Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

OS X Memory Forensics https://isc.sans.edu/forums/diary/An+Introduction+to+Mac+memory+forensics/20989/ Facebook App Used to Delivery Facebook Phish http://news.netcraft.com/archives/2016/04/22/hook-like-and-sinker-facebook-serves-up-its-own-phish.html Android.Spy.277.origin Keeps Being Delivered By Google Play Store Apps http://blog.checkpoint.com/2016/04/22/in-the-wild-google-cant-close-the-door-on-android-malware/ Tool To Replay RDP Sessions From pcaps http://www.contextis.com/resources/blog/rdp-replay-code-release/ Juniper Update http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727&cat=SIRT_1&actp=LIST RouterSploit Router Exploit Framework https://github.com/reverse-shell/routersploit

Details From the Breach of the Central Bank of Bangladesh http://baesystemsai.blogspot.de/2016/04/two-bytes-to-951m.html Apple Image IO Denial of Service https://www.landaire.net/blog/apple-imageio-denial-of-service/ Text Messages Used to Phish Apple IDs http://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-id-password-expired-expiry-text-website-scam-phishing-a6991126.html Critical HP Data Protector Patch https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988 Armada Collection (or imposter) Making Fake DDoS Threats https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/

Angler EK Used to Spread CryptXXX https://isc.sans.edu/forums/diary/Angler+Exploit+Kit+Bedep+and+CryptXXX/20981/ Honeports Powershell Script https://isc.sans.edu/forums/diary/Honeyports+powershell+script/20979/ Online Credit Card Fraud Soars http://www.pymnts.com/fraud-prevention/2016/online-fraud-attack-rates-soar-since-october/ How to Trick Traffic Sensors https://securelist.com/blog/research/74454/how-to-trick-traffic-sensors/ Opera VPN Service Analysis https://gist.github.com/spaze/558b7c4cd81afa7c857381254ae7bd10 https://www.helpnetsecurity.com/2016/04/21/opera-browser-free-vpn/

Accellion Secure File Transfer Vulnerability and Facebook Exploitation http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/ Application Whitelisting Bypass With regsvr32 http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html New NetworkManager Version Released https://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?id=nm-1-2 Opera Includes Free VPN http://www.opera.com/blogs/desktop/2016/04/free-vpn-integrated-opera-for-windows-mac/

Decoding Pseudo Darkleech https://isc.sans.edu/forums/diary/Decoding+PseudoDarkleech+1/20969/ Tesla Crypt 4.1 https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-attack-chain RansomWhere Protects OS X Users from Ransware https://objective-see.com/products/ransomwhere.html Testing TLS Libraries With TLS Attackers https://github.com/RUB-NDS/TLS-Attacker

Oracle Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Flash Provides Top Targeted Vulnerabilties for 2015 https://www.solutionary.com/_assets/pdf/research/2015-gtir.pdf Google Publishes Data About Safe Browsing Effectiveness http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/44924.pdf Detecting curl pipes to bash https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/

Retefer Banking Malware Appearing Again https://isc.sans.edu/forums/diary/Retefe+is+back+in+town/20957/ Ransomware Switching Focus From Hospitals to Schools http://blog.talosintel.com/2016/04/jboss-backdoor.html git on OS X vulnerable https://rachelbythebay.com/w/2016/04/17/unprotected/

Implementing "bash_history" for cmd.exe https://isc.sans.edu/forums/diary/Windows+Command+Line+Persistence/20949/ Mixed encoding in Malicious Documents https://isc.sans.edu/forums/diary/VBS+VBE/20953/ Swedish Air Traffic Control Outage Result of Solar Flares http://www.lfv.se/en/news/news-2016/full-capacity-after-90-minutes-radar-loss Why you should not require password changes https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry Bypassing Microsoft Edge XSS Filter http://blog.portswigger.net/2016/04/edge-xss-filter-bypass.html

Doing HTTP Key Pinning Right https://isc.sans.edu/forums/diary/HTTP+Public+Key+Pinning+How+to+do+it+right/20943/ Apple Ceases Support for Quicktime on Windows https://support.apple.com/HT205771 http://zerodayinitiative.com/advisories/ZDI-16-241/ VMWare Releases Patch for VMWare Client Plugin http://www.vmware.com/security/advisories/VMSA-2016-0004.html Identify Ransomware https://id-ransomware.malwarehunterteam.com Another Fake Flash Update For OS X https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/ Chrome 50 Released http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html URL Shorteners Weaken Random URLs http://arxiv.org/pdf/1604.02734v1.pdf

PFSense DShield Client Updated for PFSense Version 2.3 https://isc.sans.edu/forums/diary/Updated+PFSense+Client/20937/ JigSaw Decryption Tool Released http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/ Android Bluetooth Pairing Vulnerability https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-bluetooth-pairing-bypass-2016-04-12.pdf Samsung Galaxy Phones Expose Modem via USB Port https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004

