SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Verizon Webmail XSS Exploit https://randywestergren.com/persistent-xss-verizons-webmail-client/ Blocking Powershell Connections via Windows Firewall https://isc.sans.edu/forums/diary/Blocking+Powershell+Connection+via+Windows+Firewall/21829/ Exploit Kits Delivering Cerber Ransomware https://isc.sans.edu/forums/diary/One+if+by+email+and+two+if+by+EK+The+Cerbers+are+coming/21823/ More Security Companies joining "No More Ransom" https://www.nomoreransom.org IT Contractor Trying to Take Over Radio Station https://regmedia.co.uk/2016/12/16/kcohvtaylorfiling.pdf Holiday Safe Computing Tips https://isc.sans.edu/forums/diary/Holiday+Safe+Computing+Tips/21827/

Domain Cops Malware Analysis https://isc.sans.edu/forums/diary/Domaincop+malpsam/21821/ OS X Filevault Password Retrieval http://blog.frizk.net/2016/12/filevault-password-retrieval.html QEMU/Xen Vulnerability http://xenbits.xen.org/xsa/advisory-199.html DNS Changer Attacking Home Routers https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices

Malicious JavaScript Bypasses UAC https://isc.sans.edu/forums/diary/UAC+Bypass+in+JScript+Dropper/21813/ Skype Unauthorized API Access Blocked https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-OS-X/?page=1&year=0&month=0 Facebook Anounces Certificate Transparency Monitoring Tool https://www.facebook.com/notes/protect-the-graph/introducing-our-certificate-transparency-monitoring-tool/1811919779048165 Another Tor Browser (and Firefox) Bug Fixed https://blog.torproject.org/blog/tor-browser-608-released Cheap Android Phones Arrive With Malware Preinstalled https://news.drweb.com/show/?i=10345&lng=en Exploit for Nagios https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html

Microsoft Patch Tuesday + Adobe Flash https://isc.sans.edu/mspatchdays.html?viewday=2016-12-13 Apple Updates https://support.apple.com/en-us/HT201222 More Netgear Products Vulnerable; Beta Patch Available http://kb.netgear.com/000036386/CVE-2016-582384?cid=wmt_netgear_organic iOS Profile Vulnerability PoC Available https://cxsecurity.com/issue/WLB-2016110046

Apple Releases Patches for iOS/WatchOS and tvOS https://support.apple.com/en-us/HT201222 Windows 8/10 Update Causing DHCP Problems https://community.plus.net/t5/Broadband/Windows-8-10-Issues/m-p/1393675#M310992 McAfee VirusScan Enterprise for Linux Vulnerabilities https://nation.state.actor/mcafee.html Snowball Marketing for Ransomware https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/ Europol Arrests DDoS Miscreants http://www.theregister.co.uk/2016/12/12/europol_arrests_34_ddos_kiddies/ 5 Questions to Ask you IoT Vendor https://isc.sans.edu/forums/diary/5+Questions+to+Ask+your+IoT+Vendors+But+Do+Not+Expect+an+Answer/21807/

Malware Uses NTP to Prevent Reverse Analsys https://isc.sans.edu/forums/diary/Sleeping+VBS+Really+Wants+To+Sleep/21801/ PwC ACE Tool For SAP Introduces Security Vulnerability into SAP http://seclists.org/fulldisclosure/2016/Dec/33 Steganography Used to Hide Exploits in Images https://isc.sans.edu/forums/diary/Steganography+in+Action+Image+Steganography+StegExpose/21803/ Netgear R7000 and R6400 Aribtrary Command Execution http://www.kb.cert.org/vuls/id/582384 Holiday Hack Challenge https://holidayhackchallenge.com

Domaincops Malware https://isc.sans.edu/forums/diary/Good+Cop+Bad+Cop+Domain+Cop/21795/ Yahoo Mail Persistent XSS https://klikki.fi/adv/yahoo2.html Trend Office Scan False Positives https://www.reddit.com/r/sysadmin/comments/5gs2gv/anyone_else_also_affected_by_a_deleted/ Linux Privilege Escalation due ot af_packet.c race condition http://seclists.org/oss-sec/2016/q4/607

Attackers are using AV Exclusion Lists to Bypass AV http://www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour/ Android Update Patches "Dirty Cow" https://source.android.com/security/bulletin/2016-12-01.html "Goldeneye" Ransomware May Use Stolen Data For Realistic E-Mails https://www.heise.de/security/meldung/Goldeneye-nutzt-Informationen-vom-Arbeitsamt-fuer-aeusserst-gezielte-Angriffe-3564386.html Firefox Cross Domain Cookie Vulnerability https://insert-script.blogspot.ch/2016/12/firefox-svg-cross-domain-cookie.html

Attacking NoSQL Applications https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications/21787/ Heap Buffer Overflow in Encase Forensic Imager https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161128-0_Guidance_Software_Encase_DoS_heap_buffer_overflow_vulnerabilities_v10.txt Raspbian To Increase Default Security https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel/ SONY Camera Backdoor https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt Feedback: https://isc.sans.edu/contact.html

Video Walk Through: Analysing Hancitor Malicious Document https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Videos/21783/ Rapid Distributed Credit Card Number Brute Forcing http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf Cloudflare Detecting Large DDoS Attacks Over Thanksgiving / Cyber Monday https://blog.cloudflare.com/the-daily-ddos-ten-days-of-massive-attacks/ Free Windows Tool to Harden Networks: SAMRi10 https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b NY State Outlawing Automated Ticket Purchasing Software https://www.nysenate.gov/legislation/bills/2015/S8123