SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

By Johannes B. Ullrich

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in iTunes


Open RSS feed


Open Website


Rate for this podcast



 Jan 10, 2019

Kir
 Sep 11, 2018
...

Harald Clark
 Aug 18, 2018
A nice, clear and concise, daily overview of computing security threats; links for more info and no irrelevant padding of podcast audio.

Description

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Episode Date
ISC StormCast for Thursday, February 21st 2019
6:07
Microsoft Edge Whitelists Facebook to Run Flash
https://bugs.chromium.org/p/project-zero/issues/detail?id=1722
Chinese Android Banking App Stores Screenshots of Other Apps
https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html
Password Manager Vulnerabilities
https://www.securityevaluators.com/casestudies/password-manager-hacking/
Feb 21, 2019
ISC StormCast for Wednesday, February 20th 2019
6:08
Russian Malspam Pushing Shade/Troldesh Ransomware
https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/
Bitdefender Releases GandCrab Decrypter
https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/
Bank Infrastructure Used in Phishing Attacks (russian)
https://www.group-ib.ru/blog/incident
SHA-2 Patch For Windows 7 / 2008 R2 SP1
https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
Feb 20, 2019
ISC StormCast for Tuesday, February 19th 2019
5:29
Know What You Are Logging
https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/
Spectre Software Mitigation Insufficient
https://arxiv.org/pdf/1902.05178.pdf
VMWare Releases Update To Address runc Vulnerability
https://www.vmware.com/security/advisories/VMSA-2019-0001.html
Swedish Healthcare Breach Leaks Phone call Recordings
https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet
Feb 19, 2019
ISC StormCast for Monday, February 18th 2019
5:05
Snap Patches Available
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing
Finding Property Values in Office Documents
https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/
Bro-Sysmon
https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88
Cryptojacking Apps in Microsoft App Store
https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
Feb 18, 2019
ISC StormCast for Friday, February 15th 2019
5:47
PDF includes SMB Link
https://isc.sans.edu/forums/diary/Suspicious+PDF+Connecting+to+a+Remote+SMB+Share/24646/
QNAP Malware
https://www.qnap.com/en/security-advisory/nas-201902-13
Bomb Threat Spammers Arrested
https://www.justice.gov/usao-cdca/pr/members-hacker-collective-face-federal-charges-attacking-computer-systems-emailing-mass
Managed Service Providers Targeted By Ransomware
https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
Feb 15, 2019
ISC StormCast for Thursday, February 14th 2019
5:50
Fake Updates Campaign Still Active in 2019
https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/
macOS Malware (Shlayer) Disables Gatekeeper
https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/
Microsoft Exchange Server Patch (Errata for yesterday's podcast)
https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce
Cisco Network Assurance Engine Password Synchronization Issue
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos
VFEMail Backup Failure
https://www.vfemail.net/
Feb 14, 2019
ISC StormCast for Wednesday, February 13th 2019
5:24
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2019+Patch+Tuesday/24638/
Adobe Updates
https://helpx.adobe.com/security.html
Ubuntu Linux snapd "dirty_sock" exploit
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
Feb 13, 2019
ISC StormCast for Tuesday, February 12th 2019
4:54
Severe Docker runc Vulnerability
https://seclists.org/oss-sec/2019/q1/119
MacOS Mojave Privacy Flaw
https://lapcatsoftware.com/articles/mojave-privacy3.html
Android Malware Steals Crypto Addresses from Clipboard
https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/
Not An E-Mail Virus, Just Intersting Malware
https://isc.sans.edu/forums/diary/Have+You+Seen+an+Email+Virus+Recently/24634/
Feb 12, 2019
ISC StormCast for Monday, February 11th 2019
6:49
Phishing Kit with JavaScript Keylogger
https://isc.sans.edu/forums/diary/Phishing+Kit+with+JavaScript+Keylogger/24622/
Phishing Via Google Translate
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html
iPhone Apps Record Screens
https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/
Packet Challenge
https://johannes.homepc.org/packet10.txt
Feb 11, 2019
ISC StormCast for Friday, February 8th 2019
5:28
Value of UAC
https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/
Apple Releases Facetime Patch
https://support.apple.com/en-us/HT201222
