SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

By Johannes B. Ullrich

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 885
Reviews: 4


 May 2, 2020


 Jan 10, 2019

Kir
 Sep 11, 2018
...

Harald Clark
 Aug 18, 2018
A nice, clear and concise, daily overview of computing security threats; links for more info and no irrelevant padding of podcast audio.

Description

Daily update on current cyber security threats

Episode Date
ISC StormCast for Tuesday, July 14th 2020
6:27
Jul 14, 2020
ISC StormCast for Monday, July 13th 2020
6:50
Jul 13, 2020
ISC StormCast for Friday, July 10th 2020
14:16
Jul 10, 2020
ISC StormCast for Thursday, July 9th 2020
6:31
Jul 09, 2020
ISC StormCast for Wednesday, July 8th 2020
5:28
Jul 08, 2020
ISC StormCast for Tuesday, July 7th 2020
5:20
Jul 07, 2020
ISC StormCast for Monday, July 6th 2020
6:15
Jul 06, 2020
ISC StormCast for Thursday, July 2nd 2020
4:25
Jul 02, 2020
ISC StormCast for Wednesday, July 1st 2020
5:54
Jul 01, 2020
ISC StormCast for Tuesday, June 30th 2020
4:35
Jun 30, 2020
ISC StormCast for Monday, June 29th 2020
7:07
Jun 29, 2020
ISC StormCast for Friday, June 26th 2020
16:43
Jun 26, 2020
ISC StormCast for Thursday, June 25th 2020
5:49
Jun 25, 2020
ISC StormCast for Wednesday, June 24th 2020
5:57
Jun 24, 2020
ISC StormCast for Tuesday, June 23rd 2020
7:13
Jun 23, 2020
ISC StormCast for Monday, June 22nd 2020
5:24
Jun 22, 2020
ISC StormCast for Friday, June 19th 2020
5:56
Jun 19, 2020
ISC StormCast for Thursday, June 18th 2020
7:04
Jun 18, 2020
ISC StormCast for Wednesday, June 17th 2020
6:39
Jun 17, 2020
ISC StormCast for Tuesday, June 16th 2020
6:51
Jun 16, 2020
ISC StormCast for Monday, June 15th 2020
6:16
Jun 15, 2020
ISC StormCast for Friday, June 12th 2020
7:01
Jun 12, 2020
ISC StormCast for Thursday, June 11th 2020
6:18
Jun 11, 2020
ISC StormCast for Wednesday, June 10th 2020
6:09
Jun 10, 2020
ISC StormCast for Tuesday, June 9th 2020
6:51
Jun 09, 2020
ISC StormCast for Monday, June 8th 2020
6:23
Jun 08, 2020
ISC StormCast for Friday, June 5th 2020
13:14
Jun 05, 2020
ISC StormCast for Thursday, June 4th 2020
5:59
Jun 04, 2020
ISC StormCast for Wednesday, June 3rd 2020
5:34
Jun 03, 2020
ISC StormCast for Tuesday, June 2nd 2020
7:06
Jun 02, 2020
ISC StormCast for Monday, June 1st 2020
6:15
Jun 01, 2020
ISC StormCast for Friday, May 29th 2020
18:43
USBFuzz Finds Numerous USB Flaws
https://www.nebelwelt.net/files/20SEC3.pdf
Cisco Products Vulnerable to Saltstack Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
Another Nail in the Coffin for SHA-1
https://eprint.iacr.org/2020/014.pdf
STI Student: Andy Piazza; Qualifying Threat Actor Assessments
https://www.sans.org/reading-room/whitepapers/threatintelligence/paper/39585
May 29, 2020
ISC StormCast for Thursday, May 28th 2020
6:49
May 28, 2020
ISC StormCast for Wednesday, May 27th 2020
5:59
May 27, 2020
ISC StormCast for Tuesday, May 26th 2020
6:34
May 26, 2020
ISC StormCast for Friday, May 22nd 2020
6:02
May 22, 2020
ISC StormCast for Thursday, May 21st 2020
5:47
May 21, 2020
ISC StormCast for Wednesday, May 20th 2020
6:32
May 20, 2020
ISC StormCast for Tuesday, May 19th 2020
6:16
Antivirus & Multiple Detections
https://isc.sans.edu/forums/diary/Antivirus+Multiple+Detections/26134/
Office 365 Returning Search Results from Other Organizations
https://www.theregister.co.uk/2020/05/18/microsoft_office_365_internal_search_mixup/
MagicPairing Vulnerabilities
https://arxiv.org/pdf/2005.07255.pdf
BIAS: Bluetooth Impersonation AttackS
https://francozappa.github.io/about-bias/
May 19, 2020
ISC StormCast for Monday, May 18th 2020
6:19
May 18, 2020
ISC StormCast for Friday, May 15th 2020
6:02
May 15, 2020
ISC StormCast for Thursday, May 14th 2020
5:58
May 14, 2020
ISC StormCast for Wednesday, May 13th 2020
7:03
May 13, 2020
ISC StormCast for Tuesday, May 12th 2020
5:54
May 12, 2020
ISC StormCast for Monday, May 11th 2020
5:24
May 11, 2020
ISC StormCast for Friday, May 8th 2020
5:47
May 08, 2020
ISC StormCast for Thursday, May 7th 2020
5:56
May 07, 2020
ISC StormCast for Wednesday, May 6th 2020
5:14
May 06, 2020
ISC StormCast for Tuesday, May 5th 2020
5:24
May 05, 2020
ISC StormCast for Monday, May 4th 2020
5:25
May 04, 2020
ISC StormCast for Friday, May 1st 2020
7:15
May 01, 2020
ISC StormCast for Thursday, April 30th 2020
6:16
Apr 30, 2020
ISC StormCast for Wednesday, April 29th 2020
4:50
Apr 29, 2020
ISC StormCast for Tuesday, April 28th 2020
6:12
Apr 28, 2020
ISC StormCast for Monday, April 27th 2020
7:39
Apr 27, 2020
ISC StormCast for Friday, April 24th 2020
7:21
GCC's New Security Analyzer Finds Flaw in OpenSSL
https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/
IBM Spectrum Protect Server Stack Based Buffer Overflow
https://www.ibm.com/support/pages/node/6195706
Possible Issues With Cummulative Windows Updates
https://www.reddit.com/search/?q=KB4549951
Using a GPU as a Radio
https://duo.com/labs/research/finding-radio-sidechannels
Comparing Red Team Platforms
https://redcanary.com/blog/comparing-red-team-platforms/
Apr 24, 2020
ISC StormCast for Thursday, April 23rd 2020
6:04
Apr 23, 2020
ISC StormCast for Wednesday, April 22nd 2020
5:56
Apr 22, 2020
ISC StormCast for Tuesday, April 21st 2020
5:47
Apr 21, 2020
ISC StormCast for Monday, April 20th 2020
5:34
Apr 20, 2020
ISC StormCast for Friday, April 17th 2020
5:50
Apr 17, 2020
ISC StormCast for Thursday, April 16th 2020
5:27
Apr 16, 2020
ISC StormCast for Wednesday, April 15th 2020
5:00
Apr 15, 2020
ISC StormCast for Tuesday, April 14th 2020
6:20
Apr 14, 2020
ISC StormCast for Monday, April 13th 2020
5:18
Apr 13, 2020
ISC StormCast for Friday, April 10th 2020
5:45
Apr 10, 2020
ISC StormCast for Thursday, April 9th 2020
5:54
Apr 09, 2020
ISC StormCast for Wednesday, April 8th 2020
5:10
Apr 08, 2020
ISC StormCast for Tuesday, April 7th 2020
6:35
Apr 07, 2020
ISC StormCast for Monday, April 6th 2020
5:44
Apr 06, 2020
ISC StormCast for Friday, April 3rd 2020
6:34
Apr 03, 2020
ISC StormCast for Thursday, April 2nd 2020
6:27
Apr 02, 2020
ISC StormCast for Wednesday, April 1st 2020
6:57
Apr 01, 2020
ISC StormCast for Tuesday, March 31st 2020
6:50
Mar 31, 2020
ISC StormCast for Monday, March 30th 2020
5:38
Mar 30, 2020
ISC StormCast for Friday, March 27th 2020
5:40
Mar 27, 2020
ISC StormCast for Thursday, March 26th 2020
5:23
Mar 26, 2020
ISC StormCast for Wednesday, March 25th 2020
5:39
Mar 25, 2020
ISC StormCast for Tuesday, March 24th 2020
6:01
Mar 24, 2020
ISC StormCast for Monday, March 23rd 2020
6:41
Mar 23, 2020
ISC StormCast for Friday, March 20th 2020
5:09
Mar 20, 2020
ISC StormCast for Thursday, March 19th 2020
6:07
Mar 19, 2020
ISC StormCast for Wednesday, March 18th 2020
7:45
Mar 18, 2020
ISC StormCast for Tuesday, March 17th 2020
5:52
Mar 17, 2020
ISC StormCast for Monday, March 16th 2020
6:53
Mar 16, 2020
ISC StormCast for Friday, March 13th 2020
6:48
Microsoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
Hancitor Distributed Through Coronavirus-Themed Malspam
https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/
Avast Removes Vulnerable JavaScript Emulator From Products
https://github.com/taviso/avscript
Checkra1n Exploit Works Against T2 Equipped Macs
https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/
Mar 13, 2020
ISC StormCast for Thursday, March 12th 2020
5:45
Mar 12, 2020
ISC StormCast for Wednesday, March 11th 2020
5:17
Mar 11, 2020
ISC StormCast for Tuesday, March 10th 2020
6:45
Malicious Spreadsheet With Data Connection and Excel 4 Macros
https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/
Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors
https://mlq.me/download/takeaway.pdf
https://www.amd.com/en/corporate/product-security
Google Play Store Protect Fails Security Test
https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/
Mar 10, 2020
ISC StormCast for Monday, March 9th 2020
5:30
Mar 09, 2020
ISC StormCast for Friday, March 6th 2020
6:15
Mar 06, 2020
ISC StormCast for Thursday, March 5th 2020
6:46
Mar 05, 2020
ISC StormCast for Wednesday, March 4th 2020
6:18
Mar 04, 2020
ISC StormCast for Tuesday, March 3rd 2020
5:46
Mar 03, 2020
ISC StormCast for Monday, March 2nd 2020
5:06
Mar 02, 2020
ISC StormCast for Friday, February 28th 2020
5:33
Feb 28, 2020
ISC StormCast for Thursday, February 27th 2020
6:48
Kr00k WiFi Attack
https://www.eset.com/int/kr00k/
Impersonating LTE Users
https://imp4gt-attacks.net/
Zyxel RCE Vulnerablity
https://www.kb.cert.org/vuls/id/498544/
Feb 27, 2020
ISC StormCast for Wednesday, February 26th 2020
5:33
Feb 26, 2020
ISC StormCast for Tuesday, February 25th 2020
7:16
Feb 25, 2020
ISC StormCast for Monday, February 24th 2020
6:42
Feb 24, 2020
ISC StormCast for Friday, February 21st 2020
6:42
Feb 21, 2020
ISC StormCast for Thursday, February 20th 2020
5:46
Feb 20, 2020
ISC StormCast for Wednesday, February 19th 2020
372
Feb 19, 2020
ISC StormCast for Tuesday, February 18th 2020
5:41
More about Curl on Windows
https://isc.sans.edu/forums/diary/curl+and+SSPI/25812/
WHO Warns of Coronavirus Phishing
https://www.who.int/about/communications/cyber-security
DUO Security / Google Identify Malicous Chrome Extensions
https://duo.com/labs/research/crxcavator-malvertising-2020
Feb 18, 2020
ISC StormCast for Monday, February 17th 2020
5:28
Feb 17, 2020
ISC StormCast for Friday, February 14th 2020
6:44
Feb 14, 2020
ISC StormCast for Thursday, February 13th 2020
6:03
Feb 13, 2020
ISC StormCast for Wednesday, February 12th 2020
1335
Feb 12, 2020
ISC StormCast for Tuesday, February 11th 2020
6:23
Feb 11, 2020
ISC StormCast for Monday, February 10th 2020
6:32
Feb 10, 2020
ISC StormCast for Friday, February 7th 2020
5:37
Feb 07, 2020
ISC StormCast for Friday, February 7th 2020
5:37
Feb 07, 2020
ISC StormCast for Thursday, February 6th 2020
5:50
Feb 06, 2020
ISC StormCast for Thursday, February 6th 2020
5:50
Feb 06, 2020
ISC StormCast for Wednesday, February 5th 2020
6:16
Feb 05, 2020
ISC StormCast for Wednesday, February 5th 2020
6:16
Feb 05, 2020
ISC StormCast for Tuesday, February 4th 2020
6:42
Feb 04, 2020
ISC StormCast for Tuesday, February 4th 2020
6:42
Feb 04, 2020
ISC StormCast for Monday, February 3rd 2020
6:05
Feb 03, 2020
ISC StormCast for Monday, February 3rd 2020
6:05
Feb 03, 2020
ISC StormCast for Friday, January 31st 2020
10:23
Jan 31, 2020
ISC StormCast for Friday, January 31st 2020
10:23
Jan 31, 2020
ISC StormCast for Thursday, January 30th 2020
6:34
Jan 30, 2020
ISC StormCast for Thursday, January 30th 2020
6:34
Jan 30, 2020
ISC StormCast for Wednesday, January 29th 2020
5:27
Jan 29, 2020
ISC StormCast for Wednesday, January 29th 2020
5:27
Jan 29, 2020
ISC StormCast for Tuesday, January 28th 2020
4:32
Jan 28, 2020
ISC StormCast for Tuesday, January 28th 2020
4:32
Jan 28, 2020
ISC StormCast for Monday, January 27th 2020
5:50
Jan 27, 2020
ISC StormCast for Monday, January 27th 2020
5:50
Jan 27, 2020
ISC StormCast for Friday, January 24th 2020
7:06
Simple vs. Complex Obfuscation
https://isc.sans.edu/forums/diary/Complex+Obfuscation+VS+Simple+Trick/25738/
RD Gateway PoC Exploit Release
https://github.com/ollypwn/BlueGate
Citrix ADC Compromise Scanner
https://github.com/citrix/ioc-scanner-CVE-2019-19781/
LastPass Accidentially Removes Extension from Chrome Web Store
https://twitter.com/LastPassStatus/status/1220122561989640192
Jan 24, 2020
ISC StormCast for Friday, January 24th 2020
7:06
Simple vs. Complex Obfuscation
https://isc.sans.edu/forums/diary/Complex+Obfuscation+VS+Simple+Trick/25738/
RD Gateway PoC Exploit Release
https://github.com/ollypwn/BlueGate
Citrix ADC Compromise Scanner
https://github.com/citrix/ioc-scanner-CVE-2019-19781/
LastPass Accidentially Removes Extension from Chrome Web Store
https://twitter.com/LastPassStatus/status/1220122561989640192
Jan 24, 2020
ISC StormCast for Thursday, January 23rd 2020
5:55
Jan 23, 2020
ISC StormCast for Thursday, January 23rd 2020
5:55
German Malspam Pushing Ursnif
https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/
Tracking Users Using Safari's Intelligent Tracking Prevention
https://arxiv.org/pdf/2001.07421.pdf
Muhstik Botnet Targeting Tomato Routers
https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/
Cisco Firepower Management Center LDAP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth
Jan 23, 2020
ISC StormCast for Wednesday, January 22nd 2020
6:06
Jan 22, 2020
ISC StormCast for Wednesday, January 22nd 2020
6:06
DeepBlueCLI
https://isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/
https://github.com/sans-blue-team/DeepBlueCLI
EFS Ransomware
https://safebreach.com/Post/EFS-Ransomware
Fake Leak Compensation
https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/
Criminals Use Fake Job Sites to Defraud Victims
https://www.ic3.gov/media/2020/200121.aspx
Jan 22, 2020
ISC StormCast for Tuesday, January 21st 2020
5:46
Jan 21, 2020
ISC StormCast for Tuesday, January 21st 2020
5:46
Twist on Sextortion
https://www.dailymail.co.uk/sciencetech/article-7886055/Sextortion-campaign-targets-users-Google-Nest-smart-camera.html
Emotet Uses Extortion to Infect Systems
https://www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/
Lastpass Outage
https://www.theregister.co.uk/2020/01/20/lastpass_outage/
Netgear Signed TLS Cert Private Key Disclosure
https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9
Jan 21, 2020
ISC StormCast for Monday, January 20th 2020
5:30
Jan 20, 2020
ISC StormCast for Monday, January 20th 2020
5:30
Microsoft Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001
CVE-2020-0601 Update
https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/
Curveball Update
https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/
https://isc.sans.edu/diary//25724
Jan 20, 2020
ISC StormCast for Friday, January 17th 2020
14:23
Jan 17, 2020
ISC StormCast for Friday, January 17th 2020
14:23
CVE-2020-0601 Update ("Curveball" , "Letsdecrypt")
https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/
https://curveballtest.com
Certain Netscaler Devices Do Not Support Mitigation (article in dutch)
https://www.ncsc.nl/actueel/nieuws/2020/januari/16/door-citrix-geadviseerde-mitigerende-maatregelen-niet-altijd-effectief
Cable Haunt Vulnerability
https://cablehaunt.com/
STI Student Interview: Jon Michael Lacek
https://www.sans.org/reading-room/whitepapers/securecode/changing-devops-culture-security-scan-time-39125
Jan 17, 2020
ISC StormCast for Thursday, January 16th 2020
6:28
Jan 16, 2020
ISC StormCast for Thursday, January 16th 2020
6:28
CVE-2020-0601 Followup
https://isc.sans.edu/forums/diary/CVE20200601+Followup/25714/
Oracle Patches
https://www.oracle.com/security-alerts/cpujan2020.html
Jan 16, 2020
ISC StormCast for Wednesday, January 15th 2020
10:02
Jan 15, 2020
ISC StormCast for Wednesday, January 15th 2020
10:02
Microsoft January 2020 Patch Tuesday and #CryptoAPI Flaw
Webcast: https://sans.org/cryptoapi-isc
Diary: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/
NSA Release: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
Jan 15, 2020
ISC StormCast for Tuesday, January 14th 2020
7:22
Jan 14, 2020
ISC StormCast for Tuesday, January 14th 2020
7:22
Upcoming Critical MSFT Patch
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
SIM Swapping is Easy
https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf
Google Open Sources wombat dressing room npm publication proxy
https://opensource.googleblog.com/2020/01/wombat-dressing-room-npm-publication_10.html
Jan 14, 2020
ISC StormCast for Monday, January 13th 2020
7:36
Citrix ADC Vulnerability Actively Exploited. Assume vulnerable systems are compromised.
Updated Citrix Advisory: https://support.citrix.com/article/CTX267027
Exploit Activity Summary: https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/
Vulnerablity Scanner: https://github.com/trustedsec/cve-2019-19781/
Special Webcast: https://i5c.us/citrix
YouTube Walk Through of the vulnerability: https://youtu.be/msslpqyf98c
Jan 13, 2020
ISC StormCast for Monday, January 13th 2020
7:36
Citrix ADC Vulnerability Actively Exploited. Assume vulnerable systems are compromised.
Updated Citrix Advisory: https://support.citrix.com/article/CTX267027
Exploit Activity Summary: https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/
Vulnerablity Scanner: https://github.com/trustedsec/cve-2019-19781/
Jan 13, 2020
ISC StormCast for Friday, January 10th 2020
10:38
Another Malicious Word Document
https://isc.sans.edu/forums/diary/Quick+Analyzis+of+another+Maldoc/25694/
SHA1 Update
https://sha-mbles.github.io/
Cisco Updates
https://tools.cisco.com/security/center/publicationListing.x
Mandy Galante: Girls Go Cyberstart (register now. Play Jan 13th-31st)
https://www.girlsgocyberstart.org/
Jan 10, 2020
ISC StormCast for Friday, January 10th 2020
10:38
Another Malicious Word Document
https://isc.sans.edu/forums/diary/Quick+Analyzis+of+another+Maldoc/25694/
SHA1 Update
https://sha-mbles.github.io/
Cisco Updates
https://tools.cisco.com/security/center/publicationListing.x
Mandy Galante: Girls Go Cyberstart (register now. Play Jan 13th-31st)
https://www.girlsgocyberstart.org/
Jan 10, 2020
ISC StormCast for Thursday, January 9th 2020
5:41
Jan 09, 2020
ISC StormCast for Thursday, January 9th 2020
5:41
Critical Firefox Update Fixing Exploited Bug
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
3 Google Play Store Apps Exploit Android Zero-Day
https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
Tails 4.2
https://tails.boum.org/news/version_4.2/index.en.html
TikTok Vulnerablities
https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
Jan 09, 2020
ISC StormCast for Wednesday, January 8th 2020
5:29
Jan 08, 2020
ISC StormCast for Wednesday, January 8th 2020
5:29
Citrix ADC Update
https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/
Pulse Secure SSLVPN Exploited
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
https://www.darkreading.com/attacks-breaches/widely-known-flaw-in-pulse-secure-vpn-being-used-in-ransomware-attacks/d/d-id/1336729
Google Project Zero Changing Disclosure Policy
https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html
Google Updates Android
https://source.android.com/security/bulletin/2020-01-01
Jan 08, 2020
ISC StormCast for Tuesday, January 7th 2020
5:10
Jan 07, 2020
ISC StormCast for Tuesday, January 7th 2020
5:10
Spoofed Scans from 103/8
https://isc.sans.edu/forums/diary/Increase+in+Number+of+Sources+January+3rd+and+4th+spoofed/25678/
Iran Terror Threat
https://www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf
BusKill Laptop Kill Cord
https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
Jan 07, 2020
ISC StormCast for Monday, January 6th 2020
4:31
Jan 06, 2020
ISC StormCast for Monday, January 6th 2020
4:31
Quick Summary of the California Conumser Privacy Act
https://isc.sans.edu/forums/diary/CCPA+Quick+Overview/25668/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
XiaoMi Camera Cache Bug
https://www.reddit.com/r/googlehome/comments/eine1m/when_i_load_the_xiaomi_camera_in_my_google_home/
Jan 06, 2020
ISC StormCast for Friday, January 3rd 2020
8:24
Ransomware written in JavaScript using Node.js
https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/
Landry Restaurant PoS Breach
https://www.landrysinc.com/CreditNotice/CANotice.asp
Holiday Hack Challenge
https://www.holidayhackchallenge.com
Citrix/NetScaler Vulnerability Special Webcast Recording
https://i5c.us/citrix
Jan 03, 2020
ISC StormCast for Friday, January 3rd 2020
8:24
Ransomware written in JavaScript using Node.js
https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/
Landry Restaurant PoS Breach
https://www.landrysinc.com/CreditNotice/CANotice.asp
Holiday Hack Challenge
https://www.holidayhackchallenge.com
Citrix/NetScaler Vulnerability Special Webcast Recording
https://i5s.us/citrix
Jan 03, 2020
ISC StormCast for Tuesday, December 31st 2019
6:37
Dec 31, 2019
ISC StormCast for Tuesday, December 31st 2019
6:37
ISC API Update
https://isc.sans.edu/api
https://isc.sans.edu/forums/diary/Miscellaneous+Updates+to+our+Threatfeed+API/25654/
CCC Conference
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/
https://events.ccc.de/congress/2019/wiki/index.php/Main_Page
Dec 31, 2019
ISC StormCast for Monday, December 30th 2019
5:56
Dec 30, 2019
ISC StormCast for Monday, December 30th 2019
5:56
Breaking 2FA Soft Tokens
https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf
PiHole Dashboard
https://isc.sans.edu/forums/diary/ELK+Dashboard+for+Pihole+Logs/25652/
Corrupt Office Documents
https://isc.sans.edu/forums/diary/Corrupt+Office+Documents/25650/
Enumerating Office 365 Users
https://isc.sans.edu/forums/diary/Enumerating+office365+users/25648/
Dec 30, 2019
ISC StormCast for Friday, December 27th 2019
3:44
Dec 27, 2019
ISC StormCast for Friday, December 27th 2019
3:44
Citrix Application Delivery Controller (Netscaler ADC) Critical Vulnerability
https://www.ptsecurity.com/ww-en/about/news/citrix-vulnerability-allows-criminals-to-hack-networks-of-80000-companies/
https://support.citrix.com/article/CTX267027
Dec 27, 2019
ISC StormCast for Monday, December 23rd 2019
4:34
Dec 23, 2019
ISC StormCast for Monday, December 23rd 2019
4:34
Extracting VBA Macros From .DWG Files
https://isc.sans.edu/forums/diary/Extracting+VBA+Macros+From+DWG+Files/25634/
Cisco PKI Self-Signed Certificate Expiration
https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html
AFRINIC IP Address Space Misappropriated By Insider
https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
Dec 23, 2019
ISC StormCast for Friday, December 20th 2019
5:12
Dec 20, 2019
ISC StormCast for Friday, December 20th 2019
5:12
More DNS over HTTPS Details
https://isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/
Ransomware Outing Victims
https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
Dec 20, 2019
ISC StormCast for Thursday, December 19th 2019
3:46
Dec 19, 2019
ISC StormCast for Thursday, December 19th 2019
3:46
An Emotet Update
https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/
Emotet Used to Spread Malware From German Federal Agency Accounts (german)
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html
Joomla Patches SQL Injection
https://developer.joomla.org/security-centre.html
Unicode Mapping Problems
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
Dec 19, 2019
ISC StormCast for Wednesday, December 18th 2019
6:00
Dec 18, 2019
ISC StormCast for Wednesday, December 18th 2019
6:00
Discovering DNS over HTTPS
https://isc.sans.edu/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616/
Ring Camera Weaknesses
https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security
WhatsApp DoS Bug
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
Dec 18, 2019
ISC StormCast for Tuesday, December 17th 2019
6:17
Dec 17, 2019
ISC StormCast for Tuesday, December 17th 2019
6:17
Slack "Unshare" Not Working As Expected
https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/
Google Making OAUTH Mandatory for GSuite
https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html
TPLink Authentication Bypass
https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/
Factoring IoT RSA Keys
https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era
Dec 17, 2019
ISC StormCast for Monday, December 16th 2019
5:40
Dec 16, 2019
ISC StormCast for Monday, December 16th 2019
5:40
VBA Macros in Autocad
https://isc.sans.edu/forums/diary/Malicious+DWG+Files/25612/
OpenBSD Privilege Escalation Vulnerability
https://www.qualys.com/2019/12/11/cve-2019-19726/local-privilege-escalation-openbsd-dynamic-loader.txt
NPM Fixes Critical Security Vulnerability
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
Dec 16, 2019
ISC StormCast for Friday, December 13th 2019
14:28
Dec 13, 2019
ISC StormCast for Friday, December 13th 2019
14:28
Malware Information Sharing
https://isc.sans.edu/forums/diary/Code+Data+Reuse+in+the+Malware+Ecosystem/25598/
Apple Improves Tracking Prevention Tracking in WebKit
https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/
Google Verified SMS Messages
https://www.blog.google/products/messages/safer-conversations-messages-verified-sms-and-spam-protection/
Echobot Keeps Adding More Exploits
https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/
STI Research Paper: Caleb Baker DNS Monitoring
https://www.sans.org/reading-room/whitepapers/dns/challenges-effective-dns-query-monitoring-39215
Dec 13, 2019
ISC StormCast for Thursday, December 12th 2019
5:17
Dec 12, 2019
ISC StormCast for Thursday, December 12th 2019
5:17
German Malspam Installs Trickbot
https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/
Vulnerable KeyWe Smart Lock
https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
iOS Spam Feature
https://support.apple.com/en-us/HT210756
https://kishanbagaria.com/airdos/
Dec 12, 2019
ISC StormCast for Wednesday, December 11th 2019
6:48
Dec 11, 2019
ISC StormCast for Wednesday, December 11th 2019
6:48
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+December+2019+Patch+Tuesday/25592/
https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
Apple Security Updates
https://support.apple.com/en-us/HT201222
Intel Plundervolt Update
https://blogs.intel.com/technology/2019/12/ipas-security-advisories-for-december-2019/
Dec 11, 2019
ISC StormCast for Tuesday, December 10th 2019
7:55
Dec 10, 2019
ISC StormCast for Tuesday, December 10th 2019
7:55
Another Word Maldoc
https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/
Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents
https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/
Extending Windows 7 Security Updates
https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/
Swift on Security Updates Sysmon Rules
https://github.com/SwiftOnSecurity/sysmon-config
RSA Webcast
https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving
Dec 10, 2019
ISC StormCast for Monday, December 9th 2019
6:09
Dec 09, 2019
ISC StormCast for Monday, December 9th 2019
6:09
E-Mail Includes Entire HTML/Javascript Phishing Kit
https://isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/
Great Canon / Red Canon Activated to Silence Pro Hongkong Forum
https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again
Dec 09, 2019
ISC StormCast for Friday, December 6th 2019
14:01
Dec 06, 2019
ISC StormCast for Friday, December 6th 2019
14:01
OpenBSD Authentication Bypass and Privilege Escalation Vulnerability
https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt?_ga=2.58244398.587934852.1575530822-682141427.1570559125
Hijacking Linux (and BSD) VPN Connections
https://seclists.org/oss-sec/2019/q4/122
RASP vs. WAF: Alexander Fry Research Paper
https://www.sans.org/reading-room/whitepapers/application/runtime-application-self-protection-rasp-investigation-effectiveness-rasp-solution-protecting-vulnerable-target-applications-38950
Dec 06, 2019
ISC StormCast for Thursday, December 5th 2019
6:01
Dec 05, 2019
ISC StormCast for Thursday, December 5th 2019
6:01
Atlasian Companion App / IBM Aspera Cloud
https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/
https://confluence.atlassian.com/doc/administering-the-atlassian-companion-app-958456281.html
https://twitter.com/tmslft/status/1202056063878606848?s=20
Fake Python Library in PyPi
https://github.com/dateutil/dateutil/issues/984
GoAhead Web Server Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888
Dec 05, 2019
ISC StormCast for Wednesday, December 4th 2019
6:11
Dec 04, 2019
ISC StormCast for Wednesday, December 4th 2019
6:11
Avast Online Security and Avast Secure Browser Blocked for Spying on Users
https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/
Google Android Updates
https://source.android.com/security/bulletin/2019-12-01
Strandhogg Vulnerability
https://promon.co/security-news/strandhogg/
Firefox 71 Released
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/
Dec 04, 2019
ISC StormCast for Tuesday, December 3rd 2019
5:53
Dec 03, 2019
ISC StormCast for Tuesday, December 3rd 2019
5:53
Increased Scans on Port 26
https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/
Recent Ursnif Malspam
https://isc.sans.edu/forums/diary/Ursnif+infection+with+Dridex/25566/
Windows 7 Extended Security Updates
https://www.microsoft.com/microsoft-365/partners/news/article/announcing-paid-windows-7-extended-security-updates
QNAP Patches Photo Station
https://www.qnap.com/en/security-advisory/nas-201911-25
Dec 03, 2019
ISC StormCast for Monday, December 2nd 2019
6:43
Dec 02, 2019
ISC StormCast for Monday, December 2nd 2019
6:43
Agent Tesla Malware Sample Analysis
https://isc.sans.edu/forums/diary/Finding+an+Agent+Tesla+malware+sample/25554/
Search With SauronEye
https://isc.sans.edu/forums/diary/ISC+Snapshot+Search+with+SauronEye/25558/
Splunk Y2K20 Patch
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020
Google TAG Quarterly Summary
https://blog.google/technology/safety-security/threat-analysis-group/protecting-users-government-backed-hacking-and-disinformation/
Dec 02, 2019
ISC StormCast for Wednesday, November 27th 2019
5:47
Nov 27, 2019
ISC StormCast for Wednesday, November 27th 2019
5:47
Playing With Phishing
https://isc.sans.edu/forums/diary/Lessons+learned+from+playing+a+willing+phish/25552/
HPE SSD Drives will Stop Working in 3 years
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us
Malicious Android SDK Captures Social Media Data
https://help.twitter.com/en/sdk-issue
Kasperski API Exposed to Websites
https://palant.de/2019/11/26/internal-kaspersky-api-exposed-to-websites/
Malicious Ad Statistics
https://www.confiant.com/Demand-Quality-Report-Q3-2019
Nov 27, 2019
ISC StormCast for Tuesday, November 26th 2019
4:38
Nov 26, 2019
ISC StormCast for Tuesday, November 26th 2019
4:38
DNS over HTTPS (DoH) in SOHO Networks
https://isc.sans.edu/forums/diary/My+Little+DoH+Setup/25548/
Fortinet Weak Crypto
https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/
Tracking Web Users via DNS
https://github.com/uBlockOrigin/uBlock-issues/issues/780
Nov 26, 2019
ISC StormCast for Monday, November 25th 2019
5:21
Nov 25, 2019
ISC StormCast for Monday, November 25th 2019
5:21
Web Filter Misconfiguration Abused for Recognisance
https://isc.sans.edu/forums/diary/Abusing+Web+Filters+Misconfiguration+for+Reconnaissance/25538/
Local Malware Analysis with Malice
https://isc.sans.edu/forums/diary/Local+Malware+Analysis+with+Malice/25544/
Multiple Vulnerabilities in VNC
https://www.kaspersky.com/blog/vnc-vulnerabilities/31462/
Nov 25, 2019
ISC StormCast for Friday, November 22nd 2019
6:16
Nov 22, 2019
ISC StormCast for Friday, November 22nd 2019
6:16
Weaknesses in Memory Encryption Solutions
https://arxiv.org/abs/1908.11680
GetMonero Wallet Compromised
https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html
RIPlace Ransomware Detection Bypass
https://www.nyotron.com/blog/nyotron-discovers-potentially-unstoppable-ransomware-evasion-technique-riplace/
Microsoft Office Remote Content Triggers in Preview Pane
https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386
Nov 22, 2019
ISC StormCast for Thursday, November 21st 2019
6:07
Nov 21, 2019
ISC StormCast for Thursday, November 21st 2019
6:07
Latest Hancitor Malspam Update
https://isc.sans.edu/forums/diary/Hancitor+infection+with+Pony+Evil+Pony+Ursnif+and+Cobalt+Strike/25532/
Oracle Payday Vulnerabilities Exploited
https://www.onapsis.com/blog/oracle-payday-vulnerabilities
Google Chrome Update
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html
NSA Publishes Guide About the Risks of Inspecting TLS
https://media.defense.gov/2019/Nov/18/2002212783/-1/-1/0/MANAGING%20RISK%20FROM%20TLS%20INSPECTION_20191106.PDF
Unbound Command Execution Vulnerability
https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module
Nov 21, 2019
ISC StormCast for Wednesday, November 20th 2019
6:23
Nov 20, 2019
ISC StormCast for Wednesday, November 20th 2019
6:23
JAWS DVR Bot
https://isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/
TianFu Cup
https://twitter.com/TianfuCup
Microsoft Access Hotfix
https://support.microsoft.com/en-us/help/4484198/november-18-2019-update-for-office-2016-kb4484198
Windows 10 DNS over HTTPS
https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-will-improve-user-privacy-with-DNS-over-HTTPS/ba-p/1014229
Android Camera Permission Mixup
https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
Nov 20, 2019
ISC StormCast for Tuesday, November 19th 2019
5:38
Nov 19, 2019
ISC StormCast for Tuesday, November 19th 2019
5:38
Carriers Filter SMS Messages Sent By Applications
https://isc.sans.edu/forums/diary/SMS+and+2FA+Another+Reason+to+Move+away+from+It/25526/
Intel Removing BIOS Downloads for EOL Hardware
https://www.vogons.org/viewtopic.php?f=46&t=69184
https://news.ycombinator.com/item?id=21563309
Outlook 365 Remains Top Phishing Target
https://info.phishlabs.com/blog/active-office-365-phishing-campaign-targeting-admin-credentials
Nov 19, 2019
ISC StormCast for Monday, November 18th 2019
5:55
Nov 18, 2019
ISC StormCast for Monday, November 18th 2019
5:55
TPM Fail Update
https://downloadcenter.intel.com/download/28632
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
Office November Update Issues
https://borncity.com/win/2019/11/13/office-november-2019-updates-are-causing-access-error-3340/
WhatsApp Stack Based Buffer Overflow
https://nvd.nist.gov/vuln/detail/CVE-2019-11931
Android Qualcom Data Exfiltration Bug
https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/
Nextcloud Ransomware NextCry
https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Nov 18, 2019
ISC StormCast for Friday, November 15th 2019
7:15
Nov 15, 2019
ISC StormCast for Friday, November 15th 2019
7:15
LokiBot Update (November 2019)
https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/
Some Packet-Fu with Zeek
https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/
TPM Leaks
http://tpm.fail/
Zombieload 2.0 Vulnerability
https://zombieloadattack.com/
Nov 15, 2019
ISC StormCast for Wednesday, November 13th 2019
6:44
Nov 13, 2019
ISC StormCast for Wednesday, November 13th 2019
6:44
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/November+2019+Microsoft+Patch+Tuesday/25516/
Adobe Update
https://helpx.adobe.com/security.html
Facebook Camera Bug
https://www.cnet.com/news/facebook-bug-has-camera-activated-while-people-are-using-the-app
McAfee Anti Virus Bypass and Persistance
https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
Nov 13, 2019
ISC StormCast for Tuesday, November 12th 2019
5:45
Nov 12, 2019
ISC StormCast for Tuesday, November 12th 2019
5:45
Are We Going Back to TheMoon And How is Liquor Involved
https://isc.sans.edu/forums/diary/Are+We+Going+Back+to+TheMoon+and+How+is+Liquor+Involved/25512/
New Update for Magento Shopping Cart
https://magento.com/security/patches/latest-magento-security-update-helps-protect-recently-reported-rce-vulnerability
https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
ZoneAlarm vBulletin Forum Breached
https://thehackernews.com/2019/11/zonealarm-forum-data-breach.html
CSS Injection in Slack to Log Keystrokes
https://fletchto99.dev/2019/november/slack-vulnerability/
Nov 12, 2019
ISC StormCast for Monday, November 11th 2019
6:46
Nov 11, 2019
ISC StormCast for Monday, November 11th 2019
6:46
Microsoft Applications Diverted from Their Main Use
https://isc.sans.edu/forums/diary/Microsoft+Apps+Diverted+from+Their+Main+Use/25502/
Did Bluekeep Malware Afect Patching
https://isc.sans.edu/forums/diary/Did+the+recent+malicious+BlueKeep+campaign+have+any+positive+impact+when+it+comes+to+patching/25506/
Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2019/11/7/pwn2own-tokyo-2019-day-two-final-results
State of Javascript Framework Security
https://snyk.io/wp-content/uploads/snyk-javascript_report_2019.pdf
DShield/ISC Honeypot Update
https://isc.sans.edu/honeypot.html
Nov 11, 2019
ISC StormCast for Friday, November 8th 2019
6:33
Nov 08, 2019
ISC StormCast for Friday, November 8th 2019
6:33
Adobe Mobile SDK Update Fixes TLS Defaults
https://wwws.nightwatchcybersecurity.com/2019/11/06/insecure-defaults-in-adobes-mobile-sdks/
QNAP Updates QSnatch Advisory
https://www.qnap.com/en/security-advisory/nas-201911-01
Double Loaded ZIP Files Delivery Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/
Ring Video Doorbell Leaks Wifi Password
https://labs.bitdefender.com/2019/11/ring-video-doorbell-pro-under-the-scope/
Nov 08, 2019
ISC StormCast for Thursday, November 7th 2019
5:19
Nov 07, 2019
ISC StormCast for Thursday, November 7th 2019
5:19
Google Improving PlayStore Security With Partners
https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html
Xen Security Advisories
https://xenbits.xen.org/xsa/
npcap pool corruption vulnerability
https://github.com/nmap/nmap/issues/1568
TrendMicro Employee Selling Customer Data to Tech Support Scammers
https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/
SANS Security Awareness Newsletter
https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1
Nov 07, 2019
ISC StormCast for Wednesday, November 6th 2019
6:22
Nov 06, 2019
ISC StormCast for Wednesday, November 6th 2019
6:22
Formbook Malspam
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/
Honeypot Update
https://github.com/DShield-ISC/dshield
Office on Mac XLM Macros
https://kb.cert.org/vuls/id/125336/
Firefox Browser Lock Bug Exploited
https://bugzilla.mozilla.org/show_bug.cgi?id=1593795
libarchive use after free vulnerability
https://medium.com/@social_62682/new-libarchive-use-after-free-vulnerability-36c4b141fe89
Nov 06, 2019
ISC StormCast for Tuesday, November 5th 2019
6:18
Nov 05, 2019
ISC StormCast for Tuesday, November 5th 2019
6:18
Clam AV Vulnerability
https://twitter.com/hackerfantastic/status/1190685521153937408
https://pastebin.com/cfP7X89m
XCode Vulnerability
https://support.apple.com/en-is/HT210729
MikroTik DNS Cache Poisoning
https://blog.mikrotik.com/security/dns-cache-poisoning-vulnerability.html
Nov 05, 2019
ISC StormCast for Monday, November 4th 2019
5:59
Nov 04, 2019
ISC StormCast for Monday, November 4th 2019
5:59
Critical Google Chrome Update Fixes Exploited Vulnerability
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
rConfig Vulnerabilities
https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
Nov 04, 2019
ISC StormCast for Friday, November 1st 2019
5:52
Nov 01, 2019
ISC StormCast for Friday, November 1st 2019
5:52
Phishing Made Easy With EML Files and Outlook 365
https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/
Microsoft TLS Security Enhancements Lead to Timeouts
https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or

MESSAGETAP: Who's Reading Your Text Messages
https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html
Amazon Authentication Failure for 3rd Party Devices
https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/
Nov 01, 2019
ISC StormCast for Thursday, October 31st 2019
6:34
Oct 31, 2019
ISC StormCast for Thursday, October 31st 2019
6:34
Apple Security Updates Details Released
https://support.apple.com/en-us/HT201222
Untitled Goose Deserialization
https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization
Insecure Pagers Leak Medical Data
https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/
Kibana Vulnerablity
https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
Oct 31, 2019
ISC StormCast for Wednesday, October 30th 2019
5:36
Oct 30, 2019
ISC StormCast for Wednesday, October 30th 2019
5:36
xHelper Android Malware
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
Counterstrike Game Keys Used for Money Laundry
https://blog.counter-strike.net/index.php/2019/10/26113/
Greating PCAP Files From YAML
https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/
Oct 30, 2019
ISC StormCast for Tuesday, October 29th 2019
4:49
Oct 29, 2019
ISC StormCast for Tuesday, October 29th 2019
4:49
PHP 7 Remote Code Execution Vulnerability Exploited
https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/
https://github.com/neex/phuip-fpizdam
Finding Shellcode with scdbg
https://isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/
Apple iOS / tvOS / Safari Updates
https://support.apple.com/en-us/HT201222
Sextortion Attempts Are Targeting Blogs
https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/
Oct 29, 2019
ISC StormCast for Monday, October 28th 2019
5:49
Oct 28, 2019
ISC StormCast for Monday, October 28th 2019
5:49
Odd Double Base64 Endoded "BS_REAL_IP" Header
https://isc.sans.edu/forums/diary/Unusual+Activity+with+Double+Base64+Encoding/25458/
DNS Archeology With PowerShell
https://isc.sans.edu/forums/diary/More+on+DNS+Archeology+with+PowerShell/25452/
iOS Appstore Malware
https://www.wandera.com/mobile-security/ios-trojan-malware/
British Law Enforcement Misses Malware Reports Due to Anti-Malware
https://www.theregister.co.uk/2019/10/24/hmicfrs_report_cyber_crime/
Oct 28, 2019
ISC StormCast for Friday, October 25th 2019
6:55
Oct 25, 2019
ISC StormCast for Friday, October 25th 2019
6:55
XML External Entity Vuln in LSP4XML Affects Various Developer Tools
https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true
Google Chrome Will Make "SameSite" Default
https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Leftover Gigamon Configurations
https://isc.sans.edu/forums/diary/Your+Supply+Chain+Doesnt+End+At+Receiving+How+Do+You+Decommission+Network+Equipment/25448/
