SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Securing the Human Newsletter https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201610_en.pdf "Security Fatigue" https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly "Selfi Pay" Facial Recognition http://www.theregister.co.uk/2016/10/05/mastercard_selfie_pay/ "MarsJoke" Ransomware Decrypted https://threatpost.com/researchers-break-marsjoke-ransomware-encryption/121022/

SSL Requests to Non-SSL Web Servers https://isc.sans.edu/forums/diary/SSL+Requests+to+nonSSL+HTTP+Servers/21551/ Insulin Pump Vulnerablities https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump SSH Konami Codes http://pen-testing.sans.org/blog/2015/11/10/protected-using-the-ssh-konami-code-ssh-control-sequences Cyber Security Awareness Month https://securingthehuman.sans.org/blog/2016/10/02/week01-kicking-off-ncsam/ OpenJPEG Flaw http://blog.talosintel.com/2016/09/vulnerability-spotlight-jpeg2000.html

Password Buddies https://isc.sans.edu/forums/diary/Password+Buddies+A+Better+Way+To+Reset+Passwords/21547/ iMessage Data Leakage http://rsmck.co.uk/blog/imessage-preview/ Exploiting HP Thin Client http://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html

The Short Life of a Vulnerable DVR Connected to the Internet https://isc.sans.edu/forums/diary/The+Short+Life+of+a+Vulnerable+DVR+Connected+to+the+Internet/21543/ Another Day, Another Malicious Behaviour https://isc.sans.edu/forums/diary/Another+Day+Another+Malicious+Behaviour/21539/ Capcom's Streetfighter V Anti Cheat Tool Allows Privilege Escalation https://twitter.com/TheWack0lian/status/779397840762245124/photo/1?ref_src=twsrc%5Etfw Apple Joins Mozilla In Distrusting WoSign https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/lWJ1zdUJPLI "Footprints" Browser Extension Demonstrate Unmasking User's Idendity https://footprints.stanford.edu

Turning the lights off with SNMP https://isc.sans.edu/forums/diary/SNMP+Pwn3ge/21533/ Yahoo! Anwers Used in Command and Control Networks http://researchcenter.paloaltonetworks.com/2016/09/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/ Dlink Router Includes Stupid Simple UDP Backdoor https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html Hikvision XXE Vulnerability https://medium.com/@iraklis/an-unlikely-xxe-in-hikvisions-remote-access-camera-cloud-d57faf99620f#.qukzihoew

Rig Exploit Kit Used to Spread Locky Ransomware https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+from+the+Afraidgate+Campaign/21531/ Facebook Releases osquery for Windows https://blog.trailofbits.com/2016/09/27/windows-network-security-now-easier-with-osquery/ Update Cowrie and "New" Default Password used in Internet Wide Scans https://isc.sans.edu/ssh.html?pw=xc3511 BIND Name Server Update https://kb.isc.org/article/AA-01393/74/CVE-2016-2775%3A-A-query-name-which-is-too-long-can-cause-a-segmentation-fault-in-lwresd.html Various Cisco DoS Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x?product=NonCisco#~Vulnerabilities

Back in Time Memory Forensics https://isc.sans.edu/forums/diary/Back+in+Time+Memory+Forensics/21527/ Cameras Responsible For Large DDoS Attacks https://twitter.com/olesovhcom/status/779297257199964160 Google Releases CSP Support Tools https://csp-evaluator.withgoogle.com https://chrome.google.com/webstore/detail/csp-mitigator Microsoft Launches "fuzzing-as-a-service" https://www.microsoft.com/en-us/springfield/

Decompiling P-Code https://isc.sans.edu/forums/diary/VBA+and+Pcode/21521/ Lenovo To Add FIDO Compliant Fingerprint Reader http://www.theregister.co.uk/2016/09/26/intel_and_lenovo_give_the_finger_to_passwords_with_fido/ More Details On Simpler Password Hasing in iOS 10 https://twitter.com/thorsheim/status/779207177416351744 Mozilla to Remove WoSign and StartCom From Trusted List https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview

Analyzing Malicious .PUB files https://isc.sans.edu/forums/diary/PUB+Analysis/21517/ iOS 10 Backup Passwords Easier to Crack http://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/ Windows 10 Certificate Pinning of Microsoft Domains http://hexatomium.github.io/2016/09/24/hidden-w10-pins/ IBM Geoblocking Fail For Australian Census http://www.aph.gov.au/DocumentStore.ashx?id=124f22ba-caaa-46ff-899d-7d96851fee3e&subId=414127 97% Of Fortune 1000 Companies Have Leaked Credentials http://info.digitalshadows.com/rs/457-XEY-671/images/CompromisedCredentials-LearnFromtheExposureoftheWorlds1000BiggestCompanies-Download.pdf

OpenSSL Security Update https://isc.sans.edu/forums/diary/OpenSSL+Update+Released/21509/ ATM Skimmer Prototypes To Collect Fingerprints https://securelist.com/files/2016/09/16_09_en.pdf Yahoo! Breach Leaks 500M User's Data https://yahoo.tumblr.com/post/150781911849/an-important-message-about-yahoo-user-security