SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Analyzing a Word Document Used in a Pentest https://isc.sans.edu/forums/diary/Is+this+a+pentest/23283/ Analyzing BITS Activity https://isc.sans.edu/forums/diary/Investigating+Microsoft+BITS+Activity/23281/ CryptoJacking on YouTube due to Malicious Ads https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/ Coincheck Hack Nets 400M USD https://coincheck.com/en/blog/4673 PHPBB Mirror Compromissed https://www.phpbb.com/community/viewtopic.php?f=14&t=2456896 Microsoft Disables Sepctre Variant 2 Patches https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2

Ransomware As a Service https://isc.sans.edu/forums/diary/Ransomware+as+a+Service/23277/ libcurl Vulnerability http://seclists.org/oss-sec/2018/q1/94 Hide 'N Seek IoT Botnet https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/ Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments https://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245

RTF Files For Hancitor Utilize Exploit for CVE-2017-11882 https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/ Electron Fixes Protocol Handlers Flaw https://electronjs.org/blog/protocol-handler-fix Xerox Workcenters Fudge Numbers http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning? Tracking Users Using CSS https://github.com/jbtronics/CrookedStyleSheets

Apple Patches Everything, Again https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23269/ OpenSSL Introduces its Version of a "Patch Tuesday" https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ "Rapid" Ransomware https://id-ransomware.blogspot.ru/2018/01/rapid-ransomware.html (Russian) https://www.bleepingcomputer.com/forums/t/667032/rapid-ransomware-rapid-paymeme-how-recovery-filestxt-support-topic/page-2

HTTPs on Every Port https://isc.sans.edu/forums/diary/HTTPS+on+every+port/23261/ Curl over TOR https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor/23257/ Spectre/Meltdown Microcode Patch Problems https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/ https://lkml.org/lkml/2018/1/21/192 DNS Rebinding Attacks Against Geth https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/ Chinese Quantum Cryptography Satellite Link Transmits Intercontinental Videolink https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.120.030501

Analyzing an RTF Phishing Document https://isc.sans.edu/forums/diary/An+RTF+phish/23255/ Satori Variant Steals ETH from Miners http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by-replacing-wallet-address-en/ Evrial Trojan Modifies Copy / Pasted Bitcoin Addresses https://twitter.com/malwrhunterteam/status/953313514629853184 Legal Challenges of Bug Bounties https://www.heise.de/security/meldung/US-Bug-Bountys-lassen-gute-Hacker-in-die-Falle-tappen-3946508.html

Oracle E-Business Suite Server Can Be Attackt via WebLogic https://www.onapsis.com/blog/oracle-january-cpu-analysis-64-patches-affect-business-critical-applications Microsoft Resumes Patches for AMD Systems https://www.amd.com/en/corporate/speculative-execution Speculations About Yet Another CPU Attack https://skyfallattack.com Smiths Medfusion 4000 Vulnerabilities https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md#summary

Reviewing the Spam Filters: Malspam Pushing Gozi-ISFB https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245/ Auditing Secure USB Keys https://www.j-michel.org/blog/2018/01/16/attacking-secure-usb-keys-behind-the-scene Malicious Open Graph title Tag Crashes iMessage https://www.macrumors.com/2018/01/16/malicious-link-ios-mac-freezes/ BIND Fixes DoS Vulnerablity https://kb.isc.org/article/AA-01542

WebLogic Flaw Used to Install Monero Crypto Coin Miner https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/ Fake Anti-Virus Pages Poppding Up Like Weeds https://isc.sans.edu/forums/diary/Fake+antivirus+pages+popping+up+like+weeds/23207/ Apple Spectre/Meltdown Patches https://support.apple.com/en-us/HT201222 Meltdown Patch Fallout https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43600/?l=en_US&fs=Search&pn=1&atype= https://forums.sandboxie.com/phpBB3/viewtopic.php?t=25114 https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software WPA3 Announced https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements

Campaign is using a recently released WebLogic exploit to deploy a Monero miner https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/ Misc News about Meltdown and Spectre https://www.qualcomm.com/company/product-security/bulletins AMD Processor Flaw http://seclists.org/fulldisclosure/2018/Jan/12 Western Digital MyCloud Backdoor http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125