Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Windows Patch Tuesday https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10 Adobe Patch Tuesday https://helpx.adobe.com/security.html

Network Forensics With DShell https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/ Aruba Vulnerabilities (and Patches) http://seclists.org/fulldisclosure/2016/May/19 Allwinner Android Device Debug Backdoor http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/ ImageTragick Flaw Being Exploited https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/ Attacking JSON Web Tokens https://www.notsosecure.com/crafting-way-json-web-tokens/ ASUS UEFI Red Screen Of Death Workaround https://www.asus.com/support/FAQ/1016356/

A Quick Introduction To Linux Capabilities https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/ Review of TLS Proxy Security Issues http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf Ransomware Claims to Donate Proceeds To Charity https://heimdalsecurity.com/blog/security-alert-new-ransomware-donate-earnings-charity/

Large Number of Credentials Offered For Sale http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6 Alphalocker: Affordable Ransom Ware https://blog.cylance.com/an-introduction-to-alphalocker JAKU Botnet https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf Juniper Update http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734&cat=SIRT_1&actp=LIST

Malicious Ads Seens On CBS TV Stations https://blog.malwarebytes.org/threat-analysis/2016/05/cbs-affiliated-television-stations-expose-visitors-to-angler-exploit-kit/ ImageMagick Vulnerability https://isc.sans.edu/forums/diary/ImageTragick+Another+Vulnerability+Another+Nickname/21023/ Fake DDoS Threats Continue http://www.actionfraud.police.uk/news/online-extortion-demands-affecting-businesses-apr16/ Cisco Patches Tele Presence Equipment https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml Cracking PeopleSoft PS_TOKEN with oclHashcat http://blog.gosecure.ca/2016/05/04/oracle-peoplesoft-still-a-threat-for-enterprises/

OpenSSL Update Released https://isc.sans.edu/forums/diary/OpenSSL+Updates/21015/ Gerber Exploit Kit Installed By Neutrino EK https://isc.sans.edu/forums/diary/Neutrino+exploit+kit+sends+Cerber+ransomware/21017/ Image Magick Vulnerablity https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 http://www.openwall.com/lists/oss-security/2016/05/03/18 Microsoft Will No Longer Consider SHA-1 Certificates As Secure https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/

Fake Google Chrome Update Installs Malware on Android https://www.zscaler.com/blogs/research/android-infostealer-posing-fake-google-chrome-update Android May Security Bulletin https://source.android.com/security/bulletin/2016-05-01.html Google Chrome Update https://source.android.com/security/bulletin/2016-05-01.html Pwned List Got Pwned http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/

ATM Jackpotting: Analysis of ATM APIs https://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/ Reverse Engineering A ATM Machine Skimmer https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/ Bathroom Scale Vulnerability https://help.fitbit.com/articles/en_US/Help_article/How-do-I-update-my-Aria-scale/ Fake Mobile Payment Apps in Google Play Store https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps

Powershell and DNS/DHCP https://isc.sans.edu/forums/diary/DNS+and+DHCP+Recon+using+Powershell/20995/ New Version of PCI Standard Released https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf OpenSSL Patch Pre-Announced https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html NTP Patches http://blog.talosintel.com/2016/04/vulnerability-spotlight-further-ntpd_27.html#more

SAML Federated Identity Vulnerability in Office 365 http://www.economyofmechanism.com/office365-authbypass.html .AS Registry Vulnerable to Direct Object Reference https://isecguy.wordpress.com/2016/04/25/flaw-allowed-anyone-to-modify-take-control-over-any-as-domain/ Driveby Exploit Used to Deliver Android Ransomware https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware CryptXXX Decrypt Tool https://support.kaspersky.com/viruses/disinfection/8547?_ga=1.128163404.1397432418.1454514283#block3

OS X Memory Forensics https://isc.sans.edu/forums/diary/An+Introduction+to+Mac+memory+forensics/20989/ Facebook App Used to Delivery Facebook Phish http://news.netcraft.com/archives/2016/04/22/hook-like-and-sinker-facebook-serves-up-its-own-phish.html Android.Spy.277.origin Keeps Being Delivered By Google Play Store Apps http://blog.checkpoint.com/2016/04/22/in-the-wild-google-cant-close-the-door-on-android-malware/ Tool To Replay RDP Sessions From pcaps http://www.contextis.com/resources/blog/rdp-replay-code-release/ Juniper Update http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727&cat=SIRT_1&actp=LIST RouterSploit Router Exploit Framework https://github.com/reverse-shell/routersploit

Details From the Breach of the Central Bank of Bangladesh http://baesystemsai.blogspot.de/2016/04/two-bytes-to-951m.html Apple Image IO Denial of Service https://www.landaire.net/blog/apple-imageio-denial-of-service/ Text Messages Used to Phish Apple IDs http://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-id-password-expired-expiry-text-website-scam-phishing-a6991126.html Critical HP Data Protector Patch https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988 Armada Collection (or imposter) Making Fake DDoS Threats https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/

Angler EK Used to Spread CryptXXX https://isc.sans.edu/forums/diary/Angler+Exploit+Kit+Bedep+and+CryptXXX/20981/ Honeports Powershell Script https://isc.sans.edu/forums/diary/Honeyports+powershell+script/20979/ Online Credit Card Fraud Soars http://www.pymnts.com/fraud-prevention/2016/online-fraud-attack-rates-soar-since-october/ How to Trick Traffic Sensors https://securelist.com/blog/research/74454/how-to-trick-traffic-sensors/ Opera VPN Service Analysis https://gist.github.com/spaze/558b7c4cd81afa7c857381254ae7bd10 https://www.helpnetsecurity.com/2016/04/21/opera-browser-free-vpn/

Accellion Secure File Transfer Vulnerability and Facebook Exploitation http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/ Application Whitelisting Bypass With regsvr32 http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html New NetworkManager Version Released https://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?id=nm-1-2 Opera Includes Free VPN http://www.opera.com/blogs/desktop/2016/04/free-vpn-integrated-opera-for-windows-mac/

Decoding Pseudo Darkleech https://isc.sans.edu/forums/diary/Decoding+PseudoDarkleech+1/20969/ Tesla Crypt 4.1 https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-attack-chain RansomWhere Protects OS X Users from Ransware https://objective-see.com/products/ransomwhere.html Testing TLS Libraries With TLS Attackers https://github.com/RUB-NDS/TLS-Attacker

Oracle Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Flash Provides Top Targeted Vulnerabilties for 2015 https://www.solutionary.com/_assets/pdf/research/2015-gtir.pdf Google Publishes Data About Safe Browsing Effectiveness http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/44924.pdf Detecting curl pipes to bash https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/

Retefer Banking Malware Appearing Again https://isc.sans.edu/forums/diary/Retefe+is+back+in+town/20957/ Ransomware Switching Focus From Hospitals to Schools http://blog.talosintel.com/2016/04/jboss-backdoor.html git on OS X vulnerable https://rachelbythebay.com/w/2016/04/17/unprotected/

Implementing "bash_history" for cmd.exe https://isc.sans.edu/forums/diary/Windows+Command+Line+Persistence/20949/ Mixed encoding in Malicious Documents https://isc.sans.edu/forums/diary/VBS+VBE/20953/ Swedish Air Traffic Control Outage Result of Solar Flares http://www.lfv.se/en/news/news-2016/full-capacity-after-90-minutes-radar-loss Why you should not require password changes https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry Bypassing Microsoft Edge XSS Filter http://blog.portswigger.net/2016/04/edge-xss-filter-bypass.html

Doing HTTP Key Pinning Right https://isc.sans.edu/forums/diary/HTTP+Public+Key+Pinning+How+to+do+it+right/20943/ Apple Ceases Support for Quicktime on Windows https://support.apple.com/HT205771 http://zerodayinitiative.com/advisories/ZDI-16-241/ VMWare Releases Patch for VMWare Client Plugin http://www.vmware.com/security/advisories/VMSA-2016-0004.html Identify Ransomware https://id-ransomware.malwarehunterteam.com Another Fake Flash Update For OS X https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/ Chrome 50 Released http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html URL Shorteners Weaken Random URLs http://arxiv.org/pdf/1604.02734v1.pdf

PFSense DShield Client Updated for PFSense Version 2.3 https://isc.sans.edu/forums/diary/Updated+PFSense+Client/20937/ JigSaw Decryption Tool Released http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/ Android Bluetooth Pairing Vulnerability https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-bluetooth-pairing-bypass-2016-04-12.pdf Samsung Galaxy Phones Expose Modem via USB Port https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004