SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

US-Cert Considers Netbios/SMBv1 Harmfull https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices IPv6 Atomic Fragments Can Lead to DDoS Attack https://tools.ietf.org/html/rfc8021 Facebook Was Affectd by ImageTragick Flaw http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html Malwarebytes Identifies Old Mac Backdoor https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/ Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA

domain_stats.py: A Web API For SEIM Phishing Hunts; https://isc.sans.edu/forums/diary/domainstatspy+a+web+api+for+SEIM+phishing+hunts/21943/ Mutiple RCE in ZyXEL/Billion/True Online Routers http://seclists.org/fulldisclosure/2017/Jan/40 Dovecot Passes Security Audit https://wiki.mozilla.org/images/4/4d/Dovecot-report.pdf Dutch Web Developers Left Backdoors Behind http://www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_backdoors_for_carding/ Mobile Applications Contain Secrets https://hackernoon.com/we-reverse-engineered-16k-apps-heres-what-we-found-51bdf3b456bb

Whitelisting File Extensions in Apache https://isc.sans.edu/forums/diary/Whitelisting+File+Extensions+in+Apache/21937/ Wordpress 4.7.1 Updates PHPMailer https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ Tricky Phishing Attacks Harvesting Google Passwords https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ More Refined Browser Fingerprinting Via GPU Features https://drive.google.com/file/d/0B4s900Byvv1ibW5uc1NiU2g3R3c/view

Backup Files Are Good if They are Outside Your Web Servers Document Root https://isc.sans.edu/forums/diary/Backup+Files+Are+Good+but+Can+Be+Evil/21935/ Exploiting Apache Server Status http://blog.mazinahmed.net/2017/01/exploiting-misconfigured-apache-server-status-instances.html WhatsApp Backdoor Controversy https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/ Hardening Windows 10 https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/ Injecting JavaScript Into PDFs http://insert-script.blogspot.in/2016/10/pdf-how-to-steal-pdfs-by-injecting.html

System Resources Utilization Monitor #SRUM https://isc.sans.edu/forums/diary/System+Resource+Utilization+Monitor/21927/ Docker Fixes Privilege Escalation Vulnerability http://seclists.org/fulldisclosure/2017/Jan/21 Taking Over Expired Name Servers https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/ Updated Certificate Revocation Data https://isc.sans.edu/crls.html Shadow Broker Releasing More Tools and Going Dark https://heimdalsecurity.com/blog/security-alert-the-shadow-brokers-windows-hacking-tools/ Extracting Fingerprints from Selfies http://www.japantimes.co.jp/news/2017/01/11/national/crime-legal/researchers-warn-fingerprint-theft-peace-sign/

Hancitor/Pny/Vawtrak installed by Malicious Word Document in Fake Parking Ticket E-Mail https://isc.sans.edu/forums/diary/HancitorPonyVawtrak+malspam/21919/ Godaddy Revokes > 6,000 SSL Certs After Validation Bug https://www.godaddy.com/garage/godaddy/information-about-ssl-bug/ DVR Master Password List Leaked https://www.pentestpartners.com/blog/leaked-dvr-creds-added-to-the-iot-fail-list/ Autofill Enables Information Leakage https://github.com/anttiviljami/browser-autofill-phishing

Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/January+2017+Microsoft+Patch+Tuesday/21915/ Adobe Patch Tuesday Summary https://isc.sans.edu/forums/diary/Adobe+January+2017+Patches/21917/ Port 37777 "MapTable" Requests https://isc.sans.edu/forums/diary/Port+37777+MapTable+Requests/21913/ CVE 2016-7200/7201 Exploit Included in Sundown Exploit Kit http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html

Damn Vulnerable Web Sockets (DVWS) Demonstrates WebSocket Vulnerabilities https://github.com/interference-security/DVWS St. Jude Medical Patches Vulnerable Cardiac Devices https://threatpost.com/st-jude-medical-patches-vulnerable-cardiac-devices/122955/ Cracking Hashes of Passwords 12 Characters and Longer http://www.netmux.com/blog/cracking-12-character-above-passwords VNC Library Update https://www.debian.org/security/2017/dsa-3753

Careful With Security Tools That Submit Files to Virustotal https://isc.sans.edu/forums/diary/Great+Misadventures+of+Security+Vendors+Absurd+Sandboxing+Edition/21895/ Vulnerable Security Tools Can Be Used Against You https://isc.sans.edu/forums/diary/Using+Security+Tools+to+Compromize+a+Network/21903/ Elaborate Ransomware Attacks http://www.actionfraud.police.uk/news/department-of-education-ransomware-alert-jan17 E-Mail and iTunes Popup Extortion https://blog.malwarebytes.com/101/mac-the-basics/2017/01/tech-support-scam-page-attempts-denial-of-service-via-mail-app/

Google.com.br DNS Hijack https://www.linkedin.com/pulse/googlecombr-hacked-renato-marinho Attackers Use Stolen Passwords To Take Over Spreadshirt.com Accounts. https://www.heise.de/security/meldung/Angriff-auf-Spreadshirt-Konten-3589579.html (sorry, only in German) Ransomware Adding DDoS Component https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/ Old Malware Returning in Targeted Attacks https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose