SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

By Johannes B. Ullrich

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in iTunes


Open RSS feed


Open Website


Rate for this podcast


Kir
 Sep 11, 2018
...

Harald Clark
 Aug 18, 2018
A nice, clear and concise, daily overview of computing security threats; links for more info and no irrelevant padding of podcast audio.

Description

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episode Date
ISC StormCast for Monday, December 10th 2018
5:45
Analyzing Malicious Docker Images
https://isc.sans.edu/forums/diary/A+Dive+into+malicious+Docker+Containers/24388/
Arrest of Huawei CFO Inspires Advance Fee Scam
https://isc.sans.edu/forums/diary/Arrest+of+Huawei+CFO+Inspires+Advance+Fee+Scam/24396/
Sextortion Messages Leading to Ransomware
https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware
WebKit Exploit Released
https://github.com/LinusHenze/WebKit-RegEx-Exploit
Implants Found in Russian Banks
https://securelist.com/darkvishnya/89169/
Dec 10, 2018
ISC StormCast for Friday, December 7th 2018
21:33
Adobe Vulnerability PoC Released
https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/
WatchOS Update
https://support.apple.com/en-us/HT209343
Data Exfiltration During Pentests
https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/
PoC Exploit for Kubernetes Vulnerability
https://github.com/evict/poc_CVE-2018-1002105
Preston Ackerman: Marketing 2FA
https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695
Dec 07, 2018
ISC StormCast for Thursday, December 6th 2018
5:06
Adobe Releases Emergency Flash Patch
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
Apple Updates Everything (but not WatchOS)
https://support.apple.com/en-us/HT201222
New Privacy Issues Affecting 3G-5G protocols
https://eprint.iacr.org/2018/1175
Dec 06, 2018
ISC StormCast for Wednesday, December 5th 2018
6:25
Fake Ransomware Decryption Service
https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/
Latest Lokibot Malspam
https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/
Chrome 71 Released
https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/
RSA Followup Webcast
https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come
Dec 05, 2018
ISC StormCast for Tuesday, December 4th 2018
4:54
Word Maldoc: Yet Another Place to Hide a Command
https://isc.sans.edu/forums/diary/Word+maldoc+yet+another+place+to+hide+a+command/24370/
US-Cert Releases SamSam Alerts
https://www.us-cert.gov/ncas/alerts/AA18-337A
Kubernetes Patches
https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
Malicious iOS App Tricks User in Payment
https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead/
Dec 04, 2018
ISC StormCast for Monday, December 3rd 2018
6:46
KingMiner Improved Cryptomining
https://research.checkpoint.com/kingminer-the-new-and-improved-cryptojacker/
Siglent Technologies Oscilloscope Vulnerabilities
https://seclists.org/fulldisclosure/2018/Nov/68
Autocad Malware
https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft
ISC Stickers (login required. first 10 requests each day)
https://isc.sans.edu/sticker.html
Dec 03, 2018
ISC StormCast for Friday, November 30th 2018
13:59
Russian Language Malspam Pushing Shade (Troldesh) Ransomware
https://isc.sans.edu/forums/diary/Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24358/
Scamclub Malvertising Against iOS Users
https://blog.confiant.com/malvertising-attack-hijacks-300-million-sessions-over-48-hours-9d0218fe02cd
Andre Shori: To Block Or Not To Block? Impact and Analysis of Actively Blocking Shodan Scans
http://www.sans.org/reading-room/whitepapers/networksecurity/block-block-impact-analysis-actively-blocking-shodan-scans-38645
