SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Apple Releases Security Update 2017-001 To Fix Passwordless Root Bug https://support.apple.com/en-us/HT208315 Insecure Android Crypto Currency Wallets https://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html Coinhive Miner Now As Pop-Under https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/ Fileless Malicious PowerShell Sample https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/ .dev TLD Now Requires HTTPS in Chrome http://www.theregister.co.uk/2017/11/29/google_dev_network/

Password Less Root Account Allows for Trivial Privilege Escalation on MacOS High Sierra https://twitter.com/lemiorhan/status/935578694541770752 https://support.apple.com/en-us/HT204012 Defeating Facial Recognition https://arxiv.org/abs/1711.09001 Bitcoin Gold Wallet App Compromise https://bitcoingold.org/critical-warning-nov-26/ Project Exodus Identified Trackers in Android Apps https://reports.exodus-privacy.eu.org/reports/apps/

Golden SAML Ticket Attack https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/ Facebook Poll Image Vulnerability https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html

Critical Exim Mail Server Vulnerability (Exploit released!) https://bugs.exim.org/show_bug.cgi?id=2199 CoinPouch "Verge" Token Loss http://www.documentcloud.org/documents/4309909-StatementonVerge-11-21-17.html Bitcoin Routing Attacks https://btc-hijack.ethz.ch Scanning Ethereum Smart Contracts For Vulnerabilities https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df Fortiweb Manager Vulnerability https://fortiguard.com/psirt/FG-IR-17-248

Ethereum JSON-RPC Scans https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/ Updated OWASP Top 10 Released https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf TPLink Often Provides Outdated Firmware Version For Download https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads

Intel Patches Several Vulnerabilities in its Management Engine https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr Sandsifter CPU Fuzzer https://github.com/xoreaxeaxeax/sandsifter/ Android MediaProjection API Allows For Screen Capture / Audio Recording Without User Consent https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-MediaProjection-tapjacking-advisory-2017-11-13.pdf BusyBox Autocompletion Vulnerability https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/

Bitcoin Pickpockets Scanning For Wallets https://isc.sans.edu/forums/diary/BTC+Pickpockets/23052/ Resume-themed Malspam Pushing Smoker Loader https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/ F5-BigIP TLS Vulnerability https://support.f5.com/csp/article/K21905460 Microsoft Updates Patches / May Have Lost Sourcecode https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html http://borncity.com/win/2017/11/17/microsoft-confirms-epson-dot-matrix-printer-issue-after-november-2017-patchday-here-are-fixes/ Windows 8 And Later Fail To Apply ASLR Correctly https://www.kb.cert.org/vuls/id/817544 StartCom TLS Certificate Authority Shutting Down http://www.zdnet.com/article/startcom-to-shut-down-all-certificates-revoked-in-2020/

A Domain Dashboard For Splunk https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/ Oracle Critical PeopleSoft Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW GitHub Introducing Security Alerts for Dependencies https://github.com/blog/2470-introducing-security-alerts-on-github Exposing IP Addresses For Hidden Services http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001

Malicious Document Turns Off Word Macro Protections https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/ Blueborne Affects Amazon Echo and Google Home Devices (now patched) http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf More Malicious Apps In Google's Play Store https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/ OnePlus Phones Found With Preinstalled Debug App https://twitter.com/fs0c131y https://twitter.com/__Tux/status/754085708843786240

Microsoft Patch Tuesday Updates https://helpx.adobe.com/security.html Adobe Patches https://helpx.adobe.com/security.html Abusing Anti-Virus Quarantine Folders for Priv. Escalation https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/