ISC StormCast for Tuesday, October 17th 2017
WPA2 “Krack” Attack https://krackattack.com https://securingthehuman.sans.org/blog/2017/10/16/28748/Adobe Flash Player Update https://helpx.adobe.com/security/products/flash-player/apsb17-32.htmlTwo (identical) uTorrent Binaries With Different Hashes https://isc.sans.edu/forums/diary/Its+in+the+signature/22928/…
ISC StormCast for Monday, October 16th 2017
Peeking Into an Outlook .msg File https://isc.sans.edu/forums/diary/Peeking+into+msg+files/22926/Abandoned Domains / Equifax/Transunion Lead to Fake Falsh Update https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/Microsoft Patch Causes Corrupted Systems https://support.microsoft.com/en-us/help/4049094DoubleLocker Android Ransomware https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/Chrome Extension Mines Crypto Currency https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/…
ISC StormCast for Friday, October 13th 2017
Version Control Tools Are Not Only For Developers https://isc.sans.edu/forums/diary/Version+control+tools+arent+only+for+Developers/22922/Coin Hive Javascript Crypto Currency Miner Found on Piratebay https://twitter.com/esterling_/status/918240914623090695 https://crypto-loot.comMacro-less Code Exec in MSWord Rediscovered https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/ https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/Hard Disks Can Be Used…
ISC StormCast for Thursday, October 12th 2017
Outlook Includes plain text version of e-mail with S/MIME Encryption https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.htmlRubyGems Remote Code Execution Vulnerability http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.htmlGoogle Home Mini Recorded Everything http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/Cameradar Finds Open RTSP Streams https://github.com/EtixLabs/cameradar…
ISC StormCast for Wednesday, October 11th 2017
Microsoft Monthly Updates https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/Spoofed iOS iCloud Login https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking…
Chet Chat 263 – October 6, 2017
This week’s Chet Chat comes to you from Madrid, Spain thanks to it being the host city for Virus Bulletin 2017. Chester interviews the Editor for VB, Martijn Grooten, about…
ISC StormCast for Tuesday, October 10th 2017
Base64 Encoded Word Documents https://isc.sans.edu/forums/diary/Base64+All+The+Things/22912/Skimmer Scanner Helps Find Credit Card Skimmers https://github.com/sparkfunX/Skimmer_ScannerTLS 1.3 Remains “On Hold” https://www.ietf.org/mail-archive/web/tls/current/msg24517.htmlFIDO U2F Key Review / Test https://www.imperialviolet.org/2017/10/08/securitykeytest.html…
ISC StormCast for Sunday, October 8th 2017
Payment Handler API https://w3c.github.io/payment-handler/ https://blog.lukaszolejnik.com/privacy-of-web-request-api/OpenSSH Version 7.6 Released http://www.openssh.com/txt/release-7.6Microsoft Delaying Some Patches for Earlier Windows Versions https://googleprojectzero.blogspot.sg/2017/10/using-binary-diffing-to-discover.htmlThe Dangers of Cables https://isc.sans.edu/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/…
ISC StormCast for Friday, October 6th 2017
Extract HTTP Requests from PCAPs and Turn Them Into cURL Commands https://isc.sans.edu/forums/diary/pcap2curl+Turning+a+pcap+file+into+a+set+of+cURL+commands+for+replay/22900/Apple Patches Embarrasing MacOS High Sierra Flaw https://www.appleworld.today/blog/2017/10/5/macos-high-sierra-flaw-exposes-passwords-of-encrypted-apfs-volumesAnother Tomcat PUT Vulnerability https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3EDallas Haselhorst: HL7 Healthcare Protocol https://www.sans.org/reading-room/whitepapers/hipaa/hl7-data-interfaces-medical-environments-understanding-fundamental-flaw-healthcare-38005 https://www.sans.org/reading-room/whitepapers/vpns/hl7-data-interfaces-medical-environments-attacking-defending-achilles-heel-healthcare-38010 https://www.tripwire.com/state-of-security/security-data-protection/hl7-data-interfaces-in-medical-environments/…
ISC StormCast for Thursday, October 5th 2017
Cyber Security Awareness Month: Ouch! Newsletter https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201710_en.pdfModified Rowhammer Attack Bypasses Current Defenses https://arxiv.org/pdf/1710.00551.pdfMetasploit Modules For VMWare Escape https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor…