SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Multiple Vulnerabilites in tcpdump https://isc.sans.edu/forums/diary/Multiple+Vulnerabilities+in+tcpdump/22017/ Quick Analysis of Data Left Available by Attackers https://isc.sans.edu/forums/diary/Quick+Analysis+of+Data+Left+Available+by+Attackers/22015/ Securing The Human Ouch! Newsletter https://securingthehuman.sans.org/ouch/ Redis CSRF Vulnerability Exploit https://github.com/dxa4481/whatsinmyredis

Fileless UAC Bypass Used to Drop Keybase Malware https://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/ Apple Removes Activation Lock Test Tool After Abuse https://www.macrumors.com/2017/01/30/activation-lock-website-used-in-hack/ Multiple Vulnerabilities in tcpdump https://www.debian.org/security/2017/dsa-3775 Postscript Printer Vulnerabilities http://seclists.org/fulldisclosure/2017/Jan/89 Stop Disabling SELinux https://learntemail.sam.today/blog/stop-disabling-selinux:-a-real-world-guide/

py2exe Decompiling Part 2 https://isc.sans.edu/forums/diary/py2exe+Decompiling+Part+2/22005/ Telemarketer Leaks Call Recordings https://mackeeper.com/blog/post/326-telemarketing-company-leaks-400k-of-sensitive-files Facebook Introduces Delegated Recovery Protocol https://github.com/facebookincubator/DelegatedRecovery/ https://raw.githubusercontent.com/facebookincubator/DelegatedRecovery/master/draft-hill-delegated-recovery.raw.txt Another Cisco WebEx Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Cryptkeeper Does Not Correctly Encrypt Folders https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751

Port 5358 Scans for Devices https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/ OpenSSH Vulnerablity http://www.openwall.com/lists/oss-security/2017/01/26/2 Ransomware Hits Traffic Cameras in DC https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html Hotel Hit By Ransomware http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms Not So Private Android VPNs http://www.icir.org/vern/papers/vpn-apps-imc16.pdf Google Starting its own Certificate Authority https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html

IOCs: Risks of False Positive Floods https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/ Android Ransomware in Google Play Store http://blog.checkpoint.com/2017/01/24/charger-malware/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html#y2017 Facebook To Implement U2F (FIDO) Login https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766 WebEx Update https://bugs.chromium.org/p/project-zero/issues/detail?id=1100

Cisco WebEx Remains Vulnerable. Other Browsers Affected https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Malicious SVG Files Fund in the Wild https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/ W2 Scams Hitting Again http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html XXE Entity Vulnerability in Uber https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1 Firefox 51 Released https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/

Cisco Releases Patch for Chrome Webex Plugin https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/ Companies Fall For Fake Ransomware https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/ systemd priviledge escalation vulnerablity http://www.openwall.com/lists/oss-security/2017/01/24/4 nginx update released http://nginx.org/en/CHANGES

Experimenting With IPv6 Fragments https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/ Apple Updates Everything https://support.apple.com/en-us/HT201222 WebEx Secret Install URL https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 Vulnerability in Symantec Norton Download Manager https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00 Exploit for Microsoft RDC Client on Mac https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution

Sage 2.0 Ransomware https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/ Starwars Twitter Botner https://regmedia.co.uk/2017/01/20/starwarsbotnet.pdf Symantec Messes Up SSL Certificates Again https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg05455.html Github CSP Experiences https://githubengineering.com/githubs-post-csp-journey/ Podcast Survey https://www.surveymonkey.com/r/sbn2017

Open Hadoop Instances Are At Risk http://www.threatgeek.com/2017/01/open-hadoop-installs-wiped-worldwide.html Upcoming SHA-1 Deadlines https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ Google "Verify Apps" Algorithm https://blog.google/topics/connected-workspaces/silence-speaks-louder-words-when-finding-malware/ Practical JSONP Injection https://securitycafe.ro/2017/01/18/practical-jsonp-injection/ Necurs Decline Huring Loky Distribution http://blog.talosintel.com/2017/01/locky-struggles.html