Skype Video Now Allows For Blurred Background
https://blogs.skype.com/news/2019/02/06/introducing-background-blur-in-skype/
Microsoft Exchange Server Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190007
Feb 08, 2019
ISC StormCast for Thursday, February 7th 2019
6:26
Android Monthly Security Update
https://source.android.com/security/bulletin/2019-02-01.html
Skia Graphics Library Vulnerability
https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html
Google Chrome Password Check
https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno/related
Hancitor HelloFax Malspam
https://isc.sans.edu/forums/diary/Hancitor+malspam+and+infection+traffic+from+Tuesday+20190205/24616/
Feb 06, 2019
ISC StormCast for Wednesday, February 6th 2019
6:42
Mitigations against Mimikatz Style Attacks
https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks/24612/
LibreOffice Macro Vulnerability
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
Firefox 65 Breaks HTTPS AV Scanning
https://bugzilla.mozilla.org/show_bug.cgi?id=1523701
RDP Client Vulnerabilities
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
DNS "Lookingglass"
https://isc.sans.edu/tools/dnslookup.html
Feb 06, 2019
ISC StormCast for Tuesday, February 5th 2019
5:21
Exploiting Struts in vCenter
https://isc.sans.edu/forums/diary/Struts+Vulnerability+CVE20175638+on+VMware+vCenter+the+Gift+that+Keeps+on+Giving/24606/
Wikipedia Tech Support Scam
https://isc.sans.edu/forums/diary/Wikipedia+Articles+as+part+of+Tech+Support+Scamming+Campaigns/24608/
Stealing MacOS Keychain
https://www.youtube.com/watch?v=nYTBZ9iPqsU
Beauty Camera Ads for Android include Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
Feb 05, 2019
ISC StormCast for Monday, February 4th 2019
7:43
Sextortion EMail Update
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+cashout+begins/24592/
Ubiquity Devices Used in DDoS Attack
https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/?fbclid=IwAR0OUPQIfSV7YsBLvkjoC2WIbe_E4p9WGAM4LCTsL9TKr30I7aQ2Qwqoins
Google Chrome Experimenting with Typo Domain Detection
https://www.usenix.org/conference/enigma2019/presentation/stark
YouTube Copyright Extortion
https://www.youtube.com/watch?v=Q0i-sLESXqo
Feb 04, 2019
ISC StormCast for Friday, February 1st 2019
6:03
Tracking DNS Changes
https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/
SystemD/JournalD PoC Exploit
https://capsule8.com/blog/exploiting-systemd-journald-part-1/
Windows Defender Boot Issues
https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform
Mac Malware Steals Crytocurrency Exchange Cookies
https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
Feb 01, 2019
ISC StormCast for Thursday, January 31st 2019
5:50
Chrome Update
https://www.zdnet.com/article/google-chrome-72-removes-hpkp-deprecates-tls-1-0-and-tls-1-1/
Firefox Update
https://techdows.com/2019/01/firefox-to-disable-extensions-in-private-browsing-mode-by-default.html
Facebook (and Google) Research VPN
https://techcrunch.com/2019/01/29/facebook-project-atlas/
https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/
RCE In Samsung Store via "evilgrade"
https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
Jan 31, 2019
ISC StormCast for Wednesday, January 30th 2019
5:49
Phishing Not Ready for IPv6
https://isc.sans.edu/forums/diary/A+Not+So+Well+Done+Phish+Why+Attackers+need+to+Implement+IPv6+Now/24582/
Apple Disables Facetime Group Messages
https://www.apple.com/support/systemstatus/
Outlook 365 Safe Link Errors
https://twitter.com/Swiss_Jay/status/1090271197193940992
Jan 30, 2019
ISC StormCast for Tuesday, January 29th 2019
5:09
Relaying Exchange's NTLM Autentication to Become Domain Admin
https://isc.sans.edu/forums/diary/Relaying+Exchanges+NTLM+authentication+to+domain+admin+and+more/24578/
Facetime Bug Allows Users to Receive Audio before Call is Accepted
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/
AZORult Fake (signed) Google Update
https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
Jan 29, 2019
ISC StormCast for Monday, January 28th 2019
7:03
Cisco RV320/325 Router Vulnerability Exploited
https://github.com/0x27/CiscoRV320Dump
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
HTTP Signed Exchanges
https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html
BGP Experiments Disrupt Routers
https://mailman.nanog.org/pipermail/nanog/2019-January/098761.html
Packet Challenge
https://johannes.homepc.org/packet9.txt
Jan 28, 2019
ISC StormCast for Friday, January 25th 2019
5:37
Ghostscript Remote Code Execution Vulnerability
https://www.openwall.com/lists/oss-security/2019/01/23/5
Abusing Exchange to Obtain Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
IPC Voucher UaF Remote Jailbreak
http://blogs.360.cn/post/IPC%20Voucher%20UaF%20Remote%20Jailbreak%20Stage%202%20(EN).html
Cisco Security Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
Jan 25, 2019
ISC StormCast for Thursday, January 24th 2019
5:11
DHS Emergency Directive Regarding DNS Tampering
https://cyber.dhs.gov/ed/19-01/
Abuse of Trusted Microsoft Azure Domains
https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/issues/233
Tech Support Scammers Unmasked
https://www.fidusinfosec.com/turning-the-tables-on-virgin-media-twitter-scammers/
Jan 24, 2019
ISC StormCast for Wednesday, January 23rd 2019
7:08
Turning MISP Data into RPZs
https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/
Man in the Middle Vulnerablity in apt
https://justi.cz/security/2019/01/22/apt-rce.html
PHP PEAR Compromised Package
http://pear.php.net
Apple Security Updates
https://support.apple.com/en-us/HT201222
Jan 23, 2019
ISC StormCast for Tuesday, January 22nd 2019
5:31
Suspicious GET Request: Do you know what it is?
https://isc.sans.edu/forums/diary/Suspicious+GET+Request+Do+You+Know+What+This+Is/24552/
DNS Flag Day
https://dnsflagday.net/
Jan 22, 2019
ISC StormCast for Monday, January 21st 2019
6:13
Drupal Patches
https://www.drupal.org/sa-core-2019-002
https://www.drupal.org/sa-core-2019-001
WPML User Data Compromised and Used in EMail To Customers
https://wpml.org/2019/01/wpml-org-site-back-to-normal-after-an-attack-during-the-weekend/
Targeted Attack Uses Google Drive for Exfiltration
https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/
Packet Challenge Solution
https://johannes.homepc.org/packet8.txt
Jan 21, 2019
ISC StormCast for Friday, January 18th 2019
6:20
Android Malware Uses Motion Detection to Evade Analysis
https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/
Twitter for Android Bug
https://help.twitter.com/en/protected-tweets-android
Introduction to WebAuthn/FIDO2
https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285
Ransomware As a Service
https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/
Jan 18, 2019
ISC StormCast for Thursday, January 17th 2019
5:54
Emotet and Other Malspam Campaigns Resume After Holiday Break
https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
Magecart Delivered Via Compromised Advertising Sites
https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/
Premisys Identicard Vulnerabilities
https://www.tenable.com/security/research/tra-2019-01
ES File Explorer Open Port Vulnerability
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
Jan 17, 2019
ISC StormCast for Wednesday, January 16th 2019
6:06
MSFT Skype/Team Foundation Server Patches
https://isc.sans.edu/forums/diary/Microsoft+Publishes+Patches+for+Skype+for+Business+and+Team+Foundation+Server/24540/
SCP Client Vulnerabilities
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Server Hosting Companies Trivilally Hacked
https://www.websiteplanet.com/blog/report-popular-hosting-hacked/
Vulnerabilities in Industrial Remote Controls
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/attacks-against-industrial-machines-via-vulnerable-radio-remote-controllers-security-analysis-and-recommendations
Oracle Quarterly Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Jan 16, 2019
ISC StormCast for Tuesday, January 15th 2019
5:59
Microsoft LAPS - Blue Team / Red Team
https://isc.sans.edu/forums/diary/Microsoft+LAPS+Blue+Team+Red+Team/24528/
Intel SGX Platform Update
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html
Godaddy Injecting JavaScript
https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/
Play with Docker Vulnerability
https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
Jan 14, 2019
ISC StormCast for Monday, January 14th 2019
5:51
Government Website TLS Certificates Expire due to Partial Shutdown
https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html
Firefox EOL Plan for Flash
https://bugzilla.mozilla.org/show_bug.cgi?id=1519434
Fake Movie File Malware
https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/
Microsoft Windows Patch Breaks Access 97
https://borncity.com/win/2019/01/11/windows-january-2019-updates-breaks-access-to-access-dbs/
Snorpy Assists in Snort Rule Writing
https://isc.sans.edu/forums/diary/Snorpy+a+Web+Base+Tool+to+Build+SnortSuricata+Rules/24522/
Packet Challenge
http://sǝuuɐɥoɾ.com/packet7.txt
pcap: http://sǝuuɐɥoɾ.com/anon_anydns.pcap
Jan 14, 2019
ISC StormCast for Friday, January 11th 2019
5:41
Old Tricks still work: I love you Malspam
https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512/
Juniper Updates Released
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916&cat=SIRT_1&actp=LIST
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10918&cat=SIRT_1&actp=LIST
New Systemd/Journald Exploit Release
https://www.qualys.com/2019/01/09/system-down/system-down.txt
Global DNS Hijacking
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Jan 11, 2019
ISC StormCast for Thursday, January 10th 2019
5:54
Simple Mechanism for Creating Certificates
https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
Review of Smartphone Face Recognition
https://www.consumentenbond.nl/veilig-internetten/gezichtsherkenning-te-hacken
Google Public DNS now supports DNS-over-TLS
https://security.googleblog.com/2019/01/google-public-dns-now-supports-dns-over.html
Malwarebytes Freezes Windows 7
https://forums.malwarebytes.com/topic/241223-malwarebytes-for-windows-and-windows-7-freezelock-up/
German Police Looking for MAC Address
https://polizei.brandenburg.de/pressemeldung/f8-e0-79-af-57-eb-cyber-fahndung-nach-ma/1310909
Jan 10, 2019
ISC StormCast for Wednesday, January 9th 2019
5:48
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2019+Patch+Tuesday/24504/
https://patchtuesdaydashboard.com/
Adobe Updates
https://helpx.adobe.com/security.html
Google Play Store Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/
Ethereum Classic 51% Attack
https://blog.coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de
Jan 09, 2019
ISC StormCast for Tuesday, January 8th 2019
7:02
Malware of the Day: Encrypted Word Document
https://isc.sans.edu/forums/diary/Analyzing+Encrypted+Malicious+Office+Documents/24498/
Apple iOS Apps Reaching Out to Malware Server
https://www.wandera.com/risky-apps/
NCSC Offers Assistance Against Attacks from Foreign Governments
https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-awareness-materials
Hardware Agnostic Side Channel Attacks
https://arxiv.org/abs/1901.01161
Jan 08, 2019
ISC StormCast for Monday, January 7th 2019
6:42
Malware in TAR Files
https://isc.sans.edu/forums/diary/Malicious+tar+Attachments/24496/
ReiKey MacOS Keystoke Logger Detector
https://objective-see.com/products/reikey.html
Phishing Tool Kit uses Simple Substituion Fonts
https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection
Jan 07, 2019
ISC StormCast for Friday, January 4th 2019
6:07
Malware Leaks Victim Data via FTP
https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/24484/
Hijacking Dormant Twitter Accounts
https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/
Android Authentication Bypass via Skype
https://www.youtube.com/watch?v=EiEcwOfTFqI
Critical Adobe Updates
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
FilesLocker Ransomware Master Key Published
https://www.bleepingcomputer.com/news/security/master-decryption-key-released-for-fileslocker-ransomware/
Jan 04, 2019
ISC StormCast for Thursday, January 3rd 2019
5:51
Gift Card Scams
https://isc.sans.edu/forums/diary/Gift+Card+Scams+on+the+rise/24482/
WiFi Chipset Exploit
https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf?fbclid=IwAR07FmZGKLKdJAKI4g0o-Wm-dLGwclV8Hhi-L4_HRlklldY8UC6WY72AdAw
Jan 03, 2019
ISC StormCast for Wednesday, January 2nd 2019
7:15
Bypassing Vein Scanner Authentication (in german)
https://media.ccc.de/v/35c3-9545-venenerkennung_hacken
Hacking Smart Lightbulbs and Firmware Exploits
https://media.ccc.de/v/35c3-9723-smart_home_-_smart_hack
European Union Offers Bug Bounty for Open Source Software
https://juliareda.eu/fossa/
Bypassing Google ReCaptcha
https://github.com/ecthros/uncaptcha2
Jan 02, 2019
ISC StormCast for Friday, December 28th 2018
6:04
Phishing Attack Uses IP Counter
https://isc.sans.edu/forums/diary/Matryoshka+Phish/24460/
JungleSec Ransomware Attacks via IPMI
https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/
Microsoft Edge PoC RCE Exploit
https://github.com/phoenhex/files/blob/master/pocs/cve-2018-8629-chakra.js
Dec 28, 2018
ISC StormCast for Thursday, December 27th 2018
2:44
Problems with IE Emergency Patch
https://support.microsoft.com/en-us/help/4483229/december192018kb4483229osbuild143932670
Bitcoin Blacklists
https://isc.sans.edu/forums/diary/Bitcoin+Blacklists/24456/
D-Link DIR-816 A2 Stack Overflow
https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816
Dec 26, 2018
ISC StormCast for Friday, December 21st 2018
5:44
Windows 0-Day PoC Published: Arbitrary File Read as System
https://sandboxescaper.blogspot.com/2018/12/readfile-0day.html
Attacks Against 2FA in the Middle East
https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/
FBI Shuts Down Booter Services
http://www.documentcloud.org/documents/5648950-DOJ-indictments-in-booter-cases.html
Intel VISA Undocumented Debug Feature
https://www.blackhat.com/asia-19/briefings/schedule/index.html#intel-visa-through-the-rabbit-hole-13513
Dec 21, 2018
ISC StormCast for Thursday, December 20th 2018
4:16
Microsoft Publishes Emergency Patch for Internet Explorer
https://isc.sans.edu/forums/diary/Microsoft+OOB+Patch+for+Internet+Explorer+Scripting+Engine+Memory+Corruption+Vulnerability/24438/
Restricting PowerShell Capabilities with NetSh
https://isc.sans.edu/forums/diary/Restricting+PowerShell+Capabilities+with+NetSh/24434/
Remotely Bricking a Server
https://eclypsium.com/2018/12/19/remotely-bricking-a-server/
Dec 20, 2018
ISC StormCast for Wednesday, December 19th 2018
5:35
ASUS Vulnerabilities
https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
GIGABYTE Vulnerabilities
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Apple App Store Phishing
https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts
Kibana Vulnerability Exploited
https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/
Decrypter for InsaneCrypt and Everbe 1
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-insanecrypt-or-everbe-1-family-of-ransomware/
http://id-ransomware.malwarehunterteam.com/
SANS Holiday Hack Challenge
https://www.kringlecon.com
Dec 19, 2018
ISC StormCast for Tuesday, December 18th 2018
5:23
Password Protected ZIP with Maldoc
https://isc.sans.edu/forums/diary/Password+Protected+ZIP+with+Maldoc/24426/
Memes Used as Covert Command and Control Channel
https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/
Shamoon Disk Whipper Malware is Back
https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
Dec 18, 2018
ISC StormCast for Monday, December 17th 2018
4:57
Magellan Sqlite Vulnerability
https://blade.tencent.com/magellan/index_en.html
Logitech Options Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1663
Intel NUC BIOS Protection Flaw
https://embedi.org/blog/nuclear-explotion/
HiddenTear Ransomware Decrypter
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-hiddentear-ransomware-with-ht-brute-forcer/
Dec 17, 2018
ISC StormCast for Friday, December 14th 2018
6:39
Fake E-Mail Bomb Threats
https://www.cnn.com/2018/12/13/us/email-bomb-threats/index.html
Phishing Via Non-Delivery Notices
https://isc.sans.edu/forums/diary/Phishing+Attack+Through+NonDelivery+Notification/24412/
LamePyre MacOS Malware
https://blog.malwarebytes.com/detections/osx-lamepyre/
Dec 14, 2018
ISC StormCast for Thursday, December 13th 2018
4:55
Yet Another DOSfuscation Sample
https://isc.sans.edu/forums/diary/Yet+Another+DOSfuscation+Sample/24408/
OpenSSH Backdoors
https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
Android Malware Bypasses 2FA For Paypal
https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
Dec 13, 2018
ISC StormCast for Wednesday, December 12th 2018
5:31
Microsoft December 2018 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+December+2018+Patch+Tuesday/24404/
Adobe Patch Tuesday
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
Certificate Authority Weaknesses
https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf
Dec 12, 2018
ISC StormCast for Tuesday, December 11th 2018
5:45
Kubernetes Unauthenticated PoC Exploit for CVE-2018-1002105
https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc
WebAssembly Brings Buffer Overflows to Browsers
https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly
Increased Ethereum Miner Attacks
https://isc.sans.edu/port.html?port=8545
https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter
Android Click Fraud Apps are Emulating iPhones for Higher Revenue
https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/
Dec 11, 2018
ISC StormCast for Monday, December 10th 2018
5:45
Analyzing Malicious Docker Images
https://isc.sans.edu/forums/diary/A+Dive+into+malicious+Docker+Containers/24388/
Arrest of Huawei CFO Inspires Advance Fee Scam
https://isc.sans.edu/forums/diary/Arrest+of+Huawei+CFO+Inspires+Advance+Fee+Scam/24396/
Sextortion Messages Leading to Ransomware
https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware
WebKit Exploit Released
https://github.com/LinusHenze/WebKit-RegEx-Exploit
Implants Found in Russian Banks
https://securelist.com/darkvishnya/89169/
Dec 10, 2018
ISC StormCast for Friday, December 7th 2018
21:33
Adobe Vulnerability PoC Released
https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/
WatchOS Update
https://support.apple.com/en-us/HT209343
Data Exfiltration During Pentests
https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/
PoC Exploit for Kubernetes Vulnerability
https://github.com/evict/poc_CVE-2018-1002105
Preston Ackerman: Marketing 2FA
https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695
Dec 07, 2018