Nov 30, 2018
ISC StormCast for Thursday, November 29th 2018
6:19
Obfuscated Shell Scripts: Fake MacOS Flash Updates
https://isc.sans.edu/forums/diary/More+obfuscated+shell+scripts+Fake+MacOS+Flash+update/24352/
Sennheiser HeadSetup Certificate Authority Install
https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf
Microsoft Fixes Shared Folder Permission Deletion Problem
https://support.microsoft.com/en-us/help/4467684/windows-10-update-kb4467684
3ve Botnet Dismanteled
https://services.google.com/fh/files/blogs/3ve_google_whiteops_whitepaper_final_nov_2018.pdf
Nov 29, 2018
ISC StormCast for Wednesday, November 28th 2018
5:24
Obfuscated QNAP bash Malware;
https://isc.sans.edu/forums/diary/Obfuscated+bash+script+targeting+QNap+boxes/24348/
Half of All Phishing Sites Use HTTPS
https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/
Chrome and Firefox to Remove FTP Support
https://www.bleepingcomputer.com/news/google/chrome-and-firefox-developers-aim-to-remove-support-for-ftp/
California Wildfire Used in BEC Scams
https://www.agari.com/identity-intelligence-blog/california-wildfire-email-scams/
Nov 28, 2018
ISC StormCast for Tuesday, November 27th 2018
6:07
ViperMonkey: VBA Maldoc Deobfuscation
https://isc.sans.edu/forums/diary/ViperMonkey+VBA+maldoc+deobfuscation/24346/
Malicious NPM Libraries
https://medium.com/@cnorthwood/todays-javascript-trash-fire-and-pile-on-f3efcf8ac8c7
Turning Your BMC Into A Revolving Door
https://www.synacktiv.com/ressources/zeronights_2018_turning_your_bmc_into_a_revolving_door.pdf
Nov 27, 2018
ISC StormCast for Monday, November 26th 2018
5:53
Attacks Against Docker API
https://isc.sans.edu/forums/diary/Moby+the+Shark/24340/
Mirai Like Attack Hitting Hadoop
https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/
New Rowhammer Variant Effects ECC Memory
https://www.vusec.net/projects/eccploit/
Nov 26, 2018
ISC StormCast for Wednesday, November 21st 2018
3:12
Critical Flash Update
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
Thanksgiving Lure for Emotet
https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet
Nov 21, 2018
ISC StormCast for Tuesday, November 20th 2018
4:43
Google Play Malware
https://twitter.com/LukasStefanko
ATM Vulnerabilities
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf
Nagios XI Update
https://www.tenable.com/security/research/tra-2018-37
Nov 20, 2018
ISC StormCast for Monday, November 19th 2018
5:29
Multipurpose PCAP Analysis Tool
https://isc.sans.edu/forums/diary/Multipurpose+PCAP+Analysis+Tool/24322/
Quickly Investigating Websites with Lookyloo
https://isc.sans.edu/forums/diary/Quickly+Investigating+Websites+with+Lookyloo/24320/
From Field Spoofing in GMail
https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f?gi=ce61de4cb006
Nov 18, 2018
ISC StormCast for Friday, November 16th 2018
14:59
Emotet Spreading IcedID Banking Malware
https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
Crypto Miners Abusing Insecure Docker Installs
https://forums.juniper.net/t5/Threat-Research/Container-Malware-Miners-Go-Docker-Hunting-In-The-Cloud/ba-p/400587
GPS Watches Can Be Used To Track Kids
https://www.pentestpartners.com/security-blog/tracking-and-snooping-on-a-million-kids/
Firefox Will Notify Users of Breached Sites
https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/
David Kennel: All-Seeing Eye or Blind Man? Understanding the Linux Kernel Auditing System
https://www.sans.org/reading-room/whitepapers/linux/all-seeing-eye-blind-man-understanding-linux-kernel-auditing-system-38605
Nov 16, 2018
ISC StormCast for Thursday, November 15th 2018
5:48
Details about Zero Day Exploit Taking Advantage of Win32k Vuln.
https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/
PacSec Pwn2Own Results
https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results
https://www.zerodayinitiative.com/blog/2018/11/14/pwn2own-tokyo-2018-day-two-results-and-master-of-pwn
More Spectre/Meltdown Flaws
https://arxiv.org/pdf/1811.05441.pdf
Nov 15, 2018
ISC StormCast for Wednesday, November 14th 2018
5:06
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
Nov 14, 2018
ISC StormCast for Tuesday, November 13th 2018
5:17
Google BGP Hijack via Russia
https://twitter.com/thousandeyes/status/1062102171506765825
https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392
Microcode Bootloader USB
https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/
Wordpress GDPR Tool Vulnerable
https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/
Nov 13, 2018
ISC StormCast for Monday, November 12th 2018
6:28
Cloudflare Releases Mobile Apps To Use 1.1.1.1
https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/
Crypto Coin Miners Now With Rootkits
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth
Google Play Protect Reduces Malware
https://security.googleblog.com/2018/11/introducing-android-ecosystem-security.html
Nov 12, 2018
ISC StormCast for Friday, November 9th 2018
17:10
Cisco Security Bulletins
https://tools.cisco.com/security/center/publicationListing.x
Ruby Deserialization
https://www.elttam.com.au/blog/ruby-deserialization/
Ouch Newsletter: Am I Hacked?
https://www.sans.org/security-awareness-training/resources/am-i-hacked
Jonathan Sweeny: Smart Contract Botnets
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
https://www.sans.org/reading-room/whitepapers/warfare/tearing-smart-contract-botnets-38650
Nov 09, 2018
ISC StormCast for Thursday, November 8th 2018
6:41
VirtualBox 0 Day Guest Escape Exploit Released
https://github.com/MorteNoir1/virtualbox_e1000_0day
WooCommerce / Wordpress Bug Leads to RCE
https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/
Bing Advertises Fake Version of Notepad2
https://www.bleepingcomputer.com/news/security/beware-of-unofficial-sites-pushing-notepad2-adware-bundles/
Jacksonville BSides
https://bsidesjax.org
Nov 08, 2018
ISC StormCast for Wednesday, November 7th 2018
5:50
China Telecom's Internet Traffic Misdirection
https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection
Android Security Updates; Last for Nexus
https://source.android.com/security/bulletin/2018-11-01#framework
PoC Facetime Exploit
https://bugs.chromium.org/p/project-zero/issues/detail?id=1641
Vulnerability in U-Boot Bootloader
https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR2018-0001.txt
Nov 07, 2018
ISC StormCast for Tuesday, November 6th 2018
5:48
Struts 2.3 Uses Outdated commons-fileupload library
https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File+Upload+Flaw/24278/
Fake Elon Musk Tweet used to steal Bitcoin
https://www.bleepingcomputer.com/news/security/fake-elon-musk-twitter-bitcoin-scam-earned-180k-in-one-day/
Bypassing SSD Drive Hardware Encryption
https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
Nov 06, 2018
ISC StormCast for Monday, November 5th 2018
5:18
Beyond good ol' LaunchAgents
https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+1/24274/
Dissecting a CVE-2017-11882 Exploit
https://isc.sans.edu/forums/diary/Dissecting+a+CVE201711882+Exploit/24272/
Microsoft Edge Exploit About to Be Released
https://twitter.com/Yux1xi
Portsmash Vulnerability
https://github.com/bbbrumley/portsmash
RC4 (Arcfour) Depreciation in SSH
https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-12
Nov 05, 2018
ISC StormCast for Friday, November 2nd 2018
5:29
Windows Defender Sandboxing Bug
https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/
Bleedingbit Bluetooth Low Energy Vulnerability
https://armis.com/bleedingbit/
Cisco ASA/Firepower DoS Vulnerability Actively Exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos
Nov 01, 2018
ISC StormCast for Thursday, November 1st 2018
5:19
Encrypted Word Maldocs
https://isc.sans.edu/forums/diary/More+malspam+using+passwordprotected+Word+docs/24262/
iOS / MacOS ICMP Error Remote Code Execution
https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407
iOS Lock Screen Bypass
https://www.youtube.com/watch?v=ojigFgwrtKs
Nov 01, 2018
ISC StormCast for Wednesday, October 31st 2018
4:36
Change in Strategy for Hancitor Malware
https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/
Apple Updates
https://support.apple.com/en-us/HT201222
Telegram Stores Conversations Locally
https://twitter.com/nathanielrsuchy
Oct 31, 2018
ISC StormCast for Tuesday, October 30th 2018
6:03
Maldoc Duplicating PowerShell
https://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/
New File Types Emerge in Malware Spam Attachments
https://blog.trendmicro.com/trendlabs-security-intelligence/same-old-yet-brand-new-new-file-types-emerge-in-malware-spam-attachments/
Malicious Mac Crypto Currency Tracker Installs Backdoor
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/
Sandbox For Windows Defender
https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/
Oct 30, 2018
ISC StormCast for Monday, October 29th 2018
4:55
Dissecting Malicious Office Documents in Linux
https://isc.sans.edu/forums/diary/Dissecting+Malicious+Office+Documents+with+Linux/24248/
Analyzing Compressed RTF Documents
https://isc.sans.edu/forums/diary/Detecting+Compressed+RTF/24250/
SystemD DHCPv6 Remote Code Executing Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-15688
Cryptominers Scan for Docker Engine
https://blog.trendmicro.com/trendlabs-security-intelligence/misconfigured-container-abused-to-deliver-cryptocurrency-mining-malware
DemonBot Targeting Hadoop
https://blog.radware.com/security/2018/10/new-demonbot-discovered/
Oct 29, 2018
ISC StormCast for Friday, October 26th 2018
5:13
Scam Calls Targeting Chinese Living in the US
https://isc.sans.edu/forums/diary/Fake+BankPost+Office+Phone+Calls+Targeting+Chinese+Immigrants/24244/
X.org Privilege Elevation Flaw
https://lists.x.org/archives/xorg-announce/2018-October/002927.html
Remote Videos in Office Documents
https://blog.cymulate.com/abusing-microsoft-office-online-video
Mac Malware Injects Ads
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/
Oct 26, 2018
ISC StormCast for Thursday, October 25th 2018
5:24
Reversing AutoIT
https://isc.sans.edu/forums/diary/Diving+into+Malicious+AutoIT+Code/24238/
Arcserve Vulnerabilities
https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/
WebExec Vulnerability
https://webexec.org/
More ALPC Flaws from Sandbox Escaper
https://twitter.com/SandboxEscaper/status/1054744201244692485
https://twitter.com/mkolsek/status/1054794984908562432
Oct 25, 2018
ISC StormCast for Wednesday, October 24th 2018
5:56
Malware Uses Decoy Picture
https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Picture/24234/
DNS over HTTPS Pushback
https://twitter.com/paulvixie/status/1053765281917661184
Signal Desktop Leaves Encryption Key Exposed
https://twitter.com/nathanielrsuchy
Firefox 63 Allows Less Tracking
https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/
Oct 24, 2018
ISC StormCast for Tuesday, October 23rd 2018
5:18
MSG Files: Compressed RTF
https://isc.sans.edu/forums/diary/MSG+Files+Compressed+RTF/24228/
FreeRTOS TCP/IP Stack Vulnerabilities
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/
VLC/Live555 RTSP Server Vulnerability
https://www.talosintelligence.com/reports/TALOS-2018-0684
Microsoft Yammer Update
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8569#ID0EGB
Oct 23, 2018
ISC StormCast for Monday, October 22nd 2018
5:02
MacOS LaunchAgent
https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+0/24230/
TLS Session Tracking
https://arxiv.org/pdf/1810.07304.pdf
jQuery File Upload Plugin
https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html
Drupal Update
https://www.drupal.org/sa-core-2018-006
Oct 22, 2018
ISC StormCast for Friday, October 19th 2018
4:27
Cisco Patches
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2018%2F10%2F17&firstPublishedEndDate=2018%2F10%2F17&lastPublishedStartDate=2018%2F10%2F17&lastPublishedEndDate=2018%2F10%2F17
51% Attack Against Crypto Currencies
https://old.reddit.com/r/CryptoCurrency/comments/9m1uuj/if_i_livestreamed_the_setup_and_execution_of/
VMWare Patch
https://www.vmware.com/au/security/advisories/VMSA-2018-0026.html
Oct 19, 2018
ISC StormCast for Thursday, October 18th 2018
5:22
Abandoned "NewShareCount" Twitter Counter abused
https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html
Multiple D-Link Vulnerabilities
https://seclists.org/fulldisclosure/2018/Oct/36
RID Hacking in Windows
https://www.romhack.io/slides/RomHack%202018%20-%20Sebastian%20Castro%20-%20Windows%20RID%20Hijacking:%20Maintaining%20Access%20on%20Windows%20Machines.pdf
Oct 18, 2018
ISC StormCast for Wednesday, October 17th 2018
5:42
Oracle CPU
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
libssh vulnerability
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Vending Machine Mobile App Compromise
https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec
Browsers Announce Timeline to Discontinue TLS1.0/1.1 support
https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
Oct 17, 2018
ISC StormCast for Tuesday, October 16th 2018
5:34
Proof Of Concept Exploit for Microsoft Edge Vulnerability CVE-2018-8495
https://leucosite.com/Microsoft-Edge-RCE/
Fake Mining Apps
https://www.fortinet.com/blog/threat-research/fortinet-discovers-new-android-apps-that-mine-the-unminable.html
Fake Google Photo App Turns out to be Ad-Clicker
https://www.geeklatest.com/developer-tricks-microsoft-publishes-app-under-google-llc-name-in-windows-store/
Oct 16, 2018
ISC StormCast for Monday, October 15th 2018
6:17
Many Large Websites Affected by Branch.io XSS Flaw
https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Medtronics Pacemakers Disable Remote Update
https://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/REV-Medtronic-2090-Security-Bulletin_FNL.pdf
IBM Updates WebSphere Update
https://www-01.ibm.com/support/docview.wss?uid=swg22016254
Incomplete JET Database Patch
https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html
Oct 15, 2018
ISC StormCast for Friday, October 12th 2018
5:51
New Campaign Using Old Equation Editor Vulnerability
https://isc.sans.edu/forums/diary/New+Campaign+Using+Old+Equation+Editor+Vulnerability/24196/
Root Access Vulnerability in SONY Smart TVs
https://www.fortinet.com/blog/threat-research/sony-smart-tv-exploit-inside-view-hijacking-your-living-room.html
MicroTik RouterOS Vulnerablities
https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf
Reverse Analysis of WebAssembly
https://www.forcepoint.com/blog/security-labs/manual-reverse-engineering-webassembly-static-code-analysis
Firefox Delays Symantec Certificate Distrust
https://www.theregister.co.uk/2018/10/11/firefox_symantec_certs_delay/
Oct 11, 2018
ISC StormCast for Thursday, October 11th 2018
6:24
Remote Code Execution Vulnerability in WhatsApp
https://bugs.chromium.org/p/project-zero/issues/detail?id=1654
Salesforce Releases hashh Library
https://github.com/salesforce/hassh
CVE-2018-8453 Details from Kaspersky
https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
Juniper Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Experian Vulnerability Could Have Leaked Credit Freeze PINs
https://www.nerdwallet.com/blog/finance/security-flaw-at-experian-allows-easy-access-to-pin-to-unlock-credit-freeze/
Oct 11, 2018
ISC StormCast for Wednesday, October 10th 2018
5:31