Badlock not as bad https://isc.sans.edu/forums/diary/BadLock+Vulnerability+CVE20162118/20933/ Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+April+2016+httpsiscsansedumspatchdayshtmlviewday20160412/20935

Petyz Ransomware Decrypted https://isc.sans.edu/forums/diary/Tool+Released+to+Decrypt+Petya+Ransomware+Infected+Disks/20929/ Malware Creator Bribes Anti-Virus Vendors http://blog.checkpoint.com/2016/04/08/qihoo-360-just-the-tip-of-the-whitelisted-malware-iceberg/ User Will Plug in USB Drives They Find In The Parking Lot https://www.elie.net/publication/users-really-do-plug-in-usb-drives-they-find Ruby Gems Replacement Vulnerability http://blog.rubygems.org/2016/04/06/gem-replacement-vulnerability-and-mitigation.html

Flash Releases Pre-Announced Emergency Patch https://helpx.adobe.com/security/products/flash-player/apsb16-10.html http://blog.trendmicro.com/trendlabs-security-intelligence/look-adobe-flash-player-cve-2016-1019-zero-day-vulnerability/ Wordpress Will Start Using SSL https://en.blog.wordpress.com/2016/04/08/https-everywhere-encryption-for-all-wordpress-com-sites/ iMessage Vulnerablitiy Allows Access To Chat History https://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/ Ubuntu on Windows 10: Not as Insecure as Some Think http://www.pcworld.com/article/3051604/windows/linuxs-deadliest-command-doesnt-faze-bash-on-windows-10.html Special Badlock Webcast https://www.sans.org/webcasts/badlock-102107

Google/Facebook CAPTCHA Broken Again https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf Updated FBI Damage Numbers For Business E-Mail Compromise https://www.fbi.gov/phoenix/press-releases/2016/fbi-warns-of-dramatic-increase-in-business-e-mail-scams PowerWare / PoshCoder Ransomware Decryption https://www.alienvault.com/open-threat-exchange/blog/powerware-or-poshcoder-comparison-and-decryption Leaking Information Via Browser XSS Filters http://www.mbsd.jp/blog/20160407.html

Cisco Security Advisory https://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityAdvisory OSVDB Closes Down https://blog.osvdb.org/2016/04/05/osvdb-fin/ Apple iOS Passcode Bypass Vulnerability http://seclists.org/fulldisclosure/2016/Apr/19 Securing the Human: Ouch Newsletter https://securingthehuman.sans.org/resources/newsletters/ouch/2016

New Microsoft Patches API https://isc.sans.edu/forums/diary/New+Features+for+Microsoft+Patch+Data/20911/ BadLock Webcast https://www.sans.org/webcasts/badlock-102107 Microsoft Single Signon Vulnerable to Token Hijacking https://whitton.xyz/articles/obtaining-tokens-outlook-office-azure-account/ Domino's Pizza Mobile App Payment Bypass http://www.ifc0nfig.com/dominos-pizza-and-payments/

Android Patch Monday https://source.android.com/security/bulletin/2016-04-02.html Jenkins Continous Integration Tool Leaks Anonymous Usage Data https://jenkins.io/blog/2016/03/30/usage-statistics-privacy-advisory/ BREACH Attack Revived/Improved audio: https://regmedia.co.uk/2016/04/04/podcast_beast_2_bhasia.mp3 slides: https://www.blackhat.com/docs/asia-16/materials/asia-16-Karakostas-Practical-New-Developments-In-The-BREACH-Attack.pdf

Tips for Stopping Ransomware https://isc.sans.edu/forums/diary/Tips+for+Stopping+Ransomware/20903/ Vulnerability in Lhasa decompression library http://blog.talosintel.com/2016/03/vulnerability-lhasa.html How to Decrypt Kimcilware Encrypted Files http://blog.fortinet.com/post/kimcilware-ransomware-how-to-decrypt-encrypted-files-and-who-is-behind-it Fileless Malware http://blog.airbuscybersecurity.com/post/2016/03/FILELESS-MALWARE- -A-BEHAVIOURAL-ANALYSIS-OF-KOVTER-PERSISTENCE

Trend Micro Leaves Remote Debugger in Password Manager https://bugs.chromium.org/p/project-zero/issues/detail?id=773&can=1&q=trend Several Palo Alto Vulnerabilities https://www.troopers.de/media/filer_public/a5/4d/a54da07e-3780-4f83-b4ac-8c620666a60a/paloalto_troopers.pdf Bypassing The iOS Gatekeeper https://www.checkpoint.com/resources/sidestepper-ios-vulnerability/iOS_Vulnerability_Report_160330_A.pdf