SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Passive DNS Investigating Security Incidents with Passive DNS Bypassing Domain Authentication https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c DNSMasq Vulnerabilities https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Who's Borrowing Your Resources. Javascript Monero Miners on Video Sites https://isc.sans.edu/forums/diary/Whos+Borrowing+your+Resources/22882/ OS X Silently Patches Javascript Quarantine Bypass https://www.wearesegment.com/research/Mac-OS-X-Local-Javascript-Quarantine-Bypass.html Apple EFI Updates Often Not Applied https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research

Dealing With Massive Packet Captures https://isc.sans.edu/forums/diary/The+easy+way+to+analyze+huge+amounts+of+PCAP+data/22876/ Illusion Gap Anti-Virus Bypass https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/ DNSSEC KSK Update Delayed https://www.icann.org/news/announcement-2017-09-27-en Linux PIE/Stack Corruption https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt

Everything You Ever Wanted To Know About JPEGs (and more) https://isc.sans.edu/forums/diary/It+is+a+resume+Part+3/22808/ Linux 4.14 Memory Encryption https://lwn.net/Articles/686808/ CLKSCREW: Exposing Secure Enclaves via Energy Management https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf ~ ~ ~ ~

XPCTRA Steals Banking / Cryptocurrency Info https://isc.sans.edu/forums/diary/XPCTRA+Malware+Steals+Banking+and+Digital+Wallet+Users+Credentials/22868/ Vulnerable Mobile Investment Applications http://blog.ioactive.com/2017/09/are-you-trading-securely-insights-into.html iOS WiFi Exploit PoC Code Published https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 Android Malware Exploiting "Dirty Cow" http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/

macOS High Sierra Security Updates https://support.apple.com/en-us/HT201222 Possible macOS Keychain Leak https://twitter.com/patrickwardle/status/912254053849079808 Monero Cryptocoin Miner Found on Showtime Website https://badpackets.net/coinhive-miner-found-on-official-showtime-network-websites-in-latest-case-of-cryptojacking/

Forensic Use of "mount --bind" https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/ Adobe Publishes Secret PGP Key By Mistake https://twitter.com/jupenur/status/911286403434246144 AVAST Publishes CCleaner Update https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident Compromised Android Keyboard App https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/

More (Likely Fake) DDoS Extortion Attempts https://isc.sans.edu/forums/diary/Emails+threatening+DDoS+allegedly+from+Phantom+Squad/22856/ CVE-2017-8759 Used in Cyber Crime Attacks https://isc.sans.edu/forums/diary/Email+attachment+using+CVE20178759+exploit+targets+Argentina/22850/ CCleaner Command and Control Server http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html?m=1 Vulnerability in Intel Managment Engine Can Lead to Execution of Unsigned Code https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668

Newest Locky Update: RAR Attachments and "Invoice" E-Mails https://isc.sans.edu/forums/diary/Ongoing+Ykcol+Locky+campaign/22848/ Viacom S3 Bucket Leak https://www.upguard.com/breaches/cloud-leak-viacom iOS 11 Outlook.com Bug https://support.apple.com/en-us/HT208136

Mac-Robber Python Rewrite https://isc.sans.edu/forums/diary/New+tool+macrobberpy/22844/ Apache Tomcat Patch https://www.us-cert.gov/ncas/current-activity/2017/09/19/Apache-Releases-Security-Updates-Apache-Tomcat Apple Updates For iOS, Xcode, tvOS, watchOS and Safari https://support.apple.com/en-us/HT201222