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/October+2018+Microsoft+Patch+Tuesday/24186/
Adobe Updates
https://helpx.adobe.com/security.html
Magecart Infects "Shopper Approved" Plugin
https://www.riskiq.com/blog/labs/magecart-shopper-approved/
Oct 10, 2018
ISC StormCast for Tuesday, October 9th 2018
4:44
Apple Updates iOS and iCloud for Windows
https://support.apple.com/en-ca/HT209162
https://support.apple.com/en-ca/HT209141
Intel Adds Spectre/Meltdown Mitigation to 9th Generation CPUs
https://www.bleepingcomputer.com/news/security/spectre-and-meltdown-hardware-protection-added-to-intels-9th-gen-cpus/
Windows October Update File Deleting Issues
https://support.microsoft.com/en-us/help/4464619/windows-10-update-history
https://blogs.technet.microsoft.com/filecab/2018/08/30/9205/
macOS Code Signing Vulnerabilities
https://www.virusbulletin.com/conference/vb2018/abstracts/code-signing-flaw-macos
Oct 09, 2018
ISC StormCast for Monday, October 8th 2018
6:53
WPA2 Karck Attack Update
https://www.krackattacks.com/followup.html#overview
Cisco Updates
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities
Seattle Police Tries to Stop SWATing
https://www.seattle.gov/police/need-help/swatting
git Vulnerability Fixed
https://github.com/timwr/CVE-2017-1000117
Oct 08, 2018
ISC StormCast for Friday, October 5th 2018
7:18
Does the Chinese Military Manipulate Supermicro Motherboards?
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
Cloudflare IPFS Gateway Used For Phishing
https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/
DNSSEC Root Key Signing Key Rollover
https://www.icann.org/resources/pages/ksk-rollover
https://www.icann.org/news/blog/2018-ksk-rollover-operator-preparedness-survey
Oct 05, 2018
ISC StormCast for Thursday, October 4th 2018
6:00
Identifying a Phisher
https://isc.sans.edu/forums/diary/Identifying+a+phisher/24164/
Phishing via Azure Blob Storage
https://www.netskope.com/blog/phishing-in-the-public-cloud
Zoho Domains Used for Phishing and Keyloggers
https://cofense.com/staggering-amount-stolen-data-heading-zoho-domains/
Dell iDRAC Exploit
https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/
Oct 04, 2018
ISC StormCast for Wednesday, October 3rd 2018
5:11
How to Write Yara Rules
https://isc.sans.edu/forums/diary/Developing+YARA+Rules+a+Practical+Example/24158/
GhostDNS DNS Changer Malware
https://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/
Foxit PDF Reader Vulnerabilities
https://www.foxitsoftware.com/support/security-bulletins.php
Apple Laptops Shipped With CPU in Manufacturing Mode
http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
Oct 03, 2018
ISC StormCast for Tuesday, October 2nd 2018
6:10
Update About Facebook Breach
https://newsroom.fb.com/news/2018/09/security-update/
Adobe Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb18-30.html
SMTP MTA Strict Transport Security (MTA-STS)
https://www.rfc-editor.org/rfc/rfc8461.txt
Oct 02, 2018
ISC StormCast for Monday, October 1st 2018
6:11
Facebook Leaks more than 50 Million Accounts
https://newsroom.fb.com/news/2018/09/security-update/
Telegram Leaks Local IP Address By Default
https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html
Site Tricks Users Into Subscribing to Browser Notifications
https://www.bleepingcomputer.com/news/security/sites-trick-users-into-subscribing-to-browser-notification-spam/
DDE Code Injection
https://isc.sans.edu/forums/diary/More+Excel+DDE+Code+Injection/24150/
Oct 01, 2018
ISC StormCast for Friday, September 28th 2018
5:34
Enriching Radare2 and x64dbg malware analysis with statically decoded strings
https://isc.sans.edu/forums/diary/Enriching+Radare2+and+x64dbg+malware+analysis+with+statically+decoded+strings/24146/
Weaknesses in Apple's Mobile Device Management
https://duo.com/labs/research/mdm-me-maybe
LoJax UEFI Rootkit
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
Sep 28, 2018