Oct 25, 2019
ISC StormCast for Thursday, October 24th 2019
5:03
Oct 24, 2019
ISC StormCast for Thursday, October 24th 2019
5:03
FTC Issues SIM Swapping Guidance
https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself
Discord Used as Info Stealer Backdoor
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/
Cisco Exploit Code
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
Tails 4.0 Released
https://tails.boum.org/news/version_4.0/index.en.html
Oct 24, 2019
ISC StormCast for Wednesday, October 23rd 2019
7:09
Oct 23, 2019
ISC StormCast for Wednesday, October 23rd 2019
7:09
Testing TLS 1.3 And Supported Ciphers
https://isc.sans.edu/forums/diary/Testing+TLSv13+and+supported+ciphers/25442/
Google Chrome 78 Released
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Firefox 70 Released
https://www.mozilla.org/en-US/firefox/70.0/releasenotes/
Cache Poisoning DoS
https://cpdos.org/
Oct 23, 2019
ISC StormCast for Tuesday, October 22nd 2019
5:41
Oct 22, 2019
ISC StormCast for Tuesday, October 22nd 2019
5:41
DNS over TLS Scans
https://isc.sans.edu/forums/diary/Whats+up+with+TCP+853+DNS+over+TLS/25438/
NordVPN and Others Compromised
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
https://twitter.com/hexdefined/status/1186106695073726466
Trend Micro Bypass
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-(ATTK)-REMOTE-CODE-EXECUTION.txt
Realtek Linux Wifi Driver Buffer Overflow
https://twitter.com/nicowaisman/status/1184864519316758535
Oct 22, 2019
ISC StormCast for Monday, October 21st 2019
6:52
Attacks Against NVMS-9000 DVR Web Vulnerability
https://isc.sans.edu/forums/diary/Scanning+Activity+for+NVMS9000+Digital+Video+Recorder/25434/
Pixel 4 Face Unlock Works with Eyes Shut
https://www.bbc.com/news/technology-50085630
Samsung Galaxy S10 Fingerprint Unlock Bug
https://www.bbc.com/news/technology-50080586
Alexa/Google Home Phishing
https://srlabs.de/bites/smart-spies/
Oct 21, 2019
ISC StormCast for Monday, October 21st 2019
6:52
Attacks Against NVMS-9000 DVR Web Vulnerability
https://isc.sans.edu/forums/diary/Scanning+Activity+for+NVMS9000+Digital+Video+Recorder/25434/
Pixel 4 Face Unlock Works with Eyes Shut
https://www.bbc.com/news/technology-50085630
Samsung Galaxy S10 Fingerprint Unlock Bug
https://www.bbc.com/news/technology-50080586
Alexa/Google Home Phishing
https://srlabs.de/bites/smart-spies/
Oct 21, 2019
ISC StormCast for Friday, October 18th 2019
16:41
Phishing E-Mail Spoofing SPF Protected Domain
https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/
Purchased Domain Arrives with Paypal Accounts Linked to it
https://www.theregister.co.uk/2019/10/17/paypal_account_domain/
Typosquatting Attacks Affect 2020 Presidential Election
https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/
STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response
https://www.sans.org/reading-room/whitepapers/detection/paper/39165
Oct 18, 2019
ISC StormCast for Friday, October 18th 2019
16:41
Phishing E-Mail Spoofing SPF Protected Domain
https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/
Purchased Domain Arrives with Paypal Accounts Linked to it
https://www.theregister.co.uk/2019/10/17/paypal_account_domain/
Typosquatting Attacks Affect 2020 Presidential Election
https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/
STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response
https://www.sans.org/reading-room/whitepapers/detection/paper/39165
Oct 18, 2019
ISC StormCast for Thursday, October 17th 2019
5:31
Oct 17, 2019
ISC StormCast for Thursday, October 17th 2019
5:31
Oracle CPU
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Jackson-Databind Vulnerablity
https://github.com/FasterXML/jackson-databind/issues/2387
VMWare Cloud Foundation and VMware Harbor Container Registry Patch
https://www.vmware.com/security/advisories/VMSA-2019-0016.html
Wordpress Update
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
Cryptominers Hiding in WAV Files
https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html
Oct 17, 2019
ISC StormCast for Wednesday, October 16th 2019
5:29
Oct 16, 2019
ISC StormCast for Wednesday, October 16th 2019
5:29
Adobe Updates
https://helpx.adobe.com/security.html
Symantec BSOD
https://support.symantec.com/us/en/article.TECH256643.html
OSX/Shlayer Bypasses Gatekeeper/XProtect
https://blog.confiant.com/osx-shlayer-new-shurprise-unveiling-osx-tarmac-f965a32de887
Fake iOS Jailbreak Leads to Clickfraud
https://blog.talosintelligence.com/2019/10/checkrain-click-fraud.html
Oct 16, 2019
ISC StormCast for Tuesday, October 15th 2019
6:03
Oct 15, 2019
ISC StormCast for Tuesday, October 15th 2019
6:03
sudo vulnerability
https://www.sudo.ws/alerts/minus_1_uid.html
Apple Safebrowsing Controversy
https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/
Streaming Service Tracking Behaviour
https://www.princeton.edu/~pmittal/publications/tv-tracking-ccs19.pdf
Oct 15, 2019
ISC StormCast for Monday, October 14th 2019
3:37
Oct 14, 2019
ISC StormCast for Monday, October 14th 2019
3:37
YARA Update
https://isc.sans.edu/forums/diary/YARA+v3110+released/25408/
Hacking Back Against Ransomware
https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/
Fake Crypto Trading Software
https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/
Oct 14, 2019
ISC StormCast for Friday, October 11th 2019
6:14
Oct 11, 2019
ISC StormCast for Friday, October 11th 2019
6:14
Mining Live Networks for OUI Data Oddness
https://isc.sans.edu/forums/diary/Mining+Live+Networks+for+OUI+Data+Oddness/25404/
iTerm2 Vulnerability
https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4
Apple Updater Exploited in Bitpaymer Campaign
https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign
Oct 11, 2019
ISC StormCast for Thursday, October 10th 2019
5:35
Oct 10, 2019
ISC StormCast for Thursday, October 10th 2019
5:35
What Data Does Vidar Malware Steal
https://isc.sans.edu/forums/diary/What+data+does+Vidar+malware+steal+from+an+infected+host/25398/
NTLM MIC Bypass
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
Threats on Google Play
https://news.drweb.com/show/review/?i=13446#google
Oct 10, 2019
ISC StormCast for Wednesday, October 9th 2019
5:22
Oct 09, 2019
ISC StormCast for Wednesday, October 9th 2019
5:22
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/
Android Update
https://source.android.com/security/bulletin/2019-10-01
vBulletin Update
https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2
Oct 09, 2019
ISC StormCast for Tuesday, October 8th 2019
6:00
Cloudflare Warp + NordVPN on iOS Leads to Traffic in the Clear
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
WhatsApp Bug
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
MacOS Catalina and Safari Update Released
https://www.macrumors.com/2019/10/07/apple-releases-macos-catalina/
https://support.apple.com/en-us/HT201222 (nothing new yet)
Magecart Still Going Strong
https://www.theregister.co.uk/2019/10/04/magecart/
(original RiskIQ report requires Registration)
Oct 08, 2019
ISC StormCast for Tuesday, October 8th 2019
6:00
Cloudflare Warp + NordVPN on iOS Leads to Traffic in the Clear
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
WhatsApp Bug
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
MacOS Catalina and Safari Update Released
https://www.macrumors.com/2019/10/07/apple-releases-macos-catalina/
https://support.apple.com/en-us/HT201222 (nothing new yet)
Magecart Still Going Strong
https://www.theregister.co.uk/2019/10/04/magecart/
(original RiskIQ report requires Registration)
Oct 08, 2019
ISC StormCast for Monday, October 7th 2019
5:18
Oct 07, 2019
ISC StormCast for Monday, October 7th 2019
5:18
visNetwork for Network Data
https://isc.sans.edu/forums/diary/visNetwork+for+Network+Data/25390/
Android Priv. Escalation Vulnerability Exploited in the Wild
https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
Signal Evesdropping Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
Oct 07, 2019
ISC StormCast for Friday, October 4th 2019
15:10
Oct 04, 2019
ISC StormCast for Friday, October 4th 2019
15:10
Last Files Ransomware is Back With New Ruse
https://isc.sans.edu/forums/diary/LostFiles+Ransomware/25382/
tcpdump vulnerabilities
https://www.tcpdump.org/tcpdump-changes.txt
TLS Manipulating Malware
https://securelist.com/compfun-successor-reductor/93633/
Luasz Cyra: Pass the Hash in Windows 10
https://www.sans.org/reading-room/whitepapers/testing/paper/39170
Oct 04, 2019
ISC StormCast for Thursday, October 3rd 2019
5:18
Oct 03, 2019
ISC StormCast for Thursday, October 3rd 2019
5:18
Latest Emotet News
https://isc.sans.edu/forums/diary/A+recent+example+of+Emotet+malspam/25378/
SANS Ouch! Newsletter
https://www.sans.org/security-awareness-training/resources/four-simple-steps-staying-secure
XPdf and Foxit Updates
https://www.foxitsoftware.com/support/security-bulletins.php
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885
eFax Malspam
https://www.heise.de/security/meldung/Achtung-Angebliches-eFax-birgt-Trojaner-4544386.html
Office 365 Idle Timeout
https://docs.microsoft.com/en-us/sharepoint/sign-out-inactive-users
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=55183
Oct 03, 2019
ISC StormCast for Wednesday, October 2nd 2019
6:04
Oct 02, 2019
ISC StormCast for Wednesday, October 2nd 2019
6:04
PDF Encryption Flaw
https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html
Windows 7 Security Updates Beyond 2020
https://www.microsoft.com/en-us/microsoft-365/blog/2019/10/01/windows-small-midsize-businesses-stay-secure-current/
ODT Documents Used to Distribute Malware
https://blog.talosintelligence.com/2019/09/odt-malware-twist.html
Oct 02, 2019
ISC StormCast for Tuesday, October 1st 2019
4:51
Oct 01, 2019
ISC StormCast for Tuesday, October 1st 2019
4:51
Maldoc, PowerShell and BITS
https://isc.sans.edu/forums/diary/Maldoc+PowerShell+BITS/25372/
Yet Another Critical Exim Flaw
https://nvd.nist.gov/vuln/detail/CVE-2019-16928
CISCO Introduces Semianual Patch Day
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72547
Windows 2019 to make it easier to disable legacy TLS Versions
https://www.microsoft.com/security/blog/2019/09/30/tls-version-enforcement-capabilities-now-available-certificate-binding-windows-server-2019
Oct 01, 2019
ISC StormCast for Monday, September 30th 2019
5:52
Sep 30, 2019
ISC StormCast for Monday, September 30th 2019
5:52
Polycom Scans
https://isc.sans.edu/forums/diary/New+Scans+for+Polycom+Autoconfiguration+Files/25366/
Apple Security Details
https://support.apple.com/en-us/HT201222
iOS Jailbreak
https://github.com/axi0mX/ipwndfu
Sep 30, 2019
ISC StormCast for Friday, September 27th 2019
5:39
Sep 27, 2019
ISC StormCast for Friday, September 27th 2019
5:39
vBulletin Botnet
https://twitter.com/bad_packets/status/1177256656322695168
Cisco Industrial Router Security Bulletin
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth
Sniffle Bluetooth Sniffer
https://github.com/nccgroup/sniffle
Outlook on the web blocking more extensions
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Changes-to-File-Types-Blocked-in-Outlook-on-the-web/ba-p/874451
Sep 27, 2019
ISC StormCast for Thursday, September 26th 2019
4:35
Sep 26, 2019
ISC StormCast for Thursday, September 26th 2019
4:35
Malspam Pushing Quasar RAT
https://isc.sans.edu/forums/diary/Malspam+pushing+Quasar+RAT/25354/
vBulletin 0-Day Exploit Update
https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/
Fake Veteran Employment Site
https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html
Sep 26, 2019
ISC StormCast for Wednesday, September 25th 2019
5:23
Remotewebaccess.com Domain in Certificate Transparency Logs
https://isc.sans.edu/forums/diary/Huge+Amount+of+remotewebaccesscom+Sites+Found+in+Certificate+Transparency+Logs/25352/
Adobe Releases Emergency ColdFusion Patch
https://blogs.adobe.com/psirt/?p=1789
Apple Releases Additional Updates for iOS/iPadOS
https://support.apple.com/en-us/HT201222
vBulletin Vulnerability 0-Day Exploit Released
https://seclists.org/fulldisclosure/2019/Sep/31
Sep 25, 2019
ISC StormCast for Wednesday, September 25th 2019
5:23
Remotewebaccess.com Domain in Certificate Transparency Logs
https://isc.sans.edu/forums/diary/Huge+Amount+of+remotewebaccesscom+Sites+Found+in+Certificate+Transparency+Logs/25352/
Adobe Releases Emergency ColdFusion Patch
https://blogs.adobe.com/psirt/?p=1789
Apple Releases Additional Updates for iOS/iPadOS
https://support.apple.com/en-us/HT201222
vBulletin Vulnerability 0-Day Exploit Released
https://seclists.org/fulldisclosure/2019/Sep/31
Sep 25, 2019
ISC StormCast for Tuesday, September 24th 2019
5:30
Sep 24, 2019
ISC StormCast for Tuesday, September 24th 2019
5:30
Microsoft Releases Special Patch for Exploited Vulnerability in Internet Explorer
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367
Cloudflare Adding "Bot Fight" option
https://blog.cloudflare.com/cleaning-up-bad-bots/
iOS Bluetooth Access Feature
https://www.theverge.com/2019/9/19/20867286/ios-13-bluetooth-permission-privacy-feature-apps
Forcepoint VPN Update
https://support.forcepoint.com/KBArticle?id=000017525
Sep 24, 2019
ISC StormCast for Monday, September 23rd 2019
5:29
Sep 23, 2019
ISC StormCast for Monday, September 23rd 2019
5:29
Popular Android Selfie Apps Act as Adware
https://www.wandera.com/mobile-security/google-play-adware/
Wireshark Update
https://www.wireshark.org/docs/relnotes/wireshark-3.0.5.html
Harbor Privilege Escalation
https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
Sep 23, 2019
ISC StormCast for Friday, September 20th 2019
5:08
Sep 20, 2019
ISC StormCast for Friday, September 20th 2019
5:08
Agent Tesla
https://isc.sans.edu/forums/diary/Agent+Tesla+Trojan+Abusing+Corporate+Email+Accounts/25336/
Apple Updates
https://support.apple.com/en-us/HT201222
https://developer.apple.com/documentation/safari_release_notes/safari_13_release_notes
SAMBA 4.11 Released
https://www.samba.org/samba/history/samba-4.11.0.html
GitHub Security Updates
https://github.blog/2019-09-18-securing-software-together/
Sep 20, 2019
ISC StormCast for Thursday, September 19th 2019
6:16
Sep 19, 2019
ISC StormCast for Thursday, September 19th 2019
6:16
Analyzing a Current Emotet Sample
https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
Windows Defender "Scan Now" Failed Bug Fix
https://www.bleepingcomputer.com/news/microsoft/windows-defender-antivirus-scans-broken-after-new-update/
https://borncity.com/win/2019/09/18/defender-antimalware-version-4-18-1908-7-released/
QEMU Vulnerablity
https://www.openwall.com/lists/oss-security/2019/09/17/1
VMWare Vulnerabilty
https://blogs.vmware.com/security/2019/09/amd-display-driver-security-updates-address-cve-2019-5685.html
New CWE Top 25 Released
https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
Sep 19, 2019
ISC StormCast for Wednesday, September 18th 2019
5:52
Sep 18, 2019
ISC StormCast for Wednesday, September 18th 2019
5:52
Investigating Gaps in Windows Event Logs
https://isc.sans.edu/forums/diary/Investigating+Gaps+in+your+Windows+Event+Logs/25328/
SOHOpelesly Broken 2
https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/
HP Printer Privacy
https://robertheaton.com/2019/09/15/hp-printers-send-data-on-what-you-print-back-to-hp/
Sep 18, 2019
ISC StormCast for Tuesday, September 17th 2019
6:36
Sep 17, 2019
ISC StormCast for Tuesday, September 17th 2019
6:36
Encrypted Sextortion
https://isc.sans.edu/forums/diary/Encrypted+Sextortion+PDFs/25324/
SimJacker
https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile
LastPass Password Leak
https://bugs.chromium.org/p/project-zero/issues/detail?id=1930
Microsoft Extends EoL For Exchange Server 2010
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Microsoft-Extending-End-of-Support-for-Exchange-Server-2010-to/ba-p/753591
Sep 17, 2019
ISC StormCast for Monday, September 16th 2019
6:10
Sep 16, 2019
ISC StormCast for Monday, September 16th 2019
6:10
Rig Exploit Kit Delivering VBScript
https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+Delivering+VBScript/25318/
Pentesters Arrested During Physical Access Pentest
https://arstechnica.com/information-technology/2019/09/check-the-scope-pen-testers-nabbed-jailed-in-iowa-courthouse-break-in-attempt/
iOS Lock Screen Unlock Vulnerability
https://www.theregister.co.uk/2019/09/12/apples_ios_lock_workaround/
Sep 16, 2019
ISC StormCast for Friday, September 13th 2019
5:27
Sep 13, 2019
ISC StormCast for Friday, September 13th 2019
5:27
How to Block DNS over HTTPs in Firefox via BIND
https://isc.sans.edu/forums/diary/Blocking+Firefox+DoH+with+Bind/25316/
European Payment Services Directive Confusion Abused by Scams
https://en.wikipedia.org/wiki/Payment_Services_Directive#Revised_Directive_on_Payment_Services_(PSD2)
https://www.infosecurity-magazine.com/news/phishers-use-sca-checks-trick/
Comba / DLink Router Vulnerabilities
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-vulnerabilities-in-comba-and-d-link-routers/
Sep 13, 2019
ISC StormCast for Thursday, September 12th 2019
5:04
Sep 12, 2019
ISC StormCast for Thursday, September 12th 2019
5:04
Chrome to Introduce DNS over HTTPs in October (Chrome 78).
https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html
Disabling DNS over HTTPs in Firefox
https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
Virtual Disk Files May Bypass AV Software
https://insights.sei.cmu.edu/cert/2019/09/the-dangers-of-vhd-and-vhdx-files.html
Google Chrome 77
https://chromium.googlesource.com/chromium/src/+log/77.0.3865.75?pretty=fuller&n=10000
Sep 12, 2019
ISC StormCast for Wednesday, September 11th 2019
5:29
Sep 11, 2019
ISC StormCast for Wednesday, September 11th 2019
5:29
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+September+2019+Patch+Tuesday/25310/
Adobe Patches
https://helpx.adobe.com/security.html
Intel SSH Side Channel Vulnerability
https://www.vusec.net/projects/netcat/
https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
Sep 11, 2019
ISC StormCast for Tuesday, September 10th 2019
6:26
Sep 10, 2019
ISC StormCast for Tuesday, September 10th 2019
6:26
Firefox to Enable DNS over HTTPs by Default in September
https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/
Telegram Fixes Privacy Bug
https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html
PsiXBot Uses DoH
https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module
Sep 10, 2019
ISC StormCast for Monday, September 9th 2019
4:49
Sep 09, 2019
ISC StormCast for Monday, September 9th 2019
4:49
Unidentified Scanning Activity Likely Associated with Mirai/Successors
https://isc.sans.edu/forums/diary/Unidentified+Scanning+Activity/25304/
Bluekeep Exploit Now in Metasploit
https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/
How to Remove GMail Calendar Spam
https://support.google.com/calendar/answer/6084018?co=GENIE.Platform%3DDesktop&hl=en
Exim SNI TLS Vulnerability
https://exim.org/static/doc/security/CVE-2019-15846.txt
Sep 09, 2019
ISC StormCast for Friday, September 6th 2019
6:51
Sep 06, 2019
ISC StormCast for Friday, September 6th 2019
6:51
Private IP Addresses in Virustotal Samples
https://isc.sans.edu/forums/diary/Private+IP+Addresses+in+Malware+Samples/25298/
ReCaptcha Broken Again
https://regmedia.co.uk/2019/08/29/recaptchapaper.pdf
Samba Security Patch
https://www.samba.org/samba/security/CVE-2019-10197.html
Exim Vulnerability
https://seclists.org/oss-sec/2019/q3/192
Android Security Updates
https://source.android.com/security/bulletin/2019-09-01.html
Twitter Suspends SMS Posting
https://twitter.com/TwitterSupport
Scams Via Social Media
https://www.sans.org/security-awareness-training/resources/scamming-you-through-social-media
Sep 06, 2019
ISC StormCast for Thursday, September 5th 2019
5:49
Sep 05, 2019
ISC StormCast for Thursday, September 5th 2019
5:49
Encrypted Resume Malicious Word Documents
https://isc.sans.edu/forums/diary/Malspam+using+passwordprotected+Word+docs+to+push+Remcos+RAT/25292/
Android SMS Phishing Attacks
https://research.checkpoint.com/advanced-sms-phishing-attacks-against-modern-android-based-smartphones/
Cisco Releases Guides to Investigate Compromised Devices
https://tools.cisco.com/security/center/tacticalresources.x
https://tools.cisco.com/security/center/resources/asa_forensic_investigation
https://tools.cisco.com/security/center/resources/ftd_forensic_investigation
https://tools.cisco.com/security/center/resources/ios_forensic_investigation
https://tools.cisco.com/security/center/resources/iosxe_forensic_guide
Attackers Simulate CEOs Voice To Trigger Money Transfer
https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402
https://www.scmagazineuk.com/ai-mimics-ceo-voice-scam-uk-energy-firm-200k/article/1595277
Sep 05, 2019
ISC StormCast for Wednesday, September 4th 2019
5:59
Sep 04, 2019
ISC StormCast for Wednesday, September 4th 2019
5:59
Tricky Link Retrieves Trick Bot
https://isc.sans.edu/forums/diary/Guest+Diary+Tricky+LNK+points+to+TrickBot/25290/
Supermicro Virtual USB Vulnerability
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
Facebook Free Basics Key Used to Sign Unrelated Android Apps
https://www.androidpolice.com/2019/08/29/cryptographic-key-used-to-sign-one-of-facebooks-android-apps-compromised/
Sep 04, 2019
ISC StormCast for Tuesday, September 3rd 2019
4:42
Sep 03, 2019
ISC StormCast for Tuesday, September 3rd 2019
4:42
Malware Installs Node.js
https://isc.sans.edu/forums/diary/Malware+Dropping+a+Local+Nodejs+Instance/25284/
Dovecot and PigeonHole Vulnerability
https://www.openwall.com/lists/oss-security/2019/08/28/3
Cloudflare Workers Spreading Malware
https://medium.com/@marcelx/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
Sep 03, 2019
ISC StormCast for Monday, September 2nd 2019
5:18
Sep 02, 2019
ISC StormCast for Monday, September 2nd 2019
5:18
iOS Exploits in the Wild
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Twitter CEO's Twitter Account Hijacked
https://twitter.com/TwitterComms/status/1167528672523210752
Sep 02, 2019
ISC StormCast for Friday, August 30th 2019
6:24
Aug 30, 2019
ISC StormCast for Friday, August 30th 2019
6:24
Malware Samples Compiling Their Next Stage On PremiseMalware Compiling Itself;
https://isc.sans.edu/forums/diary/Malware+Samples+Compiling+Their+Next+Stage+on+Premise/25278/
CERT-Bund Attempts to Notify Users of Vulnerable Home Automation Systems
https://www.heise.de/security/meldung/CERT-Bund-warnt-vor-offenen-Smarthome-Systemen-4509977.html
French Authorities Shut Down Coinminer Botnet
https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/
Aug 30, 2019
ISC StormCast for Thursday, August 29th 2019
5:55
Aug 29, 2019
ISC StormCast for Thursday, August 29th 2019
5:55
Open Redirects: A Small But Very Common Vulnerability
https://isc.sans.edu/forums/diary/Guest+Diary+Open+Redirect+A+Small+But+Very+Common+Vulnerability/25276/
CamScanner Malicious Download Component
https://securelist.com/dropper-in-google-play/92496/
Ares ADB Botnet
https://www.wootcloud.com/blogs/ars_botnet.html
Cisco REST API Container for IOS XE Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
Aug 29, 2019
ISC StormCast for Wednesday, August 28th 2019
6:40
Aug 28, 2019
ISC StormCast for Wednesday, August 28th 2019
6:40
Is it "Safe" To Require TLS 1.2 for Email
https://isc.sans.edu/forums/diary/Is+it+Safe+to+Require+TLS+12+for+EMail/25270/
Android Trojan Infects Tens of Thousands of Devices in 4 Months
https://www.bleepingcomputer.com/news/security/android-trojan-infects-tens-of-thousands-of-devices-in-4-months/
LYCEUM Threat Group Targeting Middle East
https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign
Aug 28, 2019
ISC StormCast for Tuesday, August 27th 2019
4:55
Aug 27, 2019
ISC StormCast for Tuesday, August 27th 2019
4:55
Apple Patches Jailbreak Vulnerability
https://support.apple.com/en-us/HT210549
Scanning for Pulse Secure VPN Endpoints
https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
Emotet is Back
https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/
Aug 27, 2019
ISC StormCast for Monday, August 26th 2019
5:22
Aug 26, 2019
ISC StormCast for Monday, August 26th 2019
5:22
Simple Mimikatz And RDPWrapper Dropper
https://isc.sans.edu/forums/diary/Simple+Mimikatz+RDPWrapper+Dropper/25262/
Malware Impersonating IRS
https://www.irs.gov/newsroom/security-summit-warns-of-new-irs-impersonation-email-scam-reminds-taxpayers-the-irs-does-not-send-unsolicited-emails
Instagram Phishing with 2FA Codes
https://nakedsecurity.sophos.com/2019/08/23/instagram-phishing-uses-2fa-as-a-lure/
GitHub Adding WebAuthn Support
https://www.theregister.co.uk/2019/08/23/github_upgrades_its_twofactor_authentication_with_webauthn_support/
Lenovo Solution Center Privilege Escalation
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/
Aug 26, 2019
ISC StormCast for Friday, August 23rd 2019
5:49
Aug 23, 2019
ISC StormCast for Friday, August 23rd 2019
5:49
Steam Zero Days and Bug Bounty Controversy
https://www.theregister.co.uk/2019/08/22/valve_bug_bounty_steam_u_turn/
bb-builder malicious npm Package
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords
Phishers Customize Branded Outlook 365 Login Pages
https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/
Aug 23, 2019
ISC StormCast for Thursday, August 22nd 2019
5:38
Aug 22, 2019
ISC StormCast for Thursday, August 22nd 2019
5:38
KAPE vs. Commando VM: Red vs. Blue
https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/
Attacks against Exposed Sphinx Servers
https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-Sphinx-Server/open-Sphinx-server_node.html
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities
Newly Registered Domains Most Dangerous
https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/
Aug 22, 2019
ISC StormCast for Wednesday, August 21st 2019
5:39
Guildma Malware is Now Using Facebook and YouTube as Update Channel
https://isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/
Supply Chain Issues: rest-client ruby gem backdoored
https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
Aug 21, 2019
ISC StormCast for Wednesday, August 21st 2019
5:39
Guildma Malware is Now Using Facebook and YouTube as Update Channel
https://isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/
Supply Chain Issues: rest-client ruby gem backdoored
https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
Aug 21, 2019
ISC StormCast for Tuesday, August 20th 2019
5:32
iOS 12.4 Jailbreak Released after Reindruced Vulnerability form 12.2
https://github.com/pwn20wndstuff/Undecimus/releases
SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection
https://support.symantec.com/us/en/article.tech255857.html
Attacking and Downgrading Bluetooth Key Negotiation
https://knobattack.com
Aug 20, 2019
ISC StormCast for Tuesday, August 20th 2019
5:32
iOS 12.4 Jailbreak Released after Reindruced Vulnerability form 12.2
https://github.com/pwn20wndstuff/Undecimus/releases
SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection
https://support.symantec.com/us/en/article.tech255857.html
Attacking and Downgrading Bluetooth Key Negotiation
https://knobattack.com
Aug 20, 2019
ISC StormCast for Monday, August 19th 2019
5:04
Aug 19, 2019
ISC StormCast for Monday, August 19th 2019