SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

New Datafeeds https://isc.sans.edu/forums/diary/All+I+want+this+Tuesday+More+Data/26400/ Emotet Stealing Email Attachments https://twitter.com/CofenseLabs/status/1288167724594671618 Magento Update https://helpx.adobe.com/security/products/magento/apsb20-47.html Explosed Docker Servers Infected with More Malware https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/

In Memory of Donald Smith https://isc.sans.edu/forums/diary/In+Memory+of+Donald+Smith/26396/ Analyzing Metasploit ASP .Net Payloads https://isc.sans.edu/forums/diary/Analyzing+Metasploit+ASP+NET+Payloads/26392/ Emotet Payloads Replaces with GIFs https://twitter.com/GossiTheDog/status/1286271503005290497 QNAP Devices Attacked https://us-cert.cisa.gov/ncas/alerts/aa20-209a

Compromized Desktop Applications By Web Technologies https://isc.sans.edu/forums/diary/Compromized+Desktop+Applications+by+Web+Technologies/26384/ Cracking Maldoc VBA Project Passwords https://isc.sans.edu/forums/diary/Cracking+Maldoc+VBA+Project+Passwords/26390/ Cisco Patching Treck IP Stack Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC Ubiquity Devices Breack Due to Malformed Feed https://community.ui.com/questions/Threat-Management-rules-silently-disabled-for-users-as-of-July-17-2020/35221bd2-843d-41a3-a957-33f57d9a8468

Simple Blocklisting with MISP and pfSense https://isc.sans.edu/forums/diary/Simple+Blocklisting+with+MISP+pfSense/26380/ ISC Intel Feed (Beta. DO NOT USE AS BLOCKLIST) https://isc.sans.edu/api/intelfeed?json (also see isc.sans.edu/api ) ASUS RT-AC1900P Router Vulnerability https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440 DLink Leaks Firmware Encryption Key https://nstarke.github.io/0036-decrypting-dlink-proprietary-firmware-images.html Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86

A Few IoCs Releated to the F5 Vulnerablity CVE-2020-5092 https://isc.sans.edu/forums/diary/A+few+IoCs+related+to+CVE20205092/26378/ PDF Signature Weaknesses https://pdf-insecurity.org/ Sharepoint Vulnerabliity PoC CVE-2020-1147 https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html Twilio Compromise https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/

Comparing Covid19 Remote Services in Different Countries https://isc.sans.edu/forums/diary/Couple+of+interesting+Covid19+related+stats/26374/ Adobe Patches Photoshop https://helpx.adobe.com/security/products/bridge/apsb20-44.html https://helpx.adobe.com/security/products/photoshop/apsb20-45.html Citrix Workspace App Vulnerability https://www.pentestpartners.com/security-blog/raining-system-shells-with-citrix-workspace-app/ Microsoft Publishes Sysinternals Procmon for Linux https://github.com/microsoft/ProcMon-for-Linux

Sextortion Follow the Money Wrapup https://isc.sans.edu/forums/diary/Sextortion+Update+The+Final+Final+Chapter/26334/ "BadPower" USB-C Charger Firmware Weakness (link in chinese) https://xlab.tencent.com/cn/2020/07/16/badpower/ Zoom Phishing https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/ Microsoft Office TLS 1.x Phaseout https://docs.microsoft.com/en-us/microsoft-365/compliance/prepare-tls-1.2-in-office-365?view=o365-worldwide

#SigRed Update https://isc.sans.edu/forums/diary/Hunting+for+SigRed+Exploitation/26362/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/ Exploitation of ZeroShell Routers https://isc.sans.edu/forums/diary/Scanning+Activity+for+ZeroShell+Unauthenticated+Access/26368/ Zone.Identifier: A Coupe of Observations https://isc.sans.edu/forums/diary/ZoneIdentifier+A+Coupe+Of+Observations/26366/ Forgotten tcpdump Options https://showmethepackets.com/index.php/2020/07/18/a-few-forgotten-tcpdump-options/

Twitter Compromise https://twitter.com/TwitterSupport/status/1283591846464233474?s=20 SIGRed PoC hxxps://github.com/maxpl0it/CVE-2020-1350-DoS Apple Updates https://support.apple.com/en-us/HT201222 SAP PoC Exploit Code Published https://github.com/chipik/SAP_RECON https://us-cert.cisa.gov/ncas/alerts/aa20-195a SANS.edu Student: Aaron Elyard: KITT https://www.sans.org/reading-room/whitepapers/OpenSource/improving-analyst-efficiency-office365-business-email-compromise-investigation-scenarios-implementation-open-source-tools-39655 KITT: https://github.com/intrepidtechie/KITT-O365-Tool

MSFT DNS Server Vulnerability https://isc.sans.edu/forums/diary/PATCH+NOW+SIGRed+CVE20201350+Microsoft+DNS+Server+Vulnerability/26356/ https://www.sans.org/webcasts/about-windows-dns-vulnerability-cve-2020-1350-116120 Outlook Crashes After Patch Tuesday Updates https://www.reddit.com/r/sysadmin/comments/hrq0mn/outlook_immediately_crashing_on_open_after/fy5nnx2/ Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpujul2020.html Cisco Backdoors https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities