificate Transparency log monitoring
https://www.facebook.com/notes/protect-the-graph/phishing-domain-detection/2037453483161459/
Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity
https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
May 04, 2018
ISC StormCast for Thursday, May 3rd 2018
6:02
GPS Jamming Becoming More Common
https://www.avweb.com/avwebflash/news/GPS-Jamming-Major-Threat-to-Drone-230749-1.html
https://www.heise.de/newsticker/meldung/GPS-unter-Beschuss-Jamming-und-Spoofing-nehmen-zu-4038137.html
Windows Command Line References
https://isc.sans.edu/forums/diary/Windows+Commands+Reference+An+InfoSec+Must+Have/23613/
LoJack Laptop Anti-Theft Software "Phones Home" to Russia
https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
Google Maps Can Be Used as a URL Shortener
https://nakedsecurity.sophos.com/2018/05/01/google-maps-open-redirect-flaw-abused-by-spammers/
Retrieving DVR Credentials via "Admin Cookie"
https://github.com/ezelf/CVE-2018-9995_dvr_credentials
May 03, 2018
ISC StormCast for Wednesday, May 2nd 2018
5:34
Creating Malicious Office Documents
https://isc.sans.edu/forums/diary/Diving+into+a+Simple+Maldoc+Generator/23609/
Google (and Amazon) Disable Domain Fronting
https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/
Google Chrome To Enforce Certificate Transparency
https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ
May 02, 2018
ISC StormCast for Tuesday, May 1st 2018
5:40
April WebLogic Patch Incomplete and Intense Scanning for WebLogic Under Way
https://www.bleepingcomputer.com/news/security/hackers-scan-the-web-for-vulnerable-weblogic-servers-after-oracle-botches-patch/
Facex Worm Spreads Malicious Chrome Extensions via Facebook
https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targets-cryptocurrency-trading-platforms-abuses-facebook-messenger-for-propagation/
$15 DTV Transmitter as a SDR
https://hackernoon.com/osmo-fl2k-a-15-dtv-transmitter-fm-radio-hijack-and-gps-spoofing-device-68ac08ba7d76
May 01, 2018
ISC StormCast for Monday, April 30th 2018
6:33
A Few Sample #Drupal Exploits including CVE-2018-7602
https://isc.sans.edu/forums/diary/More+Threat+Hunting+with+User+Agent+and+Drupal+Exploits/23597/
Triggering SMB Connections to Steal NTLM Credentials via PDFs
https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/
NTFS Crash DoS Exploit Published for Windwos 10 and 7
https://github.com/mtivadar/windows10_ntfs_crash_dos
Apple HomeKit / Secure Element Problems
https://www.youtube.com/watch?v=1CNAMgctAp0
Azucar Assessing Azure Security
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/introducing-azucar/
Apr 30, 2018
ISC StormCast for Friday, April 27th 2018
7:12
HP iLO Ransomware
https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/
Total Meltdown Exploit Available
https://blog.xpnsec.com/total-meltdown-cve-2018-1038/
WD My Cloud EX2 Access Control Bypass
https://www.trustwave.com/Resources/SpiderLabs-Blog/WD-My-Cloud-EX2-Serves-Your-Files-to-Anyone/
Hyperoptic ZTE Home Router Hardcoded Account
https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers
Apr 27, 2018
ISC StormCast for Thursday, April 26th 2018
5:21
New Drupal Remote Code Execution Vulnerability
https://www.drupal.org/sa-core-2018-004
Malicious Network Traffic From /bin/bash
https://isc.sans.edu/forums/diary/Malicious+Network+Traffic+From+binbash/23591/
Insecure Hotel Locks
https://safeandsavvy.f-secure.com/2018/04/25/researchers-find-way-to-generate-master-keys-to-hotels/
Amazon Echo As Evesdropping Device (signin required)
https://info.checkmarx.com/wp-alexa
Apr 26, 2018
ISC StormCast for Thursday, February 1st 2018
6:50
Tax Phishing Season Starts
https://isc.sans.edu/forums/diary/Tax+Phishing+Time/23295/
Using FLIR In Incident Response
https://isc.sans.edu/forums/diary/Using+FLIR+in+Incident+Response/23291/
Oracle MICROS POS Vulnerability
https://erpscan.com/press-center/blog/oracle-micros-pos-breached/
Feb 01, 2018
ISC StormCast for Wednesday, January 31st 2018
6:56
DCShadow Attack
https://www.dropbox.com/s/baypdb6glmvp0j9/Buehat%20IL%20v2.3.pdf
https://blog.alsid.eu/dcshadow-explained-4510f52fc19d
Cisco WebVPN Update
https://isc.sans.edu/forums/diary/Cisco+ASA+WebVPN+Vulnerability/23289/
Reviving DDE Code Execution via OneNote
https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
Jan 30, 2018
ISC StormCast for Tuesday, January 30th 2018
6:11
Lenovo Fingerprint Mananger Pro Vulnerability
https://support.lenovo.com/us/en/product_security/len-15999
ClamAV Vulnerablities
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
https://blog.malwarebytes.com/malwarebytes-news/2018/01/important-web-blocking-ram-usage/
Malwarebytes Corrupted Update
https://www.malwarebytes.com/pdf/WebProtectionFP.pdf
Cisco Adaptive Security Appliance Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Web2Top Proxy onion.tor Appears to Steal Ransomware Payments
https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransomware-bitcoin-payments-onion-domains
Jan 30, 2018
ISC StormCast for Monday, January 29th 2018
6:10
Analyzing a Word Document Used in a Pentest
https://isc.sans.edu/forums/diary/Is+this+a+pentest/23283/
Analyzing BITS Activity
https://isc.sans.edu/forums/diary/Investigating+Microsoft+BITS+Activity/23281/
CryptoJacking on YouTube due to Malicious Ads
https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/
Coincheck Hack Nets 400M USD
https://coincheck.com/en/blog/4673
PHPBB Mirror Compromissed
https://www.phpbb.com/community/viewtopic.php?f=14&t=2456896
Microsoft Disables Sepctre Variant 2 Patches
https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
Jan 29, 2018
ISC StormCast for Friday, January 26th 2018
17:42
Ransomware As a Service
https://isc.sans.edu/forums/diary/Ransomware+as+a+Service/23277/
libcurl Vulnerability
http://seclists.org/oss-sec/2018/q1/94
Hide 'N Seek IoT Botnet
https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/
Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments
https://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245
Jan 25, 2018
ISC StormCast for Thursday, January 25th 2018
5:36
RTF Files For Hancitor Utilize Exploit for CVE-2017-11882
https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/
Electron Fixes Protocol Handlers Flaw
https://electronjs.org/blog/protocol-handler-fix
Xerox Workcenters Fudge Numbers
http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning?
Tracking Users Using CSS
https://github.com/jbtronics/CrookedStyleSheets
Jan 25, 2018
ISC StormCast for Wednesday, January 24th 2018
5:30
Apple Patches Everything, Again
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23269/
OpenSSL Introduces its Version of a "Patch Tuesday"
https://www.openssl.org/blog/blog/2018/01/18/f2f-london/
"Rapid" Ransomware
https://id-ransomware.blogspot.ru/2018/01/rapid-ransomware.html (Russian)
https://www.bleepingcomputer.com/forums/t/667032/rapid-ransomware-rapid-paymeme-how-recovery-filestxt-support-topic/page-2
Jan 24, 2018
ISC StormCast for Tuesday, January 23rd 2018
5:04
HTTPs on Every Port
https://isc.sans.edu/forums/diary/HTTPS+on+every+port/23261/
Curl over TOR
https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor/23257/
Spectre/Meltdown Microcode Patch Problems
https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/
https://lkml.org/lkml/2018/1/21/192
DNS Rebinding Attacks Against Geth
https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
Chinese Quantum Cryptography Satellite Link Transmits Intercontinental Videolink
https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.120.030501
Jan 23, 2018
ISC StormCast for Monday, January 22nd 2018
5:16
Analyzing an RTF Phishing Document
https://isc.sans.edu/forums/diary/An+RTF+phish/23255/
Satori Variant Steals ETH from Miners
http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by-replacing-wallet-address-en/
Evrial Trojan Modifies Copy / Pasted Bitcoin Addresses
https://twitter.com/malwrhunterteam/status/953313514629853184
Legal Challenges of Bug Bounties
https://www.heise.de/security/meldung/US-Bug-Bountys-lassen-gute-Hacker-in-die-Falle-tappen-3946508.html
Jan 22, 2018
ISC StormCast for Friday, January 19th 2018
5:09
Oracle E-Business Suite Server Can Be Attackt via WebLogic
https://www.onapsis.com/blog/oracle-january-cpu-analysis-64-patches-affect-business-critical-applications
Microsoft Resumes Patches for AMD Systems
https://www.amd.com/en/corporate/speculative-execution
Speculations About Yet Another CPU Attack
https://skyfallattack.com
Smiths Medfusion 4000 Vulnerabilities
https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md#summary
Jan 19, 2018
ISC StormCast for Thursday, January 18th 2018
5:13
Reviewing the Spam Filters: Malspam Pushing Gozi-ISFB
https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245/
Auditing Secure USB Keys
https://www.j-michel.org/blog/2018/01/16/attacking-secure-usb-keys-behind-the-scene
Malicious Open Graph title Tag Crashes iMessage
https://www.macrumors.com/2018/01/16/malicious-link-ios-mac-freezes/
BIND Fixes DoS Vulnerablity
https://kb.isc.org/article/AA-01542
Jan 18, 2018
ISC StormCast for Tuesday, January 9th 2018
5:27
WebLogic Flaw Used to Install Monero Crypto Coin Miner
https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Fake Anti-Virus Pages Poppding Up Like Weeds
https://isc.sans.edu/forums/diary/Fake+antivirus+pages+popping+up+like+weeds/23207/
Apple Spectre/Meltdown Patches
https://support.apple.com/en-us/HT201222
Meltdown Patch Fallout
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43600/?l=en_US&fs=Search&pn=1&atype=
https://forums.sandboxie.com/phpBB3/viewtopic.php?t=25114
https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software
WPA3 Announced
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements
Jan 09, 2018
ISC StormCast for Monday, January 8th 2018
5:14
Campaign is using a recently released WebLogic exploit to deploy a Monero miner
https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Misc News about Meltdown and Spectre
https://www.qualcomm.com/company/product-security/bulletins
AMD Processor Flaw
http://seclists.org/fulldisclosure/2018/Jan/12
Western Digital MyCloud Backdoor
http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125
Jan 08, 2018
ISC StormCast for Friday, January 5th 2018
7:44
SANS Special Webcast
https://www.sans.org/webcast/recording/citrix/106815/138095
ISC Diary with Links to Patches
https://isc.sans.edu/forums/diary/Spectre+and+Meltdown+What+You+Need+to+Know+Right+Now/23193/
Jan 05, 2018
ISC StormCast for Thursday, January 4th 2018
7:33
Intel CPU Vulnerablity
https://meltdownattack.com
Crypto Coin Mining Pool IP List
https://isc.sans.edu/api/threatlist/miner
Phishing to Rural America Leads to Six-figure Wire Fraud Losses
https://isc.sans.edu/forums/diary/Phishing+to+Rural+America+Leads+to+Sixfigure+Wire+Fraud+Losses/23185/
Jan 04, 2018
ISC StormCast for Wednesday, January 3rd 2018
6:46
Extracting URLs From PDFs
https://isc.sans.edu/forums/diary/PDF+documents+URLs+update/23167/
Priviledge Escalation Exploit for macOS
https://siguza.github.io/IOHIDeous/
34C3: Chaos Communications Congress
https://media.ccc.de/c/34c3
Vulnerabilities in Online Geolocation Services
https://0x0.li/trackmageddon/
Jan 03, 2018
ISC StormCast for Tuesday, January 2nd 2018
7:21
Analyzing TNEF Files
https://isc.sans.edu/forums/diary/Analyzing+TNEF+files/23175/
Obfuscated RTF Files
https://isc.sans.edu/forums/diary/Dealing+with+obfuscated+RTF+files/23169/
2017 Flood of CVEs
https://isc.sans.edu/forums/diary/2017+The+Flood+of+CVEs/23173/
Sonos/Bose Smart Speaker Flaws
https://documents.trendmicro.com/assets/pdf/The-Sound-of-a-Targeted-Attack.pdf
Web Trackers Exploit Login Managers
https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/
Backdoored Wordpress Plugins
https://www.bleepingcomputer.com/news/security/three-more-wordpress-plugins-found-hiding-a-backdoor/
Jan 01, 2018
ISC StormCast for Friday, December 22nd 2017
6:16
Critical Flaw in SMBv1 Implementation of Dell EMC Data Domain DD OS
http://seclists.org/fulldisclosure/2017/Dec/79
Facebook Enables Feature To Review All E-Mails Sent By Facebook
https://www.facebook.com/notes/facebook-security/new-security-feature-reveals-if-facebook-mails-are-legit/10154983636230766/
EtherDelta DNS Attack
https://twitter.com/etherdelta
Enigmail Vulnerability
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
Dec 22, 2017
ISC StormCast for Thursday, December 21st 2017
4:51
Kernel Hooking Basics
https://isc.sans.edu/forums/diary/Guest+Diary+Etay+Nir+Kernel+Hooking+Basics/23155/
Intel Memory Encryption
https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=33e63acc119d15c2fac3e3775f32d1ce7a01021b

WordPress Sites Infected with Monero Miners
https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-attack/
Dec 21, 2017
ISC StormCast for Wednesday, December 20th 2017
5:29
Example of "MouseOver" Link in a Powerpoint File
https://isc.sans.edu/forums/diary/Example+of+MouseOver+Link+in+a+Powerpoint+File/23149/
Adups Malware Still Haunting Android Phones
https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/
Popular Wordpress Captcha Included Backdoor
https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/
Comparing DNS Filters
https://medium.com/@nykolas.z/dns-security-filters-compared-quad9-x-opendns-x-comodo-secure-x-norton-connectsafe-x-yandex-safe-a00ace3bf21f
Dec 20, 2017
ISC StormCast for Tuesday, December 19th 2017
5:16
Not So Malicious Word Doc
https://isc.sans.edu/forums/diary/Phish+or+scam+Part+1/23141/
https://isc.sans.edu/forums/diary/Phish+or+scam+Part+2/23145/
AMF Descerializer Vulnerability
http://codewhitesec.blogspot.com/2017/04/amf.html?m=1
Windows "Keeper" Password Manager Vulnerable
https://bugs.chromium.org/p/project-zero/issues/detail?id=1481&desc=3
Android Malware Destroys Device
https://securelist.com/jack-of-all-trades/83470/
Dec 19, 2017
ISC StormCast for Monday, December 18th 2017
5:44
Microsoft Office VBA Macro Obfuscation via Metadata
https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/
Large Scale BGP Attack
https://bgpmon.net/popular-destinations-rerouted-to-russia/
HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome
http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
Dec 18, 2017
ISC StormCast for Friday, December 15th 2017
5:24
Citizen Lab Security Planner
https://securityplanner.org/
Apple Update to iOS/tvOS/iCloud (Windows)
https://support.apple.com/en-us/HT201222
Fortinet Client Credentials Shared Key
https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html
Fox-It Victim of a Man-in-the-Middle Attack
https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/
Dec 15, 2017
ISC StormCast for Thursday, December 14th 2017
5:14
Tracking Newly Registered Domains
https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/
Critical Palo Alto Firewall Flaws Allow RCE as root
http://seclists.org/fulldisclosure/2017/Dec/38
Hiding Changes from git-diff
https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/
Apple Airport Update
https://support.apple.com/en-us/HT208354
Dec 14, 2017
ISC StormCast for Wednesday, December 13th 2017
6:31
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/
EV Certificate Model Broken?
https://stripe.ian.sh
ROBOT Attack Against TLS
https://robotattack.org
Dec 13, 2017
ISC StormCast for Tuesday, December 12th 2017
6:31
Pornographic Spam Messages Used to Deliver Crypto Coin Miner
https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/
Microsoft Leaks Secret SSL Key For Dynamics 365
https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648
Proxy Botnet Used to Launch Variety of Web Application Attacks
https://news.drweb.com/show/?i=11627&lng=en
FoxIT Releases Utility to Recover Manipulated Windows Logs
https://github.com/fox-it/danderspritz-evtx
Dec 12, 2017
ISC StormCast for Monday, December 11th 2017
6:13
Sometimes An RTF Document is Just an RTF Document
https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/
HP Keyboard Drivers Can Log Keystrokes
https://support.hp.com/us-en/document/c05827409
https://zwclose.github.io/HP-keylogger/
Android App Signature Bypass
https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures
MSFT Patches Antimalware Engine
https://portal.msrc.microsoft.com/en-US/eula
Dec 11, 2017
ISC StormCast for Friday, December 8th 2017
7:07
Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe
https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf
Tracking Users Without GPS
http://ieeexplore.ieee.org/document/8038870/
Process Doppelgaenger Anti-Malware Bypass
https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
Friday Webcast About Recent OWASP Top 10 Update
https://www.sans.org/webcasts/owasp-top-10-2017-106560
Dec 08, 2017
ISC StormCast for Thursday, December 7th 2017
6:08
Apple Updates Everything
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23107/
Do Not Trust Reverse DNS. And here is an example why
https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/
NiceHash Hacked
https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/
Dec 06, 2017
ISC StormCast for Wednesday, December 6th 2017
5:03
AI.Type Data Exposed in MongoDB Database
https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records
Mailsploit Makes it Easier to Spoof From Headers in E-Mails
https://www.mailsploit.com
StorageCrypt Ransomware Encrypts NAS Devices
https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/
Android December Update
https://source.android.com/security/bulletin/2017-12-01
Dec 06, 2017
ISC StormCast for Tuesday, December 5th 2017
6:35
Incidence Response Using TheHive
https://isc.sans.edu/forums/diary/IR+using+the+Hive+Project/23099/
SSL/TLS For Scapy
https://github.com/tintinweb/scapy-ssl_tls
tvOS 11.2 Released (but no details about security content yet)
https://support.apple.com/en-us/HT201222
System Vendors Ship Laptops With Intel ME Disabled
https://www.reddit.com/r/linuxhardware/comments/7grglm/how_to_buy_a_dell_laptop_with_the_intel_me/
http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan

Hacker Falsified Jail Records To Free Friend
https://www.justice.gov/usao-edmi/pr/ann-arbor-man-pleads-guilty-computer-intrusion-case
SeKey: Touch ID Control for ssh-agent
https://github.com/ntrippar/sekey
Dec 05, 2017
ISC StormCast for Monday, December 4th 2017
5:40
Brazilian Banking Malware Uses UTF-16 Encoded .BAT File
https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/
Phishing Abuse of JotForm
https://isc.sans.edu/forums/diary/Phishing+Kit+AbUsing+Cloud+Services/23089/
Apple Releases iOS 11.2
https://support.apple.com/en-us/HT201222
(no details live yet)
Critical Patch For RSA Authentication Agent
http://seclists.org/fulldisclosure/2017/Nov/46
https://community.rsa.com/community/products/securid/authentication-agent-web-apache
Slurp S3 Bucket Enumerator
https://github.com/bbb31/slurp.git
Dec 04, 2017
ISC StormCast for Friday, December 1st 2017
14:35
More Malspam Pushing Emotet Malware
https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/
Google Chrome To Block Some Third Party Software Mid-2018
https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html
European Union Funds VLC Bug Bounty
https://joinup.ec.europa.eu/news/hackerone-vlc
STI Student Scott Perry: Virtual System Forensics
http://www.sans.org/reading-room/whitepapers/bestprac/exploring-effectiveness-approaches-discovering-acquiring-virtualized-servers-esxi-38155
Dec 01, 2017
ISC StormCast for Thursday, November 30th 2017
5:22
Apple Releases Security Update 2017-001 To Fix Passwordless Root Bug
https://support.apple.com/en-us/HT208315
Insecure Android Crypto Currency Wallets
https://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html
Coinhive Miner Now As Pop-Under
https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/
Fileless Malicious PowerShell Sample
https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/
.dev TLD Now Requires HTTPS in Chrome
http://www.theregister.co.uk/2017/11/29/google_dev_network/
Nov 30, 2017
ISC StormCast for Wednesday, November 29th 2017
6:21
Password Less Root Account Allows for Trivial Privilege Escalation on MacOS High Sierra
https://twitter.com/lemiorhan/status/935578694541770752
https://support.apple.com/en-us/HT204012
Defeating Facial Recognition
https://arxiv.org/abs/1711.09001
Bitcoin Gold Wallet App Compromise
https://bitcoingold.org/critical-warning-nov-26/
Project Exodus Identified Trackers in Android Apps
https://reports.exodus-privacy.eu.org/reports/apps/
Nov 29, 2017
ISC StormCast for Tuesday, November 28th 2017
6:34
Golden SAML Ticket Attack
https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/
Facebook Poll Image Vulnerability
https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html
Nov 28, 2017
ISC StormCast for Monday, November 27th 2017
5:52
Critical Exim Mail Server Vulnerability (Exploit released!)
https://bugs.exim.org/show_bug.cgi?id=2199
CoinPouch "Verge" Token Loss
http://www.documentcloud.org/documents/4309909-StatementonVerge-11-21-17.html
Bitcoin Routing Attacks
https://btc-hijack.ethz.ch
Scanning Ethereum Smart Contracts For Vulnerabilities
https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df
Fortiweb Manager Vulnerability
https://fortiguard.com/psirt/FG-IR-17-248
Nov 27, 2017
ISC StormCast for Wednesday, November 22nd 2017
6:49
Ethereum JSON-RPC Scans
https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/
Updated OWASP Top 10 Released
https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
TPLink Often Provides Outdated Firmware Version For Download
https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads
Nov 22, 2017
ISC StormCast for Tuesday, November 21st 2017
5:42
Intel Patches Several Vulnerabilities in its Management Engine
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Sandsifter CPU Fuzzer
https://github.com/xoreaxeaxeax/sandsifter/
Android MediaProjection API Allows For Screen Capture / Audio Recording Without User Consent
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-MediaProjection-tapjacking-advisory-2017-11-13.pdf
BusyBox Autocompletion Vulnerability
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
Nov 21, 2017
ISC StormCast for Monday, November 20th 2017
7:08
Bitcoin Pickpockets Scanning For Wallets
https://isc.sans.edu/forums/diary/BTC+Pickpockets/23052/
Resume-themed Malspam Pushing Smoker Loader
https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/
F5-BigIP TLS Vulnerability
https://support.f5.com/csp/article/K21905460
Microsoft Updates Patches / May Have Lost Sourcecode
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
http://borncity.com/win/2017/11/17/microsoft-confirms-epson-dot-matrix-printer-issue-after-november-2017-patchday-here-are-fixes/
Windows 8 And Later Fail To Apply ASLR Correctly
https://www.kb.cert.org/vuls/id/817544
StartCom TLS Certificate Authority Shutting Down
http://www.zdnet.com/article/startcom-to-shut-down-all-certificates-revoked-in-2020/
Nov 20, 2017
ISC StormCast for Friday, November 17th 2017
6:00
A Domain Dashboard For Splunk
https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/
Oracle Critical PeopleSoft Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW
GitHub Introducing Security Alerts for Dependencies
https://github.com/blog/2470-introducing-security-alerts-on-github
Exposing IP Addresses For Hidden Services
http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001
Nov 17, 2017
ISC StormCast for Thursday, November 16th 2017
6:13
Malicious Document Turns Off Word Macro Protections
https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/
Blueborne Affects Amazon Echo and Google Home Devices (now patched)
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
More Malicious Apps In Google's Play Store
https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/
OnePlus Phones Found With Preinstalled Debug App
https://twitter.com/fs0c131y
https://twitter.com/__Tux/status/754085708843786240
Nov 16, 2017
ISC StormCast for Wednesday, November 15th 2017
5:45
Microsoft Patch Tuesday Updates
https://helpx.adobe.com/security.html
Adobe Patches
https://helpx.adobe.com/security.html
Abusing Anti-Virus Quarantine Folders for Priv. Escalation
https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
Nov 15, 2017
ISC StormCast for Tuesday, November 14th 2017
7:55
FaceID Beaten By Mask
http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure
Various URL Validation and HTTP Request Libraries Allow SSRF
https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
Using Heart Rythm As Biometric ID
http://www.buffalo.edu/news/releases/2017/09/034.html
Nov 14, 2017
ISC StormCast for Monday, November 13th 2017
6:41
Auditing TLS Root Certificates on Windows
https://isc.sans.edu/forums/diary/Keep+An+Eye+on+your+Root+Certificates/23030/
How Google Accounts Are Hijacked
https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html
Battling E-Mail Phishing
https://isc.sans.edu/forums/diary/Battling+email+phishing/23028/
Hacking Airplanes
http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/
Nov 13, 2017
ISC StormCast for Friday, November 10th 2017
7:09
Twilio Credentials Found in Mobile Apps (requires registration)
http://info.appthority.com/-q4-2017-mtr-download-eavesdropper
Drive By Cryto Currency Mining Keeps Increasing
https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf

Intel's Management Engine Firmware Decoded
https://twitter.com/h0t_max
https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/
Nov 10, 2017
ISC StormCast for Thursday, November 9th 2017
6:26
Mantistek Gaming Keyboard Cloud Driver Exfiltrates Keystroke Data
https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html
Logitech Will Discontinue Harmony Link Device and Brick it via Firmware Update in March 2018
https://www.theverge.com/circuitbreaker/2017/11/8/16623076/logitech-harmony-link-discontinued-bricked
Amazon Is Introducing Additional Security Features for S3
https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/
Nov 09, 2017
ISC StormCast for Wednesday, November 8th 2017
6:31
Interesting RTF Maldoc VBA Dropper
https://isc.sans.edu/forums/diary/Interesting+VBA+Dropper/23016/
Multiple Linux USB Flaws Made Public
http://www.openwall.com/lists/oss-security/2017/11/06/8
Google Android November Patches
https://source.android.com/security/bulletin/2017-11-01#media-framework
Ethereum Multi Signature Wallet Bug Cause Loss of $280 Million
https://paritytech.io/blog/security-alert.html
https://github.com/paritytech/parity/issues/6995
Nov 08, 2017
ISC StormCast for Tuesday, November 7th 2017
6:17
Fake WhatsApp App in Google Play Store
https://www.reddit.com/r/Android/comments/7ahujw/psa_two_different_developers_under_the_same_name/
Crunchyroll.com Redirect Leads to Malware
https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155
https://bartblaze.blogspot.com.au/2017/11/crunchyroll-hack-delivers-malware.html
Recovering Previously Encrypted iOS Backups
https://www.gillware.com/forensics/blog/digital-forensics-case-study/new-solution-encrypted-backups/
Nov 07, 2017
ISC StormCast for Monday, November 6th 2017
5:15
PDF Parser for URLs and Text Content of PDFs
https://isc.sans.edu/forums/diary/Extracting+the+text+from+PDF+documents/23008/ https://isc.sans.edu/forums/diary/PDF+documents+URLs/23006/

Mobile Pwn2Own Contest 2017
https://www.zerodayinitiative.com/blog
OpenSSL Patch
https://www.openssl.org/news/secadv/20171102.txt
IEEE P1735 Standard Leads to Weak Crypto
https://eprint.iacr.org/2017/828.pdf
Nov 06, 2017
ISC StormCast for Friday, November 3rd 2017
7:13
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI
http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf
Half of Most Popular Free iOS Apps do not use TLS correctly
http://www.zeit.de/digital/datenschutz/2017-10/iphone-ios-apps-hacker-verschluesselung/komplettansicht#comments
Image Downloader Chrome Extension Includes Adware
https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/
Employees Pay Up Ransomware
https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/
Nov 02, 2017
ISC StormCast for Thursday, November 2nd 2017
5:37
Configuring SSH Properly on Cisco IOS
https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/
Ethereum Miners Hijacked via Default SSH Credentials
https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/
Crypto Shuffler Steals Bitcoin From Clipboard
https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/
Google Calender Event Injection Added To Mail Snipper
https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/
November Ouch! Newsletter released: Shopping Security Online
https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017
Nov 01, 2017
ISC StormCast for Wednesday, November 1st 2017
5:21
Malicious Powershell Code
https://isc.sans.edu/forums/diary/Some+Powershell+Malicious+Code/22988/
Apple Updates Everything
https://support.apple.com/en-gb/HT201222
Internet Draft To Update IoT Devices
https://tools.ietf.org/html/draft-moran-suit-architecture-00
Oct 31, 2017
ISC StormCast for Tuesday, October 31st 2017
6:08
Google Chrome Moving Away from HTTPS Public Key Pinning (HPKP)
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ
Effort To Remove Trust From Dutch CA Over New Intercept Law
https://bugzilla.mozilla.org/show_bug.cgi?id=1408647
Crypto Coin Mining Feature Found in Google App Store Downloads
http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
Oct 30, 2017
ISC StormCast for Monday, October 30th 2017
5:06
Critical New Oracle Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html
CatchAll Google Chrome Plugins
https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/
ACE Files Used For Malware
https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/

Oct 29, 2017
ISC StormCast for Friday, October 27th 2017
5:58
Results of Kaspersky's Internal Investigation
https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/
Infineon Bug Testing Tool
https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py
https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc
Micropatch Available for "DDE Vulnerability"
https://0patch.blogspot.com/2017/10/0patching-office-dde-ddeauto.html
Finding Cryptocurrency Miners
https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157
Oct 26, 2017
ISC StormCast for Thursday, October 26th 2017
6:25
Coinhive Domain Compromise
https://coinhive.com/blog/dns-breach
Dell Loses Control of Backup and Recovery Cloud Storage Domain
https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267
Google ReCaptcha Broken
https://github.com/ecthros/uncaptcha
Users in Iran Targeted by Cryptoransomware Masquerading as VPN
https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/
Crypto Currency Phishing
https://www.dearbytes.com/blog/cryptocurrency-phishing/
Oct 25, 2017
ISC StormCast for Wednesday, October 25th 2017
5:04
Stop Relying on File Extensions
https://isc.sans.edu/forums/diary/Stop+relying+on+file+extensions/22962/
BadRabbit New Ransomware Wave Hitting Russia and Ukraine
https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/
https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/
Over 70% Of Web Traffic Now via TLS
https://transparencyreport.google.com/https/overview?hl=en
Static RNG Seeds in Fortinet Devices
https://duhkattack.com
Oct 24, 2017
ISC StormCast for Tuesday, October 24th 2017
6:03
Is a Telco in Brazil Hosing An Epidemic of Open SOCKS Proxies?
https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/
Android May Be Adding DNS Over TLS
https://www.xda-developers.com
https://tools.ietf.org/html/rfc7858
Fake Crypto Currency Trading Applications
https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
Oct 23, 2017
ISC StormCast for Sunday, October 22nd 2017
5:38
IoT "Reaper" Botnet
http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/
https://research.checkpoint.com/new-iot-botnet-storm-coming/
Elmedia Player and Folx Infected with Proton Malware
https://www.eltima.com/blog/2017/10/elmedia-player-and-folx-malware-threat-neutralized.html
Google Expands Bug Bounty To Popular Android Apps
https://www.google.com/about/appsecurity/play-rewards/index.html
Increased Use of Last Week's Flash Vulnerability
https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
Oct 22, 2017
ISC StormCast for Friday, October 20th 2017
5:52
Locky Ransomware Updates
https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/
https://isc.sans.edu/forums/diary/HSBCthemed+malspam+uses+ISO+attachments+to+push+Loki+Bot+malware/22942/
Authedmine To Replace Coinhive
https://coinhive.com/blog/authedmine
Attackers Scan for SSH Keys via Webexploits
https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/
Attacking Colocated Virtual Machines with Rowhammer
https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/
Oct 20, 2017
ISC StormCast for Thursday, October 19th 2017
5:13
Baselining Servers to Detect Outliers
https://isc.sans.edu/forums/diary/Baselining+Servers+to+Detect+Outliers/22940/
Test Script Available for KRACK Vulnerability
https://github.com/vanhoefm/krackattacks-test-ap-ft
WaterMiner Distributed With Gaming Mods
https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner
Microsoft Releases Fall Creators Update
https://blogs.windows.com/windowsexperience/2017/10/17/whats-new-windows-10-fall-creators-update/#76CQXoUYxT81RLJi.97
Oct 19, 2017
ISC StormCast for Wednesday, October 18th 2017
5:20
Hancitor Malspam Uses DDE Attack To Spread Banking Malware
https://isc.sans.edu/forums/diary/Hancitor+malspam+uses+DDE+attack/22936/
Infineon RSA Key Generation Weakness
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
Chrome Improving Security
https://www.blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/
Oct 18, 2017
ISC StormCast for Tuesday, October 17th 2017
8:40
WPA2 "Krack" Attack
https://www.krackattacks.com/
https://securingthehuman.sans.org/blog/2017/10/16/28748/
Adobe Flash Player Update
https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
Two (identical) uTorrent Binaries With Different Hashes
https://isc.sans.edu/forums/diary/Its+in+the+signature/22928/
Oct 16, 2017
ISC StormCast for Monday, October 16th 2017
5:29
Peeking Into an Outlook .msg File
https://isc.sans.edu/forums/diary/Peeking+into+msg+files/22926/
Abandoned Domains / Equifax/Transunion Lead to Fake Falsh Update
https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/
Microsoft Patch Causes Corrupted Systems
https://support.microsoft.com/en-us/help/4049094
DoubleLocker Android Ransomware
https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/
Chrome Extension Mines Crypto Currency
https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/
Oct 15, 2017
ISC StormCast for Friday, October 13th 2017
5:54
Version Control Tools Are Not Only For Developers
https://isc.sans.edu/forums/diary/Version+control+tools+arent+only+for+Developers/22922/
Coin Hive Javascript Crypto Currency Miner Found on Piratebay
https://twitter.com/esterling_/status/918240914623090695
https://crypto-loot.com
Macro-less Code Exec in MSWord Rediscovered
https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/
Hard Disks Can Be Used As Microphones
https://github.com/ortegaalfredo/kscope/blob/master/doc/HDD-microphones.pdf
Oct 12, 2017
ISC StormCast for Thursday, October 12th 2017
6:36
Outlook Includes plain text version of e-mail with S/MIME Encryption
https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html
RubyGems Remote Code Execution Vulnerability
http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
Google Home Mini Recorded Everything
http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/
Cameradar Finds Open RTSP Streams
https://github.com/EtixLabs/cameradar
Oct 11, 2017
ISC StormCast for Wednesday, October 11th 2017
5:53
Microsoft Monthly Updates
https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/
Spoofed iOS iCloud Login
https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking
Oct 11, 2017
ISC StormCast for Tuesday, October 10th 2017
6:33
Base64 Encoded Word Documents
https://isc.sans.edu/forums/diary/Base64+All+The+Things/22912/
Skimmer Scanner Helps Find Credit Card Skimmers
https://github.com/sparkfunX/Skimmer_Scanner
TLS 1.3 Remains "On Hold"
https://www.ietf.org/mail-archive/web/tls/current/msg24517.html
FIDO U2F Key Review / Test
https://www.imperialviolet.org/2017/10/08/securitykeytest.html
Oct 09, 2017
ISC StormCast for Sunday, October 8th 2017
8:11
Payment Handler API
https://w3c.github.io/payment-handler/
https://blog.lukaszolejnik.com/privacy-of-web-request-api/
OpenSSH Version 7.6 Released
http://www.openssh.com/txt/release-7.6
Microsoft Delaying Some Patches for Earlier Windows Versions
https://googleprojectzero.blogspot.sg/2017/10/using-binary-diffing-to-discover.html
The Dangers of Cables
https://isc.sans.edu/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/
Oct 08, 2017
ISC StormCast for Friday, October 6th 2017
15:40
Extract HTTP Requests from PCAPs and Turn Them Into cURL Commands
https://isc.sans.edu/forums/diary/pcap2curl+Turning+a+pcap+file+into+a+set+of+cURL+commands+for+replay/22900/
Apple Patches Embarrasing MacOS High Sierra Flaw
https://www.appleworld.today/blog/2017/10/5/macos-high-sierra-flaw-exposes-passwords-of-encrypted-apfs-volumes
Another Tomcat PUT Vulnerability
https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E
Dallas Haselhorst: HL7 Healthcare Protocol
https://www.sans.org/reading-room/whitepapers/hipaa/hl7-data-interfaces-medical-environments-understanding-fundamental-flaw-healthcare-38005
https://www.sans.org/reading-room/whitepapers/vpns/hl7-data-interfaces-medical-environments-attacking-defending-achilles-heel-healthcare-38010
https://www.tripwire.com/state-of-security/security-data-protection/hl7-data-interfaces-in-medical-environments/
Oct 06, 2017
ISC StormCast for Thursday, October 5th 2017
5:39
Cyber Security Awareness Month: Ouch! Newsletter
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201710_en.pdf
Modified Rowhammer Attack Bypasses Current Defenses
https://arxiv.org/pdf/1710.00551.pdf
Metasploit Modules For VMWare Escape
https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor
Oct 04, 2017
ISC StormCast for Wednesday, October 4th 2017
6:01
Fedex Malspam Pushes Formbook Infostealer Malware
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/22888/
Wordpress Plugins Heavily Abused For Site Defacements
https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/
Fake WordPress Security Plugin Being Advertised
https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html
Proof Of Concept Information Disclosure for Internet Explorer
https://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/
Nzyme Wifi Frame Recording and Forensics
https://wtf.horse/2017/10/02/introducing-nzyme-wifi-802-11-frame-recording-and-forensics/
Cyber Security Interviews
https://twitter.com/CSI_Podcast/status/915026734801489921
Oct 04, 2017
ISC StormCast for Tuesday, October 3rd 2017
5:52
Passive DNS
Investigating Security Incidents with Passive DNS
Bypassing Domain Authentication
https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c
DNSMasq Vulnerabilities
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
Oct 03, 2017
ISC StormCast for Monday, October 2nd 2017
5:22
Who's Borrowing Your Resources. Javascript Monero Miners on Video Sites
https://isc.sans.edu/forums/diary/Whos+Borrowing+your+Resources/22882/
OS X Silently Patches Javascript Quarantine Bypass
https://www.wearesegment.com/research/Mac-OS-X-Local-Javascript-Quarantine-Bypass.html
Apple EFI Updates Often Not Applied
https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research
Oct 02, 2017
ISC StormCast for Friday, September 29th 2017
5:48
Dealing With Massive Packet Captures
https://isc.sans.edu/forums/diary/The+easy+way+to+analyze+huge+amounts+of+PCAP+data/22876/
Illusion Gap Anti-Virus Bypass
https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/
DNSSEC KSK Update Delayed
https://www.icann.org/news/announcement-2017-09-27-en
Linux PIE/Stack Corruption
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
Sep 29, 2017
ISC StormCast for Thursday, September 28th 2017
5:14
Everything You Ever Wanted To Know About JPEGs (and more)
https://isc.sans.edu/forums/diary/It+is+a+resume+Part+3/22808/
Linux 4.14 Memory Encryption
https://lwn.net/Articles/686808/
CLKSCREW: Exposing Secure Enclaves via Energy Management
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf
~
~
~
~
Sep 28, 2017
ISC StormCast for Wednesday, September 27th 2017
5:18
XPCTRA Steals Banking / Cryptocurrency Info
https://isc.sans.edu/forums/diary/XPCTRA+Malware+Steals+Banking+and+Digital+Wallet+Users+Credentials/22868/
Vulnerable Mobile Investment Applications
http://blog.ioactive.com/2017/09/are-you-trading-securely-insights-into.html
iOS WiFi Exploit PoC Code Published
https://bugs.chromium.org/p/project-zero/issues/detail?id=1289
Android Malware Exploiting "Dirty Cow"
http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/
Sep 27, 2017
ISC StormCast for Tuesday, September 26th 2017
5:39
macOS High Sierra Security Updates
https://support.apple.com/en-us/HT201222
Possible macOS Keychain Leak
https://twitter.com/patrickwardle/status/912254053849079808
Monero Cryptocoin Miner Found on Showtime Website
https://badpackets.net/coinhive-miner-found-on-official-showtime-network-websites-in-latest-case-of-cryptojacking/
Sep 26, 2017
ISC StormCast for Monday, September 25th 2017
6:00
Forensic Use of "mount --bind"
https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/
Adobe Publishes Secret PGP Key By Mistake
https://twitter.com/jupenur/status/911286403434246144
AVAST Publishes CCleaner Update
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
Compromised Android Keyboard App
https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/
Sep 25, 2017
ISC StormCast for Friday, September 22nd 2017
5:37
More (Likely Fake) DDoS Extortion Attempts
https://isc.sans.edu/forums/diary/Emails+threatening+DDoS+allegedly+from+Phantom+Squad/22856/
CVE-2017-8759 Used in Cyber Crime Attacks
https://isc.sans.edu/forums/diary/Email+attachment+using+CVE20178759+exploit+targets+Argentina/22850/
CCleaner Command and Control Server
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html?m=1
Vulnerability in Intel Managment Engine Can Lead to Execution of Unsigned Code
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
Sep 22, 2017
ISC StormCast for Thursday, September 21st 2017
5:37
Newest Locky Update: RAR Attachments and "Invoice" E-Mails
https://isc.sans.edu/forums/diary/Ongoing+Ykcol+Locky+campaign/22848/
Viacom S3 Bucket Leak
https://www.upguard.com/breaches/cloud-leak-viacom
iOS 11 Outlook.com Bug
https://support.apple.com/en-us/HT208136
Sep 21, 2017
ISC StormCast for Wednesday, September 20th 2017
6:01
Mac-Robber Python Rewrite
https://isc.sans.edu/forums/diary/New+tool+macrobberpy/22844/
Apache Tomcat Patch
https://www.us-cert.gov/ncas/current-activity/2017/09/19/Apache-Releases-Security-Updates-Apache-Tomcat
Apple Updates For iOS, Xcode, tvOS, watchOS and Safari
https://support.apple.com/en-us/HT201222
Sep 20, 2017
ISC StormCast for Tuesday, September 19th 2017
8:08
CCleaner Compromise
http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users
Word INCLUDEPICTURE Feature Abuse
https://securelist.com/an-undocumented-word-feature-abused-by-attackers/81899/
security.txt file
https://www.ietf.org/id/draft-foudil-securitytxt-00.txt
https://www.ietf.org/rfc/rfc2142.txt
Sep 19, 2017
ISC StormCast for Monday, September 18th 2017
5:54
Bashware: Bypassing Windows Security via Linux (WSL)
https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/
Javascript Rogue Crypto Currency Miner
https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/
NodeJS Hash Table DoS
https://medium.com/@ahmadbamieh/nodejs-constant-hashtables-seeds-vulnerability-f03bf70e3593
HTTPS Interception
https://blog.cloudflare.com/understanding-the-prevalence-of-web-traffic-interception/
Sep 18, 2017
ISC StormCast for Friday, September 15th 2017
5:27
Another Webshell; Another Backdoor
https://isc.sans.edu/forums/diary/Another+webshell+another+backdoor/22826/
D-Link Vulnerability
https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html
Chrome To Label FTP As Insecure
https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ
More Google Play Store Malware
https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/
Elasticsearch Botnet
https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet
Sep 15, 2017
ISC StormCast for Thursday, September 14th 2017
5:00
No IPv6? Challenge Accepted
https://isc.sans.edu/forums/diary/No+IPv6+Challenge+Accepted+Part+1/22820/
Exploiting CVE-2017-8759
https://www.mdsec.co.uk/2017/09/exploiting-cve-2017-8759-soap-wsdl-parser-code-injection/
Wordpress Plugin Found With Backdoor
https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/
Sep 14, 2017
ISC StormCast for Wednesday, September 13th 2017
5:39
Microsoft Patch Tuesday
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
https://technet.microsoft.com/security/advisories
BlueBorne Bluetooth Vulnerability
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
Sep 13, 2017
ISC StormCast for Tuesday, September 12th 2017
6:37
Cisco Struts Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
Google Chrome Warning Users of Anti-Malware SSL Interception
https://twitter.com/sashaperigo/status/906263091624591360
Machinelearning To Identify Malicious TLS Connections
https://arxiv.org/pdf/1607.01639.pdf
Comodo Breaking CAA Standard
https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg08027.html
Sep 12, 2017
ISC StormCast for Monday, September 11th 2017
5:49
Analyzing JPEG Files
https://isc.sans.edu/forums/diary/Analyzing+JPEG+files/22806/
Auditing Windows With WINspect
https://isc.sans.edu/forums/diary/Windows+Auditing+with+WINspect/22810/
Windows PSSetLoadImageNotifyRoutine Vulnerability
https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/
IOTA Cryptocurrency Vulnerable Hash Function
https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367
Sep 11, 2017
ISC StormCast for Friday, September 8th 2017
15:37
Yet Another Struts RCE Vulnerability
https://struts.apache.org/docs/s2-053.html
Equifax Compromise
https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack
Hash Extension Flaws
https://isc.sans.edu/forums/diary/Modern+Web+Application+Penetration+Testing+Hash+Length+Extension+Attacks/22792/
Matt Hosburgh: Offensive Intrusion Analysis: Uncovering Insiders with Threat Hunting and Active Defense
Sep 08, 2017
ISC StormCast for Thursday, September 7th 2017
5:16
Struts2 Metasploit Module
https://github.com/rapid7/metasploit-framework/pull/8924/commits/5ea83fee5ee8c23ad95608b7e2022db5b48340ef
Google Docs Table With Hacked MongoDB Databases
https://docs.google.com/spreadsheets/d/1QonE9oeMOQHVh8heFIyeqrjfKEViL0poLnY8mAakKhM/edit#gid=1781677175
Bypassing Cloudflare
https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/
Sep 07, 2017
ISC StormCast for Wednesday, September 6th 2017
6:47
A Look Back At Nira and What's Next
https://isc.sans.edu/forums/diary/The+Mirai+Botnet+A+Look+Back+and+Ahead+At+Whats+Next/22786/
New Struts Vulnerability and Patch
https://isc.sans.edu/forums/diary/Struts+vulnerability+patch+released+by+apache+patch+now/22788
Mastercard Internet Gateway Service Flaw
http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/
Mac OS X High Sierra Insecure Kernel Module Loading
https://objective-see.com/blog/blog_0x21.html
Sep 06, 2017
ISC StormCast for Tuesday, September 5th 2017
6:18
Locky Ransom Ware is Back and This Time Pretents to Be a Font
https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/
When is a PDF Just a PDF?
https://isc.sans.edu/forums/diary/It+is+a+resume+Part+1/22780/
Asterisk Vulnerable to RTPBleed
https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleed
Arris AT&T Modems With Backdoor
https://www.nomotion.net/blog/sharknatto/
Sep 05, 2017
ISC StormCast for Friday, September 1st 2017
14:25
Is Remote Work Feasible in a SOC?
https://isc.sans.edu/forums/diary/Remote+SOC+Workers+Concerns/22772/
Linux Random Number Generator Reviewed
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5
Adobe Acrobat and Reader Security Patch
https://blogs.adobe.com/psirt/?p=1484
Turning Speakers into Microphones
https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf
Sep 01, 2017
ISC StormCast for Thursday, August 31st 2017
6:28
IoT Gear Affected by ConnMan Vulnerablity
http://connmando.nri-secure.co.jp/index.html
Trickbot Going After Coinbase
https://blogs.forcepoint.com/security-labs/trickbot-goes-after-cryptocurrency
Pacemakers Need Patch
https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm
Inaudible Voice Commands
https://arxiv.org/pdf/1708.07238.pdf
Aug 30, 2017
ISC StormCast for Wednesday, August 30th 2017
6:06
Another Chrome Extension Banking Malware
https://isc.sans.edu/forums/diary/Second+Google+Chrome+Extension+Banker+Malware+in+Two+Weeks/22766/
Vulnerable Docker VM
https://www.notsosecure.com/vulnerable-docker-vm/
Large Spam E-Mail and Password List Discovered
https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
Aug 30, 2017
ISC StormCast for Tuesday, August 29th 2017
5:38
Survey of Recent DVR Attacks
https://isc.sans.edu/forums/diary/An+Update+On+DVR+Malware+A+DVR+Torture+Chamber/22762/
Disabling Intel ME
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
Wire-X Takedown
https://blogs.akamai.com/2017/08/the-wirex-botnet-an-example-of-cross-organizational-cooperation.html
Aug 29, 2017
ISC StormCast for Monday, August 28th 2017
6:49
Analyzing 7zip Malware
https://isc.sans.edu/forums/diary/Malware+analysis+searching+for+dots/22758/
Worldwide DNS Manipulation Survey
https://people.eecs.berkeley.edu/~pearce/papers/dns_usenix_2017.pdf
Sophos Withdraws UTM Update
https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-503-released
Crypto Currency Malware
https://resources.netskope.com/h/i/361264722-coin-mining-malware-heads-to-the-cloud-with-zminer
Aug 28, 2017
ISC StormCast for Friday, August 25th 2017
12:23
Critical HPE iLo Vulnerability
http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us
Facebook Messenger Spam Leads to Malware
https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/
iOS 10.3.1 Kernel Exploit Released
https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/
Samsung Bricks Smart TVs With Update
https://eu.community.samsung.com/t5/TV-Audio-Video/Samsung-MU-Series-2017-Smart-TV-s-will-do-nothing-after-Samsung/td-p/250277
John Bambenek's DGA Feeds
http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
Aug 25, 2017
ISC StormCast for Thursday, August 24th 2017
5:44
Malware Loading Avast Safe Zone Browser
https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/
Ropemaker E-Mail Content
https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf
Cloud Based Accounts Increasingly a Target
https://www.microsoft.com/en-us/security/intelligence-report
More Malware Found At Ukraining Accounting Software Makers
https://issp.ua/issp_system_images/UPD_samples_analysis_eng.pdf
Aug 24, 2017
ISC StormCast for Wednesday, August 23rd 2017
5:08
Elcomsoft Releases Ability to Retrieve Apple Keychain from iCloud
https://www.elcomsoft.com/eppb.html
Mapping Rooms With Smart Speakers
http://musicattacks.cs.washington.edu/activity-information-leakage.pdf
Netcraft Identifies .fish Domain Used For Phishing
https://news.netcraft.com/archives/2017/08/21/first-fishy-phishing-sites-sighted.html
Aug 23, 2017
ISC StormCast for Tuesday, August 22nd 2017
5:47
Hackers Scam $ 500,000 From Enigma Digital Currency Investors
http://www.theregister.co.uk/2017/08/21/enigma_digital_currency_investors_scammed/
Bitcoin Privacy Threats
https://arxiv.org/abs/1708.04748
$500 iPhone PIN Brute Forcing Box
https://www.youtube.com/watch?v=IXglwbyMydM
SyncCrypt Bypasses Antivirus Filters With Images
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/
Aug 22, 2017
ISC StormCast for Monday, August 21st 2017
5:27
EngineBox Banking Malware
https://isc.sans.edu/forums/diary/EngineBox+Malware+Supports+10+Brazilian+Banks/22736/
It's Not An Invoice
https://isc.sans.edu/forums/diary/Its+Not+An+Invoice/22738/
iOS Secure Enclave Key Posted
https://www.theiphonewiki.com/wiki/Greensburg_14G60_%28iPhone6,1%29
Vulnerabilities in FoxIT PDF Reader
https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader
Aug 20, 2017
ISC StormCast for Friday, August 18th 2017
16:24
Maldoc with auto-updated link
https://isc.sans.edu/forums/diary/Maldoc+with+autoupdated+link/22730/
Rowhammer is Back: SSD Memory Affected
https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf
Nathaniel Quist: Active Defense in a Labyrinth of Deception
https://www.sans.org/reading-room/whitepapers/ActiveDefense/active-defense-labyrinth-deception-37462
Aug 18, 2017
ISC StormCast for Thursday, August 17th 2017
6:20
Analysis of a Paypal Phishing Kit
https://isc.sans.edu/forums/diary/Analysis+of+a+Paypal+phishing+kit/22726/
ShadowPad Backdoor in NetSarang Equipment
https://securelist.com/shadowpad-in-corporate-networks/81432/
Solving Captcha Audio Challenges
http://uncaptcha.cs.umd.edu/papers/uncaptcha_woot17.pdf
Aug 17, 2017
ISC StormCast for Wednesday, August 16th 2017
6:03
Malspam Pushing Trickbot Banking Trojan
https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/
Banker Google Chrome Extension Targeting Brazil
https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/
DJI "Go" App May Be Using JSPatch To Modify Applications After Install
https://www.rcgroups.com/forums/showpost.php?p=38096850&postcount=2713
Smartlocks Bricked After Auto-Update
http://www.securitysales.com/news/smart-locks-lobotomized-failed-update/
Aug 16, 2017
ISC StormCast for Tuesday, August 15th 2017
6:09
When A Malicious Looking E-Mail Turns Out to be "just" spam
https://isc.sans.edu/forums/diary/Sometimes+its+just+SPAM/22716/
Android iOS Intra-Library Collusion
https://arxiv.org/abs/1708.03520
SonicSpy: Android Spyware Apps
https://blog.lookout.com/sonicspy-spyware-threat-technical-research
Checking For Breached Passwords in Active Directory
https://jacksonvd.com/checking-for-breached-passwords-in-active-directory/
Aug 15, 2017
ISC StormCast for Monday, August 14th 2017
5:40
Outlook Web Access Based Attacks
https://isc.sans.edu/forums/diary/Outlook+Web+Access+based+attacks/22710/
The Good Phishing Email
https://isc.sans.edu/forums/diary/The+Good+Phishing+Email/22712/
Git/CVS/Mercurial and others: ssh vulnerablity
http://blog.recurity-labs.com/2017-08-10/scm-vulns
Postgresql Vulnerablities
https://bugzilla.redhat.com/show_bug.cgi?id=1477185
Aug 14, 2017
ISC StormCast for Friday, August 11th 2017
5:46
Maldoc Analysis With ViperMonkey
https://isc.sans.edu/forums/diary/Maldoc+Analysis+with+ViperMonkey/22702/
Microsoft Joins Google/Mozilla in Banishing WoSign and StartCom From Trusted CA List
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/
SMS Touch App Leaking Messages
https://www.zscaler.com/blogs/research/mobile-app-wall-shame-sms-touch
Mac Adware Mughthesec
https://objective-see.com/blog/blog_0x20.html
Aug 11, 2017
ISC StormCast for Thursday, August 10th 2017
6:52
DirectDefense Accuses Carbon Black of Data Leak
https://www.carbonblack.com/2017/08/09/directdefense-incorrectly-asserts-architectural-flaw-in-cb-response/
https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/
Vulnerabilities in Solar Generation
https://horusscenario.com
Hunting Malicious npm Packages
https://duo.com/blog/hunting-malicious-npm-packages
Aug 10, 2017
ISC StormCast for Wednesday, August 9th 2017
5:57
Microsoft Updates
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2017/22694/
Adobe Updates
https://helpx.adobe.com/security.html
Android Patches
https://source.android.com/security/bulletin/2017-08-01
How Are People Fooled By This? Email To Sign a Contract Provides Malware
https://isc.sans.edu/forums/diary/How+are+people+fooled+by+this+Email+to+sign+a+contract+provides+malware+instead/22696/
Aug 09, 2017
ISC StormCast for Tuesday, August 8th 2017
5:43
PHPMyAdmin Scans
https://isc.sans.edu/forums/diary/Increase+of+phpMyAdmin+scans/22688/
Hotspot Shield Leakes Private User Data
https://cdt.org/files/2017/08/FTC-CDT-VPN-complaint-8-7-17.pdf
Debian Turning Off Support for TLS 1.0/1.1
https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html
Ongoing Phishing Attacks Against Google Chrome Plugin Developers
https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/
Aug 07, 2017
ISC StormCast for Monday, August 7th 2017
6:13
Opengraph Used to Obfuscate Facebook Links
https://isc.sans.edu/forums/diary/Use+of+the+Open+Graph+Protocol+to+Disguise+Malicious+Facebook+Links/22684/
Cerber Adding Bitcoin and Password Stealer to Crypto Ransomware
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/
Symantec Selling Certificate Business To Digicert
https://www.heise.de/security/meldung/Nachspiel-einer-fatalen-Panne-Symantec-verkauft-Zertifikatssparte-an-DigiCert-3793482.html
Siemens Medical Imaging Systems Vulnerable to Old Windows Flaws
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184.pdf
Aug 07, 2017
ISC StormCast for Friday, August 4th 2017
5:50
Raspberry Pi Honeypot
https://github.com/DShield-ISC/dshield
Troy Hunt Releases Password List
https://haveibeenpwned.com/Passwords
Typosquatting npm Packages
http://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry
SEC503: Intrusion Detection in Depth Berlin (Oct 23rd-28th)
https://www.sans.org/event/berlin-2017/course/intrusion-detection-in-depth
Aug 04, 2017
ISC StormCast for Thursday, August 3rd 2017
5:21
Attacking NoSQL Applications
https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications+part+2/22676/
Web Developer Chrome Toolbar Replaced with AdWare
https://twitter.com/chrispederick
Android Banking Trojans
https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/
Amazon Stops Selling Blu Smartphones
http://www.zdnet.com/article/amazon-halts-blu-phone-sales-over-potential-security-issue/
Aug 02, 2017
ISC StormCast for Wednesday, August 2nd 2017
6:18
Detect SMB Versions with nmap
https://isc.sans.edu/forums/diary/Rooting+Out+Hosts+that+Support+Older+Samba+Versions/22672/
CopyFish Google Chrome Extension Replaced by Adware
https://a9t9.com/blog/chrome-extension-adware/
StartCom Applying to be Included in Mozilla SSL CAs again
https://bugzilla.mozilla.org/show_bug.cgi?id=1311832#c12
McAffee Uses Mixed SSL/nonSSL Content For Online Malware Scan
https://blogs.securiteam.com/index.php/archives/3350
Netflix Releases DoS Testing Tool
https://medium.com/netflix-techblog/starting-the-avalanche-640e69b14a06
Aug 02, 2017
ISC StormCast for Tuesday, August 1st 2017
5:40
MSFT Re-Releases June Outlook Update
https://support.office.com/en-us/article/Outlook-known-issues-in-the-June-2017-security-updates-3f6dbffd-8505-492d-b19f-b3b89369ed9b?ui=en-US&rs=en-US&ad=US&fromAR=1
Iranian Hackers Use Social Media To Collect Data
https://www.darkreading.com/attacks-breaches/iranian-hackers-ensnared-targets-via-phony-female-photographer/d/d-id/1329502?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
ShieldFS Self Healing Filesystem
http://shieldfs.necst.it/continella-shieldfs-2016.pdf
Aug 01, 2017
ISC StormCast for Monday, July 31st 2017
5:48
SMBloris DoS Attack Locks Up Windows
https://twitter.com/jennamagius/status/891434286212984832
https://isc.sans.edu/forums/diary/SMBLoris+the+new+SMB+flaw/22662/
Text Banking Attacks
https://isc.sans.edu/forums/diary/Text+Banking+Scams/22666/
Nissan Leaf WiFi Vulnerability
https://github.com/HackingThings/Publications/blob/cdb72df7c3feffd02593a31d67a34ae353b09114/2017/DC25_Driving%20down%20the%20rabbit%20hole-Mickey_Jesse_Oleksander.pdf
Jul 31, 2017
ISC StormCast for Friday, July 28th 2017
13:32
Targeting HTTP's Hidden Attack-Surface
http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html
Petya/Goldeneye Decrypter
https://blog.malwarebytes.com/malwarebytes-news/2017/07/bye-bye-petya-decryptor-old-versions-released/
TinyPot, My Small Honeypot
https://isc.sans.edu/forums/diary/TinyPot+My+Small+Honeypot/22654/
Shaun McCullough
https://www.sans.org/reading-room/whitepapers/testing/docker-create-multi-container-environments-research-sharing-lateral-movement-37855
Jul 28, 2017
ISC StormCast for Thursday, July 27th 2017
5:11
Malspam Pushing Emotet Malware
https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/
Broadpwn Released
http://blog.exodusintel.com/2017/07/26/broadpwn/
Microsoft Announces Windows 10 Bug Bounty
https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/
Custom Map Vulnearbilty in Valve Games
https://oneupsecurity.com/research/remote-code-execution-in-source-games
Jul 27, 2017
ISC StormCast for Wednesday, July 26th 2017
5:45
Adobe Announces End of Flash for 2020
https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html
JA3 Hash To Fingerprint SSL/TLS Connections
https://github.com/salesforce/ja3
https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41
New Wave of Apple iCloud Ransom Attacks
https://www.heise.de/mac-and-i/meldung/Erneut-iCloud-Erpressungswelle-ueber-Meinen-Mac-suchen-und-Mein-iPhone-suchen-3782075.html
Jul 26, 2017
ISC StormCast for Tuesday, July 25th 2017
7:15
Uber Drivers Targeted in Social Engineering Scam
https://isc.sans.edu/forums/diary/Uber+drivers+new+threat+the+passenger/22626/
Mac Malware FruitFly2
https://motherboard.vice.com/en_us/article/zmv79w/mysterious-mac-malware-has-infected-hundreds-of-victims-for-years
Exploit Released for Critical Netscaler SD WAN 9.1.2 Vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6316
Jul 25, 2017
ISC StormCast for Monday, July 24th 2017
5:02
Malicious .iso Attachments
https://isc.sans.edu/forums/diary/Malicious+iso+Attachments/22636/
Maldoc with .lnk File
https://isc.sans.edu/forums/diary/Another+lnk+File/22640/
Large Ethereum Hack
http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/
Jul 24, 2017
ISC StormCast for Friday, July 21st 2017
11:00
Symantec Sloppy Key Verification Leads To Revocation of Certificates
https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
Gnome Thumbnailer Executes Code
http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
Jul 21, 2017
ISC StormCast for Thursday, July 20th 2017
6:01
Bots Searching for Keys and Config Files
https://isc.sans.edu/forums/diary/Bots+Searching+for+Keys+Config+Files/22630/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Trend Micro Sees SambaCry Exploits
http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/
Google Increases Developer Scrutiny
https://developers.googleblog.com/2017/05/updating-developer-identity-guidelines.html
Jul 20, 2017
ISC StormCast for Wednesday, July 19th 2017
5:46
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html
Cisco WebEx Plugin Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex
https://bugs.chromium.org/p/project-zero/issues/detail?id=1324&desc=2
Node.JS DoS Vulnerability
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
Bitdefender Remote Stack Buffer Overflow
https://landave.io/2017/07/bitdefender-remote-stack-buffer-overflow-via-7z-ppmd/
Coindash Hack
https://twitter.com/coindashio/status/886936799695818752
https://www.coindash.io
DowJones Leaks Customer Data via S3 Buckets
https://www.upguard.com/breaches/cloud-leak-dow-jones
Jul 19, 2017
ISC StormCast for Tuesday, July 18th 2017
5:45
SMS Phishing Asks Victims to Upload Picture of Token Card
https://isc.sans.edu/forums/diary/SMS+Phishing+induces+victims+to+photograph+its+own+token+card/22616/
Critical FreeRADIUS Update
https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/
OS X Malware Installs Crypto Messenger Signal
https://blog.checkpoint.com/2017/07/13/osxdok-refuses-go-away-money/
Jul 18, 2017
ISC StormCast for Monday, July 17th 2017
5:25
NemucodAES UPS Malspam
https://isc.sans.edu/forums/diary/NemucodAES+and+the+malspam+that+distributes+it/22614/
Analyzing Malicious Office Document With LNK
https://isc.sans.edu/forums/diary/Office+maldoc+lnk/22618/
Gandi Breach Leads to Domain Compromise
https://news.gandi.net/en/2017/07/detailed-incident-report/
iSmart Alarm Vulnerabilities
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
Jul 17, 2017
ISC StormCast for Friday, July 14th 2017
14:56
Malware Loads ffmpeg For Video Recording Features
https://blog.malwarebytes.com/threat-analysis/2017/07/malware-abusing-ffmpeg/
Password Managers and Cloud Storage
https://discussions.agilebits.com/discussion/76956/can-i-still-buy-standalone-license-for-the-1password-no-longer-being-marketed/p8
SAP Point of Sales Express Patch
https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-july-2017/
Roderick Currie: Car Hacking Developments
https://www.sans.org/reading-room/whitepapers/internet/developments-car-hacking-36607
Jul 13, 2017
ISC StormCast for Thursday, July 13th 2017
5:45
Simple File Integrity Monitoring With Backup Scripts
https://isc.sans.edu/forums/diary/Backup+Scripts+the+FIM+of+the+Poor/22606/
Ethereum Wallet Services Targeted By Scammers
http://www.ibtimes.co.uk/ethereum-under-siege-scammers-make-700000-6-days-slack-reddit-phishing-attacks-1629866
MongoDB Security Surprises For Shared Hosting
https://medium.com/@alexbyk/mongodb-at-shared-hosting-security-surprises-c441ecb84b54
Trend Micro Vulnerabilities
https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities
Jul 12, 2017
ISC StormCast for Wednesday, July 12th 2017
5:33
Microsoft Patch Tuesday
https://isc.sans.edu/diary//22602
AT&T Cell Phone Takeover
https://carpeaqua.com/2017/07/07/hack-the-planet/
Systemd Invalid Username Bug To Be Fixed
https://github.com/systemd/systemd/pull/6300
Jul 11, 2017
ISC StormCast for Tuesday, July 11th 2017
5:39
Takeover of .io TLD
https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/
Malwarebytes Quarterly Malware Report
https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf
OpenBSD Introducing KARL To Randomize Kernel Layout at Boot
https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
Jul 10, 2017
ISC StormCast for Monday, July 10th 2017
5:56
More DDoS Ransom Demands
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Adversary Hunting With SOF-ELK
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Petya Master Key Published
https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F
Template Attacks Against Critical Infrastructure
http://blog.talosintelligence.com/2017/07/template-injection.html
Jul 09, 2017
ISC StormCast for Friday, July 7th 2017
5:32
Finding Odd Domain Names
https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/
BitTorrent Sync 2.0 Log Files
https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2
Finding Weak Password Hashing Algorithms Via Hash Collisions
https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/
BIND TSIG Exploit
http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf
Jul 06, 2017
ISC StormCast for Thursday, July 6th 2017
4:50
AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows
https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf
Microsoft Will Prompt Users to Update Windows 10
https://support.microsoft.com/en-us/help/4023814
Bithumb Bitcoin Exchange Hacked (Article in Korean)
http://bithumb.cafe/archives/7329
Turkish Airlines and Emirates Remove Laptop Ban
http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/
Ukrainian Authorities Raid MeDoc (Article in Ukrainian)
https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
Jul 05, 2017
ISC StormCast for Wednesday, July 5th 2017
5:55
Microsoft Patches Skype Vulnerability
https://www.vulnerability-lab.com/get_content.php?id=2071
SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug)
https://github.com/systemd/systemd/issues/6237
Cisco Fixes SNMP Vulnerability in IOS and IOS XE
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Smartphones Can Be Compromised with shady replacement parts
https://iss.oy.ne.ro/Shattered
Siemens Fixes Intel AMT Bug
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf
Update For libgcrypt
https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev
Jul 04, 2017
ISC StormCast for Friday, June 30th 2017
15:07
Catching up With Blank Slate
https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/
Azure AD Connect Vulnerability
https://technet.microsoft.com/library/security/4033453.aspx#ID0EN
Exploit Available For Stack Clash Vulnerability
https://www.qualys.com/research/security-advisories/
Paul Herschberger: Data Breach Impact Estimation
https://www.sans.org/reading-room/whitepapers/dlp/data-breach-impact-estimation-37502
Jun 30, 2017
ISC StormCast for Thursday, June 29th 2017
5:37
Petya Ransomware Update
https://isc.sans.edu/forums/diary/Petya+I+hardly+know+ya+an+ISC+update+on+the+20170627+ransomware+outbreak/22566/
Ubuntu systemd Vulnerability
https://www.ubuntu.com/usn/usn-3341-1/
Microsoft Will Include EMET in Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/
BGB Attacks Against Bitcoin
https://blog.acolyer.org/2017/06/27/hijacking-bitcoin-routing-attacks-on-cryptocurrencies/
Jun 29, 2017
ISC StormCast for Wednesday, June 28th 2017
5:07
Petya/Goldeneye Variant Makes the Rounds
https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/
Jun 28, 2017
ISC StormCast for Tuesday, June 27th 2017
6:16
Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1)
https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Part+1/22554/
Ransomware Payment Spurres More DDoS Ransomware Attacks
https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/
Speed Trap Cameras in Australia Infected with WannaCrypt
http://www.camerassavelives.vic.gov.au/utility/latest+news/investigation+underway+into+cameras+affected+by+software+virus
More Vulnerablities in Windows Defender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2
npm Developer Accounts Reset After Password Reuse Discovery
https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md
Jun 27, 2017
ISC StormCast for Monday, June 26th 2017
6:36
Fake DDoS Extortions Continue
https://isc.sans.edu/forums/diary/Fake+DDoS+Extortions+Continue+Please+Forward+Us+Any+Threats+You+Have+Received/22550/
Traveling with a Laptop
https://isc.sans.edu/forums/diary/Traveling+with+a+Laptop+Surviving+a+Laptop+Ban+How+to+Let+Go+of+Precious/22462/
Side Channel Attacks on the Cheap
https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf
Latest Locky Variant Hunting Down Windows XP Users
http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html
Windows Beta Builts and Source Code Leaked
http://www.theregister.co.uk/2017/06/23/windows_10_leak/
Jun 25, 2017
ISC StormCast for Friday, June 23rd 2017
11:55

Obfuscating Without XOR
https://isc.sans.edu/forums/diary/Obfuscating+without+XOR/22544/
Airbnb OAUTH Token Theft
https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/
Critical Drupal Vulnerablity
https://www.drupal.org/SA-CORE-2017-003
Auditing Docker Containers
https://www.sans.org/reading-room/whitepapers/auditing/checklist-audit-docker-containers-37437
Jun 23, 2017
ISC StormCast for Thursday, June 22nd 2017
5:00
New Vulnerabilities Found in OpenVPN
https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
RAR Unpack Vulnerability Affects BitDefender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1278&desc=6
Honda Plant Shuts Down Over Wannacry
https://www.bleepingcomputer.com/news/security/one-month-later-wannacry-ransomware-is-still-shutting-down-factories/
Jun 22, 2017
ISC StormCast for Wednesday, June 21st 2017
5:52
Cisco Ships Private Key For drmlocal.cisco.com With Video Player
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/T6emeoE-lCU
Windows Error Reporting: DFIR Benefits and Privacy Concerns
https://isc.sans.edu/forums/diary/Windows+Error+Reporting+DFIR+Benefits+and+Privacy+Concerns/22536/
Deteting Memory Curruption in glibc
https://github.com/DhavalKapil/libdheap
Let's Encrypt ACME Protocol To Become IETF Standard
https://tools.ietf.org/html/draft-ietf-acme-acme-06
Microsoft Publishes Analysis of NSA Exploits
https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/
Jun 21, 2017
ISC StormCast for Tuesday, June 20th 2017
7:19
Stack Clash Vulnerability Affects Various Unix Based Operating Systems
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Separation Of Duties / Malicious Administrators
https://isc.sans.edu/forums/diary/As+Your+Admin+Walks+Out+the+Door/22530/
Progress in Sattelite Based Quantum Cryptography
https://www.wired.com/story/chinese-satellite-relays-a-quantum-signal-between-cities/
https://www.helpnetsecurity.com/2017/06/19/extremely-secure-data-encryption/
Women Connect Event Minneapolis:
https://www.sans.org/event/minneapolis-2017/bonus-sessions/12162
Jun 20, 2017
ISC StormCast for Monday, June 19th 2017
5:22
Uptick in Port 83 Traffic
https://isc.sans.edu/forums/diary/What+is+going+on+with+Port+83/22524/
WINS DoS Vulnerability will not be fixed by Microsoft
https://blog.fortinet.com/2017/06/14/wins-server-remote-memory-corruption-vulnerability-in-microsoft-windows-server
Microsoft to Release Patch to Turn off SMB1
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-smbv1-in-windows-starting-this-fall/
UK Hacker Stole Personell Data For US Military Sattelite Network
https://public-newsroom-nca-01.azurewebsites.net/news/hacker-stole-satellite-data-from-us-department-of-defence
Sophos Web Appliance Will Now Update via https
https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-2---security-and-defect-fix-rollup
Jun 19, 2017
ISC StormCast for Friday, June 16th 2017
18:08
WikiLeaks Releases Documents About Cherry Blossom Wifi Hacking Toolkit
https://wikileaks.org/vault7/#Cherry%20Blossom
More DVR Vulnerabilities
https://www.pentestpartners.com/security-blog/what-did-mirai-miss-making-a-better-bigger-botnet/
More Microsoft Windows Defender Vulnerabilities
http://www.theregister.co.uk/2017/06/15/microsoft_how_about_sandboxing_windows_defenders_engine/

Decryption Utility For Jaff Crypto Ransomware
https://noransom.kaspersky.com
Preston Ackerman: Two Factor Authentication by Home End-Users
https://www.sans.org/reading-room/whitepapers/authentication/impediments-adoption-two-factor-authentication-home-end-users-37607