SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Mole Ransomware Delivered via Fake USPS E-Mails https://isc.sans.edu/forums/diary/Malspam+on+20170411+pushes+yet+another+ransomware+variant/22290/ Identifying HTTPS-Protected Netflix Videos in Real-Time https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf SMS Messages Used to Control Oven https://www.pentestpartners.com/blog/iot-Aga-cast-iron-security-flaw/ Android Hardening TLS Use https://android-developers.googleblog.com/2017/04/android-o-to-drop-insecure-tls-version.html

MSFT/Adobe Patch Tuesday https://isc.sans.edu/forums/diary/April+2017+Microsoft+Patch+Tuesday/22288/ Solaris 0-Day https://twitter.com/hackerfantastic/status/851555538597011460 OWASP Top 10 Update https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf

TPLink Modem Responds With Admin Password to SMS http://www.theregister.co.uk/2017/04/10/tplink_3gwifi_modem_spills_credentials_to_an_evil_text_message/ Fake Google Map Weblinks https://www.bleepingcomputer.com/news/google/thousands-of-fake-google-maps-listings-redirect-users-to-fraudulent-sites-each-month/ Apple Fixes Apple Music For Android http://seclists.org/bugtraq/2017/Apr/26 Dalles Sirens Hacked via Wireless Attacks http://www.theregister.co.uk/2017/04/10/hackers_set_off_dallas_emergency_siren_system/ NATO Discovers (finally?) that IPv6 Can be Used As a Covert Channel https://t.co/FvSSwhtUH7

Domain Whitelisting with Alexa and Umbrella Lists (and update) https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists/22270/ https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists+update/22274/ SANS Security West (San Diego) https://www.sans.org/event/sans-security-west-2017 Dallas Tornado Sirens Hacked https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/?utm_term=.ca706deea318 Shadowbroker Files https://github.com/x0rz/EQGRP Word Vulnerability https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/

Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks https://www.sec.cs.tu-bs.de/pubs/2017-asiaccs.pdf Cisco Aironet Default Credentials https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame Intercepting Two-Factor Authentication https://breakdev.org/evilginx-advanced-phishing-with-two-factor-authentication-bypass/ QNAP NAS Vulnerabilities https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt

Whitelists: The Holy Grail of Attackers https://isc.sans.edu/forums/diary/Whitelists+The+Holy+Grail+of+Attackers/22262/ Java Struts2 Vulnerability Used To Install Ransomware https://isc.sans.edu/forums/diary/Java+Struts2+Vulnerability+Used+To+Install+Cerber+Crypto+Ransomware/22264/ Brazilian Bank Looses Control Over Domains https://threatpost.com/lessons-from-top-to-bottom-compromise-of-brazilian-bank/124770/ Google Android April Patch Day https://source.android.com/security/bulletin/2017-04-01#security-vulnerability-summary Radware Observes "BrickerBot" Destroying Devices https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/ Struts2 Vulnerability Webcast https://www.sans.org/webcasts/struts-shock-current-attacks-struts2-defend-104787

Exploiting Broadcom's Wi-Fi Stack https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html Covert Channel Between Virtual Machines Via CPU Cache https://cmaurice.fr/pdf/ndss17_maurice.pdf 40 Vulnerabilities in Samsung Tizen https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities

Apple Releases iOS 10.3.1 to Remedy Wifi Remote Code Execution https://support.apple.com/en-us/HT207688 Practical Use of SHA1 Collisions: ISO Images https://isc.sans.edu/forums/diary/A+Practical+Use+for+a+SHA1+Collision/22257/ Microsoft Defender False Positive https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FBluber.A Cracking Weak Session Secrets https://martinfowler.com/articles/session-secret.html Skype Malvertising Advertises Fake Flash Players https://www.bleepingcomputer.com/news/security/skype-malvertising-campaign-pushes-fake-flash-player/

Google Discovers More LastPass Vulnerabilities; https://bugs.chromium.org/p/project-zero/issues/detail?id=1225&desc=6 Attacking KeePass https://www.slideshare.net/harmj0y/a-case-study-in-attacking-keepass https://github.com/HarmJ0y/KeeThief Bypassing Cylance http://www.blackhillsinfosec.com/?p=5792 Mimi Penguin: Extracting Credentials From Memory on Linux Tools https://github.com/huntergregal/mimipenguin Windows 2003 / IIS 6 Exploit https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html https://github.com/rapid7/metasploit-framework/pull/8162

Diverting built-in features for the bad https://isc.sans.edu/forums/diary/Diverting+builtin+features+for+the+bad/22250/ Fake Job Offers to GitHub Developers Include Malware http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/ Drones With Lasers! https://arxiv.org/pdf/1703.07751.pdf